ReleaseEngineering/PuppetAgain/Modules/config: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
 
(18 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This module handles retrieving and access of the site specific config values.
This module handles retrieving and access of the org specific config values.


== Summary ==
= Summary =


We handle config variables via puppets <tt>extlookup()</tt> function, which reads data from keys in csv files in a directory we specify, and in the order we specify. Missing files are not errors, but missing keys (when not specified with a default here) are. We do not specify any defaults in the <tt>extlookup()</tt> function at all.
Configuration is specified in an org-specific file, <tt>manifests/$org-config.pp</tt>, which is symlinked from <tt>manifests/config.pp</tt>.  This file defines a class, "config", which inherits from "config::base", which defines all config variables.  The inherited class only needs to define variables whose values must change.


The csv files are stored in the <tt>modules/extlookup/</tt> dir of our whole repo ([http://hg.mozilla.org/build/puppet/file/default/manifests/extlookup source]). Our search order is as follows, first->last.
==Usage==
 
# <tt>local-config.csv</tt>
#: '''optional''', preferably symlinked to an in-repo site specific config file (e.g. <tt>[http://hg.mozilla.org/build/puppet/file/default/manifests/extlookup/seamonkey-config.csv seamonkey-config.csv]</tt>)
# <tt>default-config.csv</tt>
#: stored directly in puppet, and should contain reasonable defaults.
# <tt>moco-config.csv</tt>, <tt>seamonkey-config.csv</tt>
#: User-specific configuration (more can be added).  These are generally linked to by local-config.csv.
# <tt>supplied-config.csv</tt>
#: '''optional''' lower precedence than local-config.csv, this can be used for automated creation of config.  Within mozilla we use this to inject configuration from the puppet instance that builds our puppetmasters (don't think about that too hard!)
# <tt>secrets.csv</tt>
#: Necessarily not stored in hg as this file contains secrets (e.g. password hashes). For simplicity we have a <tt>secrets.csv.in</tt> file in this directory that can be copied over and have the secrets added.
 
== Manifests ==
=== Config ===
 
====Usage====
'''in manifests'''
'''in manifests'''
  class foo {
  class foo {
Line 33: Line 17:
  Username is <%= scope.lookupvar('::config::builder_username') %>
  Username is <%= scope.lookupvar('::config::builder_username') %>


==== Variables ====
==Variables ==
;'''puppet_notif_email'''
The available configuration variables are all listed in <tt>modules/config/manifests/base.pp</tt>; refer to that file for the most up-to-date information.
:The e-mail address or list to send errors of the puppet daemon to. ''(Defaults to <tt>dustin@mozilla.com</tt>)''
;'''puppet_server'''
:The hostname of the puppet master we should connect to. Qualified or unqualified hostnames are acceptable. ''(Defaults to <tt>puppet</tt>)''
;'''puppet_servers'''
:A list of all puppet servers, so clients can try other servers if <tt>puppet_server</tt> is down ''(Defaults to a one-element list containing the value of <tt>puppet_server</tt>)''
;'''data_server'''
:The hostname of the [[ReleaseEngineering/PuppetAgain/Data|data]] server ''(Defaults to the <tt>repos</tt>)''
;'''data_servers'''
:A list of all [[ReleaseEngineering/PuppetAgain/Data|data]] servers ''(Defaults to a one-element list containing <tt>data_server</tt>)''
;'''builder_username'''
:The username for the build and test slaves ''(Defaults to <tt>cltbld</tt>)''
;'''nrpe_allowed_hosts'''
:A comma-separated list of IPs from which NRPE should accept check requests (added in {{bug|733545}})
;'''relay_domains'''
:The fqdn where your smarthost will send  mail (added in {{bug|733536}})
;'''ganglia_config_class'''
:The puppet class to use to configure ganglia, e.g., <tt>ganglia::config-moco</tt>
;'''crl_sync_url'''
:The URL of CRL PEM file distributed by the CA server used by puppet masters to invalidate revoked certificates.
;'''puppet_again_repo'''
:The repository from which the PuppetAgain source should be fetched by puppet masters
;'''global_authorized_keys'''
:Names for SSH keys (see [[ReleaseEngineering/PuppetAgain/Modules/ssh|the ssh module]]) that will be accepted for root and (where applicable) builder on all hosts.  All names listed here must have corresponding keys in ''modules/ssh/manifests/keys.pp''.
;'''puppet_server_reports'''
:The 'reports' parameter that should be configured on puppet masters
;'''puppet_server_reporturl'''
:The 'reporturl' parameter that should be configured on puppet masters
 
=== Config::Secrets ===
The Secrets module handles all the secret config options, for clarity. It is imported directly by the config module, for simplicity throughout.
 
====Usage====
'''in manifests'''
class foo {
  include ::config
  if ($::config::secrets::builder_password == "")
      fail("missing password")
  }
}
 
'''in strings''' (note use of empty namespace designation)
Hash is ${::config::secrets::builder_password}


==== Variables ====
==Functions==
;'''root_pw_hash'''
This module also defines the <tt>secret</tt> function; see [[ReleaseEngineering/PuppetAgain/Secrets]].
:linux md5 password hash for the root password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Linux|where to find]])
;'''root_pw_pbkdf2'''
:Mac OS X 10.8 entropy for the root password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Darwin|where to find]])
;'''root_pw_pbkdf2_salt'''
:Mac OS X 10.8 salt for the root password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Darwin|where to find]])
;'''root_pw_pbkdf2_iterations'''
:Mac OS X 10.8 iterations for the root password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Darwin|where to find]])
;'''builder_pw_hash'''
:linux md5 password hash for the builder user's password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Linux|where to find]])
;'''builder_pw_pbkdf2'''
:Mac OS X 10.8 entropy for the builder user's password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Darwin|where to find]])
;'''builder_pw_pbkdf2_salt'''
:Mac OS X 10.8 salt for the builder user's password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Darwin|where to find]])
;'''builder_pw_pbkdf2_iterations'''
:Mac OS X 10.8 iterations for the builder user's password ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Darwin|where to find]])
;'''builder_pw_kcpassword_base64'''
:kcpassword-obfuscated cleartext of the builder user's password, for autologin on Darwin ''(No Default)'' ([[ReleaseEngineering/PuppetAgain/Modules/users#Darwin|where to find]])
;'''mozpool_inventory_url'''
: base URL for the Mozilla inventory
;'''mozpool_inventory_username'''
: LDAP username for the Mozilla inventory
;'''mozpool_inventory_password'''
: LDAP password for the Mozilla inventory
;'''mozpool_db_hostname'''
: DB hostname for the Mozilla inventory
;'''mozpool_db_database'''
: DB name for the Mozilla inventory
;'''mozpool_db_username'''
: DB username for the Mozilla inventory
;'''mozpool_db_password'''
: DB password for the Mozilla inventory
;'''mozpool_staging_db_hostname'''
: Staging DB hostname for the Mozilla inventory (used if <tt>$mozpool_staging</tt> is true)
;'''mozpool_staging_db_database'''
: Staging DB name for the Mozilla inventory (used if <tt>$mozpool_staging</tt> is true)
;'''mozpool_staging_db_username'''
: Staging DB username for the Mozilla inventory (used if <tt>$mozpool_staging</tt> is true)
;'''mozpool_staging_db_password'''
: Staging DB password for the Mozilla inventory (used if <tt>$mozpool_staging</tt> is true)
;'''balrog_password'''
: Balrog password (used in buildmaster)
;'''balrog_username'''
: Balrog username (used in buildmaster)
;bmm_db_database
: bmm database (used in buildmaster)
;bmm_db_hostname
: bmm database host (used in buildmaster)
;bmm_db_password
: bmm database password (used in buildmaster)
;bmm_db_username
: bmm database username (used in buildmaster)
;bmm_inventory_password
: bmm inventory password (used in buildmaster)
;bmm_inventory_url
: bmm inventory url (used in buildmaster)
;bmm_inventory_username
: bmm inventory username (used in buildmaster)
;buildbot_configs_hg_repo
: mercurial repository for buildbot-configs it should point to: http://hg.mozilla.org/build/buildbot-configs (used in buildmaster)
; buildbot_mail_to
: email address for buildbotmaster notifications (used in buildmaster)
;buildbot_schedulerdb_database
: Scheduler database (used in buildmaster)
;buildbot_schedulerdb_hostname
: Scheduler database hostname (used in buildmaster)
;buildbot_schedulerdb_password
: Scheduler database password(used in buildmaster)
;buildbot_schedulerdb_username
: Scheduler database username (used in buildmaster)
;buildbot_statusdb_database
: Statusdb database (used in buildmaster)
;buildbot_statusdb_hostname
: Statusdb database hostname (used in buildmaster)
;buildbot_statusdb_password
: Statusdb database password (used in buildmaster)
;buildbot_statusdb_username
: Statusdb database username (used in buildmaster)
;buildbot_tools_hg_repo
: mercurial repository for buildbot-configs http://hg.mozilla.org/build/tools (used in buildmaster)
;buildmaster_secrets
: signing servers credential - this will be replaced soon
;fedora64_tests_password
:fedora64 tests password (used in buildmaster)
;fedora_tests_password
:fedora tests password (used in buildmaster)
;jetperf_oauth_key
:jetperf oauth key (used in buildmaster)
;jetperf_oauth_secret
:jetperf oauth secret (used in buildmaster)
;leopard_tests_password
:leopard tests password (used in buildmaster)
;linux64_build_password
:linux64 build password (used in buildmaster)
;linux64_tests_password
:linux64 tests password (used in buildmaster)
;linux64_try_build_password
:linux64 try build password (used in buildmaster)
;linux_build_password
:linux build password (used in buildmaster)
;linux_tests_password
:linux tests password (used in buildmaster)
;linux_try_build_password
:linux try build password (used in buildmaster)
;lion_tests_password
:lion tests password (used in buildmaster)
;macosx64_build_password
:macosx64 build password (used in buildmaster)
;macosx64_try_build_password
:macosx64 try build password (used in buildmaster)
;macosx_build_password
:macosx build password (used in buildmaster)
;macosx_try_build_password
:macosx try build password (used in buildmaster)
;master_json
:master json (used in buildmaster)
;mock_build_password
:mock build password (used in buildmaster)
;mock_try_build_password
:mock try build password (used in buildmaster)
;mountainlion_tests_password
:mountainlion tests password (used in buildmaster)
;pulse_exchange
:pulse exchange (used in buildmaster)
;pulse_password
:pulse password (used in buildmaster)
;pulse_username
:pulse username (used in buildmaster)
;repo_servers
:repo servers (used in buildmaster)
;snowleopard_tests_password
:snowleopard tests password (used in buildmaster)
;talos_oauth_key
:talos oauth key (used in buildmaster)
;talos_oauth_secret
:talos oauth secret (used in buildmaster)
;tegra_android_tests_password
:tegra android tests password (used in buildmaster)
;tiger_tests_password
:tiger tests password (used in buildmaster)
;tuxedo_password
:tuxedo password (used in buildmaster)
;tuxedo_user
:tuxedo user (used in buildmaster)
;vista_tests_password
:vista tests password (used in buildmaster)
;w764_tests_password
:w764 tests password (used in buildmaster)
;win32_build_password
:win32 build password (used in buildmaster)
;win32_try_build_password
:win32 try build password (used in buildmaster)
;win64_build_password
:win64 build password (used in buildmaster)
;win64_try_build_password
:win64 try build password (used in buildmaster)
;win7_tests_password
:win7 tests password (used in buildmaster)
;xp_tests_password
:xp tests password (used in buildmaster)

Latest revision as of 20:18, 7 November 2013

This module handles retrieving and access of the org specific config values.

Summary

Configuration is specified in an org-specific file, manifests/$org-config.pp, which is symlinked from manifests/config.pp. This file defines a class, "config", which inherits from "config::base", which defines all config variables. The inherited class only needs to define variables whose values must change.

Usage

in manifests 

class foo {
  include config
  if ($config::builder_username == "")
     fail("bad settings")
  }
}

in templates (note use of empty namespace designation) 

Username is <%= scope.lookupvar('::config::builder_username') %>

Variables

The available configuration variables are all listed in modules/config/manifests/base.pp; refer to that file for the most up-to-date information.

Functions

This module also defines the secret function; see ReleaseEngineering/PuppetAgain/Secrets.

Retrieved from "https://wiki.allizom.org/index.php?title=ReleaseEngineering/PuppetAgain/Modules/config&oldid=754903"