From 3f90353f49770cc03ebf3952778eb51ffe5063c2 Mon Sep 17 00:00:00 2001 From: Thomas Wiest Date: Mon, 3 Nov 2014 22:32:43 -0500 Subject: making atomic proxy be able to be deployed to PROD. --- playbooks/aws/os2-atomic-proxy/vars.int.yml | 3 + playbooks/aws/os2-atomic-proxy/vars.prod.yml | 3 + playbooks/aws/os2-atomic-proxy/vars.stg.yml | 1 + roles/atomic_proxy/templates/puppet/puppet.conf.j2 | 2 +- .../files/monitoring_container/start.rb | 73 ---------------------- roles/docker_img_monitoring/tasks/main.yml | 4 ++ .../templates/monitoring_container/start.rb.j2 | 73 ++++++++++++++++++++++ .../files/puppet_container/Dockerfile | 3 + 8 files changed, 88 insertions(+), 74 deletions(-) create mode 100644 playbooks/aws/os2-atomic-proxy/vars.int.yml create mode 100644 playbooks/aws/os2-atomic-proxy/vars.prod.yml delete mode 100755 roles/docker_img_monitoring/files/monitoring_container/start.rb create mode 100755 roles/docker_img_monitoring/templates/monitoring_container/start.rb.j2 diff --git a/playbooks/aws/os2-atomic-proxy/vars.int.yml b/playbooks/aws/os2-atomic-proxy/vars.int.yml new file mode 100644 index 000000000..00157cd89 --- /dev/null +++ b/playbooks/aws/os2-atomic-proxy/vars.int.yml @@ -0,0 +1,3 @@ +--- +oo_env_long: integration +oo_zabbix_hostgroups: ['INT Environment'] diff --git a/playbooks/aws/os2-atomic-proxy/vars.prod.yml b/playbooks/aws/os2-atomic-proxy/vars.prod.yml new file mode 100644 index 000000000..641afc626 --- /dev/null +++ b/playbooks/aws/os2-atomic-proxy/vars.prod.yml @@ -0,0 +1,3 @@ +--- +oo_env_long: production +oo_zabbix_hostgroups: ['PROD Environment'] diff --git a/playbooks/aws/os2-atomic-proxy/vars.stg.yml b/playbooks/aws/os2-atomic-proxy/vars.stg.yml index fa37b7ee3..8d994c2fc 100644 --- a/playbooks/aws/os2-atomic-proxy/vars.stg.yml +++ b/playbooks/aws/os2-atomic-proxy/vars.stg.yml @@ -1,2 +1,3 @@ --- oo_env_long: staging +oo_zabbix_hostgroups: ['STG Environment'] diff --git a/roles/atomic_proxy/templates/puppet/puppet.conf.j2 b/roles/atomic_proxy/templates/puppet/puppet.conf.j2 index 9a47ab11c..9731ff168 100644 --- a/roles/atomic_proxy/templates/puppet/puppet.conf.j2 +++ b/roles/atomic_proxy/templates/puppet/puppet.conf.j2 @@ -1,6 +1,6 @@ [main] # we need to override the host name of the container - certname = ctr-proxy.stg.rhcloud.com + certname = ctr-proxy.{{ oo_env }}.rhcloud.com # The Puppet log directory. # The default value is '$vardir/log'. diff --git a/roles/docker_img_monitoring/files/monitoring_container/start.rb b/roles/docker_img_monitoring/files/monitoring_container/start.rb deleted file mode 100755 index 7cd713707..000000000 --- a/roles/docker_img_monitoring/files/monitoring_container/start.rb +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/bin/env ruby - -require 'fileutils' - - -# TODO: These should be passed in as env vars. When we're in a POD, make sure to do this. -# WORKAROUND: ^^ -OO_ENV = 'stg' -OO_CTR_TYPE = 'proxy' -HOSTGROUPS = ['STG Environment'] -TEMPLATES = ['Template OpenShift Proxy Ctr'] -CTR_NAME = "ctr-#{OO_CTR_TYPE}-#{OO_ENV}-#{ENV['container_uuid'][0..6]}" - - -CTR_CONFIG_FLAG = '/shared/var/run/ctr-ipc/flag/ctr_configured' - - -class Start - def self.wait_for_ctr_configured - while ! File.exist?(CTR_CONFIG_FLAG) - puts "Sleeping 10 seconds, waiting for #{CTR_CONFIG_FLAG}" - sleep 10 - end - end - - def self.add_to_zabbix - # Need to do this as a separate script because /usr/local gets changed after this script starts. - # FIXME: we can change this once we aren't using the puppet container anymore - cmd = "/register-with-zabbix.rb --name #{CTR_NAME}" - cmd += ' ' + HOSTGROUPS.collect() { |a| "--hostgroup '#{a}'" }.join(' ') - cmd += ' ' + TEMPLATES.collect() { |a| "--template '#{a}'" }.join(' ') - puts "Running: #{cmd}" - system(cmd) - raise "failed" unless $?.exitstatus == 0 - end - - def self.setup_shared_dirs - puts '_' - ['/usr/local', '/etc/openshift', '/var/lib/haproxy', '/etc/haproxy'].each do |shared_dir| - puts "Setting up /shared#{shared_dir}..." - FileUtils.rm_rf(shared_dir) - FileUtils.ln_s("/shared#{shared_dir}", shared_dir) - end - puts '_' - end - - def self.setup_cron() - File.open('/etc/crontab', 'a') do |f| - # FIXME: on failure, this should e-mail, not log to a file. Not sure how best to do that in a 1 service per container way. - f.write("30 12 * * * root /usr/bin/flock -n /var/tmp/cron-send-cert-expiration.lock -c '/usr/bin/timeout -s9 30s /usr/local/bin/cron-send-cert-expiration.rb --server noc2.ops.rhcloud.com --zbx-host #{CTR_NAME}' &>> /var/log/cron-send-cert-expiration.log\n") - f.write("*/2 * * * * root /usr/local/bin/cron-send-haproxy-status.rb --server noc2.ops.rhcloud.com --zbx-host #{CTR_NAME} &>> /var/log/cron-send-haproxy-status.log\n") - end - end - - def self.exec_cron() - puts '_' - puts 'Exec-ing cron' - puts '-------------' - puts "Starting cron..." - exec("/usr/sbin/crond -n") - end -end - -if __FILE__ == $0 - $stdout.sync = true - $stderr.sync = true - - Start.setup_shared_dirs() - Start.wait_for_ctr_configured - Start.add_to_zabbix() - Start.setup_cron() - Start.exec_cron() -end diff --git a/roles/docker_img_monitoring/tasks/main.yml b/roles/docker_img_monitoring/tasks/main.yml index ce8d5a0a9..dce918cb6 100644 --- a/roles/docker_img_monitoring/tasks/main.yml +++ b/roles/docker_img_monitoring/tasks/main.yml @@ -7,4 +7,8 @@ with_items: - { name: 'Dockerfile', mode: '644' } - { name: 'register-with-zabbix.rb', mode: '755' } + +- name: deploy monitoring image build templates + template: "src=monitoring_container/{{ item.name }}.j2 dest=/usr/local/etc/containers/monitoring_container/{{ item.name }} mode={{ item.mode }}" + with_items: - { name: 'start.rb', mode: '755' } diff --git a/roles/docker_img_monitoring/templates/monitoring_container/start.rb.j2 b/roles/docker_img_monitoring/templates/monitoring_container/start.rb.j2 new file mode 100755 index 000000000..70d60f87b --- /dev/null +++ b/roles/docker_img_monitoring/templates/monitoring_container/start.rb.j2 @@ -0,0 +1,73 @@ +#!/usr/bin/env ruby + +require 'fileutils' + + +# TODO: These should be passed in as env vars. When we're in a POD, make sure to do this. +# WORKAROUND: ^^ +OO_ENV = '{{ oo_env }}' +OO_CTR_TYPE = 'proxy' +HOSTGROUPS = {{ oo_zabbix_hostgroups | to_nice_json }} +TEMPLATES = ['Template OpenShift Proxy Ctr'] +CTR_NAME = "ctr-#{OO_CTR_TYPE}-#{OO_ENV}-#{ENV['container_uuid'][0..6]}" + + +CTR_CONFIG_FLAG = '/shared/var/run/ctr-ipc/flag/ctr_configured' + + +class Start + def self.wait_for_ctr_configured + while ! File.exist?(CTR_CONFIG_FLAG) + puts "Sleeping 10 seconds, waiting for #{CTR_CONFIG_FLAG}" + sleep 10 + end + end + + def self.add_to_zabbix + # Need to do this as a separate script because /usr/local gets changed after this script starts. + # FIXME: we can change this once we aren't using the puppet container anymore + cmd = "/register-with-zabbix.rb --name #{CTR_NAME}" + cmd += ' ' + HOSTGROUPS.collect() { |a| "--hostgroup '#{a}'" }.join(' ') + cmd += ' ' + TEMPLATES.collect() { |a| "--template '#{a}'" }.join(' ') + puts "Running: #{cmd}" + system(cmd) + raise "failed" unless $?.exitstatus == 0 + end + + def self.setup_shared_dirs + puts '_' + ['/usr/local', '/etc/openshift', '/var/lib/haproxy', '/etc/haproxy'].each do |shared_dir| + puts "Setting up /shared#{shared_dir}..." + FileUtils.rm_rf(shared_dir) + FileUtils.ln_s("/shared#{shared_dir}", shared_dir) + end + puts '_' + end + + def self.setup_cron() + File.open('/etc/crontab', 'a') do |f| + # FIXME: on failure, this should e-mail, not log to a file. Not sure how best to do that in a 1 service per container way. + f.write("30 12 * * * root /usr/bin/flock -n /var/tmp/cron-send-cert-expiration.lock -c '/usr/bin/timeout -s9 30s /usr/local/bin/cron-send-cert-expiration.rb --server noc2.ops.rhcloud.com --zbx-host #{CTR_NAME}' &>> /var/log/cron-send-cert-expiration.log\n") + f.write("*/2 * * * * root /usr/local/bin/cron-send-haproxy-status.rb --server noc2.ops.rhcloud.com --zbx-host #{CTR_NAME} &>> /var/log/cron-send-haproxy-status.log\n") + end + end + + def self.exec_cron() + puts '_' + puts 'Exec-ing cron' + puts '-------------' + puts "Starting cron..." + exec("/usr/sbin/crond -n") + end +end + +if __FILE__ == $0 + $stdout.sync = true + $stderr.sync = true + + Start.setup_shared_dirs() + Start.wait_for_ctr_configured + Start.add_to_zabbix() + Start.setup_cron() + Start.exec_cron() +end diff --git a/roles/docker_img_puppet/files/puppet_container/Dockerfile b/roles/docker_img_puppet/files/puppet_container/Dockerfile index 0bc72d389..d5cdf1005 100644 --- a/roles/docker_img_puppet/files/puppet_container/Dockerfile +++ b/roles/docker_img_puppet/files/puppet_container/Dockerfile @@ -13,6 +13,9 @@ RUN yum -y install puppet3 crontabs cronie-anacron cronie system-config-firewall RUN rm /usr/sbin/lokkit ; ln -s /bin/true /usr/sbin/lokkit +# this is needed so that we can run puppet without running the start script +RUN mkdir -p /etc/haproxy + # END: These are to fake out puppet # Container specific files -- cgit v1.2.3