ReleaseEngineering/PuppetAgain/Modules/config
< ReleaseEngineering | PuppetAgain | Modules
Jump to navigation
Jump to search
This module handles retrieving and access of the site specific config values.
Summary
We handle config variables via puppets extlookup() function, which reads data from keys in csv files in a directory we specify, and in the order we specify. Missing files are not errors, but missing keys (when not specified with a default here) are. We do not specify any defaults in the extlookup() function at all.
The csv files are stored in the modules/extlookup/ dir of our whole repo (source). Our search order is as follows, first->last.
- local-config.csv
- optional, preferably symlinked to an in-repo site specific config file (e.g. seamonkey-config.csv)
- default-config.csv
- stored directly in puppet, and should contain reasonable defaults.
- moco-config.csv, seamonkey-config.csv
- User-specific configuration (more can be added). These are generally linked to by local-config.csv.
- supplied-config.csv
- optional lower precedence than local-config.csv, this can be used for automated creation of config. Within mozilla we use this to inject configuration from the puppet instance that builds our puppetmasters (don't think about that too hard!)
- secrets.csv
- Necessarily not stored in hg as this file contains secrets (e.g. password hashes). For simplicity we have a secrets.csv.in file in this directory that can be copied over and have the secrets added.
Manifests
Config
Usage
in manifests
class foo {
include config
if ($config::builder_username == "")
fail("bad settings")
}
}
in templates (note use of empty namespace designation)
Username is <%= scope.lookupvar('::config::builder_username') %>
Variables
- puppet_notif_email
- The e-mail address or list to send errors of the puppet daemon to. (Defaults to dustin@mozilla.com)
- puppet_server
- The hostname of the puppet master we should connect to. Qualified or unqualified hostnames are acceptable. (Defaults to puppet)
- puppet_servers
- A list of all puppet servers, so clients can try other servers if puppet_server is down (Defaults to a one-element list containing the value of puppet_server)
- data_server
- The hostname of the data server (Defaults to the repos)
- data_servers
- A list of all data servers (Defaults to a one-element list containing data_server)
- builder_username
- The username for the build and test slaves (Defaults to cltbld)
- nrpe_allowed_hosts
- A comma-separated list of IPs from which NRPE should accept check requests (added in bug 733545)
- relay_domains
- The fqdn where your smarthost will send mail (added in bug 733536)
- ganglia_config_class
- The puppet class to use to configure ganglia, e.g., ganglia::config-moco
- crl_sync_url
- The URL of CRL PEM file distributed by the CA server used by puppet masters to invalidate revoked certificates.
- puppet_again_repo
- The repository from which the PuppetAgain source should be fetched by puppet masters
- global_authorized_keys
- Names for SSH keys (see the ssh module) that will be accepted for root and (where applicable) builder on all hosts. All names listed here must have corresponding keys in modules/ssh/manifests/keys.pp.
- puppet_server_reports
- The 'reports' parameter that should be configured on puppet masters
- puppet_server_reporturl
- The 'reporturl' parameter that should be configured on puppet masters
Config::Secrets
The Secrets module handles all the secret config options, for clarity. It is imported directly by the config module, for simplicity throughout.
Usage
in manifests
class foo {
include ::config
if ($::config::secrets::builder_password == "")
fail("missing password")
}
}
in strings (note use of empty namespace designation)
Hash is ${::config::secrets::builder_password}
Variables
- root_pw_hash
- linux md5 password hash for the root password (No Default) (where to find)
- root_pw_pbkdf2
- Mac OS X 10.8 entropy for the root password (No Default) (where to find)
- root_pw_pbkdf2_salt
- Mac OS X 10.8 salt for the root password (No Default) (where to find)
- root_pw_pbkdf2_iterations
- Mac OS X 10.8 iterations for the root password (No Default) (where to find)
- builder_pw_hash
- linux md5 password hash for the builder user's password (No Default) (where to find)
- builder_pw_pbkdf2
- Mac OS X 10.8 entropy for the builder user's password (No Default) (where to find)
- builder_pw_pbkdf2_salt
- Mac OS X 10.8 salt for the builder user's password (No Default) (where to find)
- builder_pw_pbkdf2_iterations
- Mac OS X 10.8 iterations for the builder user's password (No Default) (where to find)
- builder_pw_kcpassword_base64
- kcpassword-obfuscated cleartext of the builder user's password, for autologin on Darwin (No Default) (where to find)
- mozpool_inventory_url
- base URL for the Mozilla inventory
- mozpool_inventory_username
- LDAP username for the Mozilla inventory
- mozpool_inventory_password
- LDAP password for the Mozilla inventory
- mozpool_db_hostname
- DB hostname for the Mozilla inventory
- mozpool_db_database
- DB name for the Mozilla inventory
- mozpool_db_username
- DB username for the Mozilla inventory
- mozpool_db_password
- DB password for the Mozilla inventory
- mozpool_staging_db_hostname
- Staging DB hostname for the Mozilla inventory (used if $mozpool_staging is true)
- mozpool_staging_db_database
- Staging DB name for the Mozilla inventory (used if $mozpool_staging is true)
- mozpool_staging_db_username
- Staging DB username for the Mozilla inventory (used if $mozpool_staging is true)
- mozpool_staging_db_password
- Staging DB password for the Mozilla inventory (used if $mozpool_staging is true)
- balrog_password
- Balrog password (used in buildmaster)
- balrog_username
- Balrog username (used in buildmaster)
- buildbot_configs_hg_repo
- mercurial repository for buildbot-configs it should point to: http://hg.mozilla.org/build/buildbot-configs (used in buildmaster)
- buildbot_mail_to
- email address for buildbotmaster notifications (used in buildmaster)
- buildbot_schedulerdb_database
- Scheduler database (used in buildmaster)
- buildbot_schedulerdb_hostname
- Scheduler database hostname (used in buildmaster)
- buildbot_schedulerdb_password
- Scheduler database password(used in buildmaster)
- buildbot_schedulerdb_username
- Scheduler database username (used in buildmaster)
- buildbot_statusdb_database
- Statusdb database (used in buildmaster)
- buildbot_statusdb_hostname
- Statusdb database hostname (used in buildmaster)
- buildbot_statusdb_password
- Statusdb database password (used in buildmaster)
- buildbot_statusdb_username
- Statusdb database username (used in buildmaster)
- buildbot_tools_hg_repo
- mercurial repository for buildbot-configs http://hg.mozilla.org/build/tools (used in buildmaster)
- buildmaster_secrets
- signing servers credential - this will be replaced soon
- fedora64_tests_password
- fedora64 tests password (used in buildmaster)
- fedora_tests_password
- fedora tests password (used in buildmaster)
- jetperf_oauth_key
- jetperf oauth key (used in buildmaster)
- jetperf_oauth_secret
- jetperf oauth secret (used in buildmaster)
- leopard_tests_password
- leopard tests password (used in buildmaster)
- linux64_build_password
- linux64 build password (used in buildmaster)
- linux64_tests_password
- linux64 tests password (used in buildmaster)
- linux64_try_build_password
- linux64 try build password (used in buildmaster)
- linux_build_password
- linux build password (used in buildmaster)
- linux_tests_password
- linux tests password (used in buildmaster)
- linux_try_build_password
- linux try build password (used in buildmaster)
- lion_tests_password
- lion tests password (used in buildmaster)
- macosx64_build_password
- macosx64 build password (used in buildmaster)
- macosx64_try_build_password
- macosx64 try build password (used in buildmaster)
- macosx_build_password
- macosx build password (used in buildmaster)
- macosx_try_build_password
- macosx try build password (used in buildmaster)
- master_json
- master json (used in buildmaster)
- mock_build_password
- mock build password (used in buildmaster)
- mock_try_build_password
- mock try build password (used in buildmaster)
- mountainlion_tests_password
- mountainlion tests password (used in buildmaster)
- pulse_exchange
- pulse exchange (used in buildmaster)
- pulse_password
- pulse password (used in buildmaster)
- pulse_username
- pulse username (used in buildmaster)
- repo_servers
- repo servers (used in buildmaster)
- snowleopard_tests_password
- snowleopard tests password (used in buildmaster)
- talos_oauth_key
- talos oauth key (used in buildmaster)
- talos_oauth_secret
- talos oauth secret (used in buildmaster)
- tegra_android_tests_password
- tegra android tests password (used in buildmaster)
- tiger_tests_password
- tiger tests password (used in buildmaster)
- tuxedo_password
- tuxedo password (used in buildmaster)
- tuxedo_user
- tuxedo user (used in buildmaster)
- vista_tests_password
- vista tests password (used in buildmaster)
- w764_tests_password
- w764 tests password (used in buildmaster)
- win32_build_password
- win32 build password (used in buildmaster)
- win32_try_build_password
- win32 try build password (used in buildmaster)
- win64_build_password
- win64 build password (used in buildmaster)
- win64_try_build_password
- win64 try build password (used in buildmaster)
- win7_tests_password
- win7 tests password (used in buildmaster)
- xp_tests_password
- xp tests password (used in buildmaster)