Last active
December 25, 2015 11:49
-
-
Save Apsu/6971530 to your computer and use it in GitHub Desktop.
Chef environment reconfiguration wrapper and helpers. This setup assumes you have GNU parallel installed. The list of nodes and their names are at the top of the "reconfigure" script. There's also an example environment file "grizzly.json". Modify both to suit your needs.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
chef-server-ctl uninstall | |
dpkg -P chef-server | |
apt-get autoremove -y | |
apt-get purge -y | |
rm -rf /etc/chef-server /etc/chef /opt/chef-server /opt/chef /root/.chef /var/opt/chef-server/ /var/chef /var/log/chef-server/ | |
sed -i '/export PATH=\${PATH}:\/opt\/chef-server\/bin/d' /root/.bash_profile | |
pkill -9 -f /opt/chef | |
pkill -9 -f beam | |
pkill -9 -f postgres |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"name": "grizzly", | |
"description": "OpenStack Grizzly", | |
"cookbook_versions": { | |
}, | |
"json_class": "Chef::Environment", | |
"chef_type": "environment", | |
"default_attributes": { | |
}, | |
"override_attributes": { | |
"glance": { | |
"image_upload": true, | |
"images": [ | |
"cirros", | |
"precise" | |
] | |
}, | |
"nova": { | |
"network": { | |
"provider": "quantum" | |
} | |
}, | |
"rabbitmq": { | |
"use_distro_version": false | |
}, | |
"quantum": { | |
"ovs": { | |
"network_type": "gre", | |
"provider_networks": [ | |
{ | |
"label": "ph-10g", | |
"bridge": "br-10g", | |
"vlans": "1:1000" | |
} | |
] | |
} | |
}, | |
"ha": { | |
"available_services": { | |
"quantum-server": { | |
"lb_options": [ | |
"forwardfor", | |
"httpchk", | |
"httplog", | |
"activebackup" | |
] | |
} | |
} | |
}, | |
"vips": { | |
"rabbitmq-queue": "10.127.83.100", | |
"horizon-dash": "10.127.83.101", | |
"quantum-api": "10.127.83.101", | |
"horizon-dash_ssl": "10.127.83.101", | |
"keystone-service-api": "10.127.83.101", | |
"keystone-admin-api": "10.127.83.101", | |
"keystone-internal-api": "10.127.83.101", | |
"nova-xvpvnc-proxy": "10.127.83.101", | |
"nova-api": "10.127.83.101", | |
"nova-ec2-public": "10.127.83.101", | |
"nova-novnc-proxy": "10.127.83.101", | |
"cinder-api": "10.127.83.101", | |
"glance-api": "10.127.83.101", | |
"glance-registry": "10.127.83.101", | |
"swift-proxy": "10.127.83.101", | |
"mysql-db": "10.127.83.102", | |
"config": { | |
"10.127.83.100": { | |
"vrid": 11, | |
"network": "public" | |
}, | |
"10.127.83.101": { | |
"vrid": 12, | |
"network": "public" | |
}, | |
"10.127.83.102": { | |
"vrid": 10, | |
"network": "public" | |
} | |
} | |
}, | |
"mysql": { | |
"allow_remote_root": true, | |
"root_network_acl": "%" | |
}, | |
"osops_networks": { | |
"nova": "10.127.83.0/25", | |
"public": "10.127.83.0/25", | |
"management": "10.127.83.0/25" | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Copyright 2013 Rackspace US, Inc | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
CLIENT_VERSION=${CLIENT_VERSION:-"11.2.0-1"} | |
ENVIRONMENT=${ENVIRONMENT:-_default} | |
PRIMARY_INTERFACE=$(ip route list match 0.0.0.0 | awk 'NR==1 {print $5}') | |
MY_IP=$(ip addr show dev ${PRIMARY_INTERFACE} | awk 'NR==3 {print $2}' | cut -d '/' -f1) | |
CHEF_FE_SSL_PORT=${CHEF_FE_SSL_PORT:-443} | |
CHEF_URL=${CHEF_URL:-https://${MY_IP}:${CHEF_FE_SSL_PORT}} | |
cat > /tmp/install_$1.sh <<EOF | |
sudo apt-get install -y curl | |
curl -skS -L http://www.opscode.com/chef/install.sh | bash -s - -v ${CLIENT_VERSION} | |
mkdir -p /etc/chef | |
cp /tmp/validation.pem /etc/chef/validation.pem | |
cat <<EOF2 > /etc/chef/client.rb | |
Ohai::Config[:disabled_plugins] = ["passwd"] | |
chef_server_url "${CHEF_URL}" | |
chef_environment "${ENVIRONMENT}" | |
EOF2 | |
cat <<EOF2 > /etc/chef/knife.rb | |
chef_server_url "${CHEF_URL}" | |
chef_environment "${ENVIRONMENT}" | |
node_name "${1}" | |
EOF2 | |
EOF | |
if [ ! -e validation.pem ]; then | |
sudo cp /etc/chef-server/chef-validator.pem ./validation.pem | |
sudo chown ${USER}: ./validation.pem | |
fi | |
scp ./validation.pem $1:/tmp/validation.pem | |
scp /tmp/install_$1.sh $1:/tmp/install.sh | |
ssh $1 sudo /bin/bash /tmp/install.sh | |
ssh $1 sudo chef-client |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Copyright 2013 Rackspace US, Inc | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
CLIENT_VERSION=${CLIENT_VERSION:-"11.2.0-1"} | |
ENVIRONMENT=${ENVIRONMENT:-_default} | |
PRIMARY_INTERFACE=$(ip route list match 0.0.0.0 | awk 'NR==1 {print $5}') | |
MY_IP=$(ip addr show dev ${PRIMARY_INTERFACE} | awk 'NR==3 {print $2}' | cut -d '/' -f1) | |
CHEF_FE_SSL_PORT=${CHEF_FE_SSL_PORT:-443} | |
CHEF_URL=${CHEF_URL:-https://${MY_IP}:${CHEF_FE_SSL_PORT}} | |
CHEF_SERVER_VERSION=${CHEF_SERVER_VERSION:-11.0.8-1} | |
if [[ $OS_TYPE = "ubuntu" ]]; then | |
apt-get update -y --force-yes | |
locale-gen en_US.UTF-8 | |
apt-get install -y --force-yes lsb-release curl wget | |
cp /etc/resolv.conf /tmp/rc | |
apt-get remove --purge resolvconf -y --force-yes | |
cp /tmp/rc /etc/resolv.conf | |
elif [[ $OS_TYPE = "redhat" ]] || [[ $OS_TYPE = "centos" ]] || [[ $OS_TYPE = "fedora" ]]; then | |
yum -y install curl wget | |
else | |
echo "Your distribution is not supported" | |
exit 1 | |
fi | |
PRIMARY_INTERFACE=$(ip route list match 0.0.0.0 | awk 'NR==1 {print $5}') | |
MY_IP=$(ip addr show dev ${PRIMARY_INTERFACE} | awk 'NR==3 {print $2}' | cut -d '/' -f1) | |
CHEF_UNIX_USER=${CHEF_UNIX_USER:-root} | |
# due to http://tickets.opscode.com/browse/CHEF-3849 CHEF_FE_PORT is not used yet | |
CHEF_FE_PORT=${CHEF_FE_PORT:-80} | |
CHEF_FE_SSL_PORT=${CHEF_FE_SSL_PORT:-443} | |
CHEF_URL=${CHEF_URL:-https://${MY_IP}:${CHEF_FE_SSL_PORT}} | |
if [ ! -e "/etc/chef-server/chef-server.rb" ]; then | |
# defaults if not set | |
CHEF_WEBUI_PASSWORD=${CHEF_WEBUI_PASSWORD:-$(pwgen)} | |
CHEF_AMQP_PASSWORD=${CHEF_AMQP_PASSWORD:-$(pwgen)} | |
CHEF_POSTGRESQL_PASSWORD=${CHEF_POSTGRESQL_PASSWORD:-$(pwgen)} | |
CHEF_POSTGRESQL_RO_PASSWORD=${CHEF_POSTGRESQL_PASSWORD:-$(pwgen)} | |
mkdir -p /etc/chef-server | |
cat > /etc/chef-server/chef-server.rb <<EOF | |
node.override["chef_server"]["chef-server-webui"]["web_ui_admin_default_password"] = "${CHEF_WEBUI_PASSWORD}" | |
node.override["chef_server"]["rabbitmq"]["password"] = "${CHEF_AMQP_PASSWORD}" | |
node.override["chef_server"]["postgresql"]["sql_password"] = "${CHEF_POSTGRESQL_PASSWORD}" | |
node.override["chef_server"]["postgresql"]["sql_ro_password"] = "${CHEF_POSTGRESQL_RO_PASSWORD}" | |
node.override["chef_server"]["nginx"]["url"] = "${CHEF_URL}" | |
node.override["chef_server"]["nginx"]["ssl_port"] = ${CHEF_FE_SSL_PORT} | |
node.override["chef_server"]["nginx"]["non_ssl_port"] = ${CHEF_FE_PORT} | |
node.override["chef_server"]["nginx"]["enable_non_ssl"] = true | |
if (node['memory']['total'].to_i / 4) > ((node['chef_server']['postgresql']['shmmax'].to_i / 1024) - 2097152) | |
# guard against setting shared_buffers > shmmax on hosts with installed RAM > 64GB | |
# use 2GB less than shmmax as the default for these large memory machines | |
node.override['chef_server']['postgresql']['shared_buffers'] = "14336MB" | |
else | |
node.override['chef_server']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB" | |
end | |
EOF | |
HOMEDIR=$(getent passwd ${CHEF_UNIX_USER} | cut -d: -f6) | |
export HOME=${HOMEDIR} | |
if [[ $OS_TYPE = "ubuntu" ]]; then | |
if ! dpkg -s chef-server &>/dev/null; then | |
curl -L "http://www.opscode.com/chef/download-server?p=ubuntu&pv=${OS_VER}&m=x86_64&v=${CHEF_SERVER_VERSION}" > /tmp/chef-server.deb | |
dpkg -i /tmp/chef-server.deb | |
chef-server-ctl reconfigure | |
rm -f /tmp/chef-server.deb | |
fi | |
else | |
if ! rpm -q chef-server &>/dev/null; then | |
curl -L "http://www.opscode.com/chef/download-server?p=el&pv=${OS_VER}&m=x86_64&v=${CHEF_SERVER_VERSION}" > /tmp/chef-server.rpm | |
rpm -ivh /tmp/chef-server.rpm | |
chef-server-ctl reconfigure | |
rm -f /tmp/chef-server.rpm | |
fi | |
fi | |
mkdir -p ${HOMEDIR}/.chef | |
cp /etc/chef-server/{chef-validator.pem,admin.pem} ${HOMEDIR}/.chef | |
chown -R ${CHEF_UNIX_USER}: ${HOMEDIR}/.chef | |
if [[ ! -e ${HOMEDIR}/.chef/knife.rb ]]; then | |
/opt/chef-server/embedded/bin/knife configure <<EOF | |
${HOMEDIR}/.chef/knife.rb | |
${CHEF_URL} | |
admin | |
chef-validator | |
${HOMEDIR}/.chef/chef-validator.pem | |
EOF | |
# setup the path | |
echo 'export PATH=${PATH}:/opt/chef-server/embedded/bin' >> ${HOMEDIR}/.bash_profile | |
fi | |
# these are only returned on a run where we actually install chef-server | |
source ${HOMEDIR}/.bash_profile | |
knife cookbook upload -o ${HOMEDIR}/chef-cookbooks/cookbooks -a | |
knife role from_file ${HOMEDIR}/chef-cookbooks/roles/*.rb | |
knife environment from_file grizzly.json | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -e | |
# Exit on ^C | |
trap exit INT | |
controllers=(evinfra{1,2}) | |
computes=(evcompute{1,2,4,5}) | |
items="{apache,openvswitch,mysql,monit,rabbitmq,nova,glance,cinder,quantum,keystone,keepalived,memcached,haproxy,chef}" | |
temp=($(eval echo ${items})) | |
procs=$(IFS='|'; echo "(${temp[*]})") | |
_nuke() { | |
echo "===== Nuking chef-server from orbit. It's the only way to be sure. =====" | |
./chef-uninstall | |
./install-chef-server.sh | |
rm validation.pem | |
} | |
_clean() { | |
echo "===== Cleaning boxes =====" | |
parallel --tag --onall --sshlogin $(IFS=,; echo "${controllers[*]},${computes[*]}") :::: <<EOF || true | |
mkdir -p tmp | |
cd tmp | |
pkill -9 -f "${procs}" | |
ipvsadm -C | |
DEBIAN_FRONTEND=noninteractive dpkg --configure -a | |
DEBIAN_FRONTEND=noninteractive apt-get purge ${items}* -y -qq | |
rm -rf /etc/${items}* /var/lib/${items}* /var/log/${items}* /root/.{erlang,my,chef}* /var/chef* /var/opt/chef* | |
cd | |
rmdir tmp | |
EOF | |
} | |
_reload() { | |
echo "===== Reconfigure chef clients =====" | |
for i in "${controllers[@]}" "${computes[@]}" | |
do | |
knife node delete $i -y || true | |
knife client delete $i -y || true | |
/root/install-chef-client.sh $i | |
done | |
} | |
_envs() { | |
echo "===== Setting environments -- Chef sucks so this is usually slow =====" | |
knife exec -E "nodes.search('chef_environment:_default') {|n| n.chef_environment('grizzly'); n.save}" | |
nodes=($(knife exec -E "nodes.search('chef_environment:_default') {|n| puts n.name}")) | |
while [[ ${#nodes[@]} -gt 0 ]] | |
do | |
echo -n . | |
knife exec -E "nodes.search('chef_environment:_default') {|n| n.chef_environment('grizzly'); n.save}" | |
nodes=($(knife exec -E "nodes.search('chef_environment:_default') {|n| puts n.name}")) | |
done | |
echo | |
} | |
_runlists() { | |
echo "===== Setting runlists =====" | |
# Setup controller runlists | |
knife node run_list add ${controllers[0]} "role[ha-controller1],role[single-network-node]" | |
knife node run_list add ${controllers[1]} "role[ha-controller2],role[single-network-node]" | |
# Setup compute runlists | |
for i in "${computes[@]}" | |
do | |
knife node run_list add $i "role[single-compute]" | |
done | |
} | |
_chef() { | |
# Rerun chef-client on controllers in order | |
echo "===== Chef'ing controllers =====" | |
ssh ${controllers[0]} chef-client -l info | |
ssh ${controllers[1]} chef-client -l info | |
ssh ${controllers[0]} chef-client -l info | |
# Rerun chef-client on computes simultaneously | |
echo "===== Chef'ing computes =====" | |
parallel --tag --nonall --sshlogin $(IFS=,; echo "${computes[*]}") chef-client -l info | |
} | |
# Check ze args | |
for arg in $@ | |
do | |
case "${arg,,}" in | |
nuke) | |
# Nuke chef-server | |
_nuke | |
;; | |
clean) | |
# Clean up boxes | |
_clean | |
;; | |
reload) | |
# Reconfigure chef clients | |
_reload | |
;; | |
envs) | |
# Setup environments | |
_envs | |
;; | |
runlists) | |
# Setup runlists | |
_runlists | |
;; | |
chef) | |
# And go! | |
_chef | |
;; | |
esac | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment