Fixes #11655: Import old ncf-openstack-technique in contrib

contrib/ncf-openstack-technique/.gitignore

@@ -0,0 +1 @@
+.vagrant

contrib/ncf-openstack-technique/README.md

@@ -0,0 +1,43 @@
+# rudder-openstack
+
+*WARNING*: This configuration is experimental and outdated.*
+
+The repository contains Rudder techniques to deploy and maintain a simple OpenStack infrastructure.
+
+The master branch tracks OpenStack Kilo. The deployment has only been tested on CentOS, but should be easy to adapt to Ubuntu. It does not provide choice over the backends, and choses:
+* RabbitMQ as message queue
+* MariaDB as database
+
+## Introduction
+
+There are techniques for each component:
+
+* ntpd: configure an NTP service
+* openstack_repository: configure OpenStack repositories
+* rabbitmq: configure RabbitMQ
+* opnstack_mysql: configure MySQL/MariaDB
+* openstack_keystone: configure the *Identity* service
+* openstack_horizon: configure the *Dashboard* service
+* openstack_nova_compute: configure the *Compute* service on an hypervisor
+* openstack_nova_api: configure the *Compute* service on a controller
+* openstack_glance_api: configure the *Image* service on a controller
+* openstack_glance_registry: configure the *Image* service on an image node
+
+The techniques objective:
+* KISS: every component is configured separately from the others
+* Security: Rudder enforces a secured and hardened configuration
+* Compliance: the techniques focus on 
+
+## Installation
+
+A sample environment for testing and development is provided using Vagrant. Just use
+
+```
+vagrant up
+```
+
+to get the demo OpenStack deployment. The dashboard should then be accessible at http://localhost:8082/dashboard.
+
+It will deploy:
+* A controller with the *Identity* and *Image* service
+* Two *Compute* nodes as hypervisors

contrib/ncf-openstack-technique/Vagrantfile

@@ -0,0 +1,72 @@
+Vagrant.configure("2") do |config|
+
+	# Specify the base box
+	config.vm.box = "chef/centos-7.0"
+
+  # 10 : Configuration management
+  # 20 : OpenStack management
+  # 30 : OpenStack storage (not used)
+
+  config.vm.define "server" do |rudder|
+    rudder.vm.network "private_network", ip: "192.168.10.10"
+    rudder.vm.network :forwarded_port, guest: 443, host: 8081
+
+    rudder.vm.provider :virtualbox do |vb|
+      vb.customize ["modifyvm", :id, "--memory", 2048]
+    end
+
+    # Shell provisioning
+    rudder.vm.provision "shell" do |s|
+    	s.path = "scripts/deploy-rudder.sh"
+      s.args = "server server"
+    end
+  end
+
+  config.vm.define "controller" do |controller|
+    controller.vm.network "private_network", ip: "192.168.10.2"
+    controller.vm.network "private_network", ip: "192.168.20.2"
+    controller.vm.network :forwarded_port, guest: 80, host: 8082
+
+    controller.vm.provider :virtualbox do |vb|
+      vb.customize ["modifyvm", :id, "--memory", 2048]
+    end
+
+    # Shell provisioning
+    controller.vm.provision "shell" do |s|
+      s.path = "scripts/deploy-rudder.sh"
+      s.args = "agent controller"
+    end
+  end
+
+  config.vm.define "compute1" do |compute1|
+    compute1.vm.network "private_network", ip: "192.168.10.3"
+    compute1.vm.network "private_network", ip: "192.168.20.3"
+    compute1.vm.network "private_network", ip: "192.168.30.3"
+
+    compute1.vm.provider :virtualbox do |vb|
+      vb.customize ["modifyvm", :id, "--memory", 1024]
+    end
+
+    # Shell provisioning
+    compute1.vm.provision "shell" do |s|
+      s.path = "scripts/deploy-rudder.sh"
+      s.args = "agent compute1"
+    end
+  end
+
+  config.vm.define "compute2" do |compute2|
+    compute2.vm.network "private_network", ip: "192.168.10.4"
+    compute2.vm.network "private_network", ip: "192.168.20.4"
+    compute2.vm.network "private_network", ip: "192.168.30.4"
+
+    compute2.vm.provider :virtualbox do |vb|
+      vb.customize ["modifyvm", :id, "--memory", 1024]
+    end
+
+    # Shell provisioning
+    compute2.vm.provision "shell" do |s|
+      s.path = "scripts/deploy-rudder.sh"
+      s.args = "agent compute2"
+    end
+  end
+end

contrib/ncf-openstack-technique/configuration/compute1/ntpd.json

@@ -0,0 +1,5 @@
+{
+  "servers": [
+    {"address": "server", "options": "iburst"}
+  ]
+}

contrib/ncf-openstack-technique/configuration/compute1/openstack_nova_compute.json

@@ -0,0 +1,7 @@
+{
+  "management_ip": "192.168.20.3",
+  "rabbit": {
+    "user": "openstack_compute2",
+    "password": "rabbitmq_password"
+  }
+}

contrib/ncf-openstack-technique/configuration/compute1/openstack_repository.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/compute2/ntpd.json

@@ -0,0 +1,5 @@
+{
+  "servers": [
+    {"address": "server", "options": "iburst"}
+  ]
+}

contrib/ncf-openstack-technique/configuration/compute2/openstack_nova_compute.json

@@ -0,0 +1,7 @@
+{
+  "management_ip": "192.168.20.4",
+  "rabbit": {
+    "user": "openstack_compute1",
+    "password": "rabbitmq_password"
+  }
+}

contrib/ncf-openstack-technique/configuration/compute2/openstack_repository.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/controller/ntpd.json

@@ -0,0 +1,8 @@
+{
+  "restricts": [
+    {"address": "-4", "options": "default kod notrap nomodify"},
+    {"address": "-6", "options": "default kod notrap nomodify"},
+    {"address": "127.0.0.1", "options": ""},
+    {"address": "::1", "options": ""}
+  ]
+}

contrib/ncf-openstack-technique/configuration/controller/openstack_glance_api.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/controller/openstack_glance_registry.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/controller/openstack_horizon.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/controller/openstack_keystone.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/controller/openstack_mysql.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/controller/openstack_nova_api.json

@@ -0,0 +1,6 @@
+{
+  "rabbit": {
+    "user": "openstack_controller1",
+    "password": "rabbitmq_password"
+  }
+}

contrib/ncf-openstack-technique/configuration/controller/openstack_repository.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/configuration/controller/rabbitmq.json

@@ -0,0 +1,2 @@
+{
+}

contrib/ncf-openstack-technique/scripts/deploy-rudder.sh

@@ -0,0 +1,56 @@
+#!/bin/sh
+
+role=$1
+hostname=$2
+
+install_agent() {
+  yum install -y rudder-agent
+  echo 'server.rudder.local' > /var/rudder/cfengine-community/policy_server.dat
+  rudder agent run
+  mkdir -p /etc/rudder/openstack && sudo cp -r /vagrant/configuration/${hostname}/* /etc/rudder/openstack/
+}
+
+install_server() {
+  setenforce 0
+  yum install -y rudder-server-root
+  /opt/rudder/bin/rudder-init "no" "192.168.10.0/24"
+  cp -r /vagrant/tree/30_generic_methods/* /usr/share/ncf/tree/30_generic_methods/
+  cp -r /vagrant/tree/40_it_ops_knowledge/* /usr/share/ncf/tree/40_it_ops_knowledge/
+  cp -r /vagrant/tree/50_techniques /var/rudder/configuration-repository/ncf/
+  cd /var/rudder/configuration-repository/ncf/ && sudo chown -R ncf-api-venv:rudder . && sudo git add . && sudo git commit -m 'Add OpenStack techniques'
+  rudder agent update
+  rudder agent run
+}
+
+####
+
+chkconfig iptables off 2>/dev/null
+chkconfig firewalld off 2>/dev/null
+service iptables stop 2>/dev/null
+service firewalld stop 2>/dev/null
+
+echo "[Rudder_3.1]
+name=Rudder 3.1 EL repository
+baseurl=http://www.rudder-project.org/rpm-3.1/RHEL_7/
+gpgcheck=1
+gpgkey=http://www.rudder-project.org/rpm-3.1/RHEL_7/repodata/repomd.xml.key" > /etc/yum.repos.d/rudder.repo
+
+echo "127.0.0.1 localhost ${hostname} ${hostname}.rudder.local
+192.168.10.10 server.rudder.local
+192.168.10.2 controller.rudder.local
+192.168.10.3 compute1.rudder.local
+192.168.10.4 compute2.rudder.local
+192.168.20.2 controller
+192.168.20.3 compute1
+192.168.20.4 compute2" > /etc/hosts
+
+echo "${hostname}" > /etc/hostname
+
+echo "domain rudder.local
+search rudder.local
+nameserver 8.8.8.8" > /etc/resolv.conf
+
+case "$role" in
+  "agent" ) install_agent;;
+  "server") install_server;;
+esac

contrib/ncf-openstack-technique/tree/30_generic_methods/data_json.cf

@@ -0,0 +1,37 @@
+#####################################################################################
+# Copyright 2013 Normation SAS
+#####################################################################################
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, Version 3.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#####################################################################################
+
+# @name Store data into JSON string
+# @description Formats the given data container to a JSON string
+#
+# @parameter name  Name of the created variable
+# @parameter default_data Data
+#
+# @class_prefix data_json
+# @class_parameter name
+# This bundle will define a class data_son_${name}_{kept,repaired,not_ok,ok,reached}
+
+bundle agent data_json(name, data)
+{
+  vars:
+      "${name}" string => storejson("${data}");
+
+  reports:
+    debug::
+      "${configuration.debug} Storing '${name}'";
+}

contrib/ncf-openstack-technique/tree/30_generic_methods/data_load.cf

@@ -0,0 +1,47 @@
+#####################################################################################
+# Copyright 2013 Normation SAS
+#####################################################################################
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, Version 3.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#####################################################################################
+
+# @name Load standard data
+# @description Load default configuration and override with the given file
+#
+# @parameter prefix          Data prefix
+#
+# @class_prefix data_load
+# @class_parameter prefix
+# This bundle will define a class data_load_${prefix}_{kept,repaired,not_ok,ok,reached}
+
+bundle agent data_load(prefix)
+{
+  vars:
+      "class_prefix" string => canonify("data_load_${prefix}");
+
+  methods:
+    "method_call" usebundle => variable_string("${prefix}", "technique_path", "/var/rudder/ncf/local/50_techniques/${prefix}/");
+    "method_call" usebundle => data_read("${prefix}_defaults", "${variable_string.${prefix}_technique_path}/defaults.json");
+    "method_call" usebundle => data_read("${prefix}_user", "/etc/rudder/openstack/${prefix}.json");
+    "method_call" usebundle => data_merge("${prefix}", "data_read.${prefix}_defaults", "data_read.${prefix}_user");
+    "method_call" usebundle => data_json("${prefix}", "data_merge.${prefix}");
+
+    "report"
+        usebundle => _logger("Defining standard data for ${prefix}", "${class_prefix}"),
+        ifvarclass => "${class_prefix}_reached";
+
+  reports:
+    debug::
+      "${configuration.debug} Define standard data";
+}

contrib/ncf-openstack-technique/tree/30_generic_methods/data_merge.cf

@@ -0,0 +1,42 @@
+#####################################################################################
+# Copyright 2013 Normation SAS
+#####################################################################################
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, Version 3.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#####################################################################################
+
+# @name Merge data containers
+# @description Merges two data containers, the first is the default.
+#
+# @parameter name  Name of the created variable
+# @parameter default_data Default data
+# @parameter user_data User data
+#
+# @class_prefix data_merge
+# @class_parameter name
+# This bundle will define a class data_merge_${name}_{kept,repaired,not_ok,ok,reached}
+
+bundle agent data_merge(name, default_data, user_data)
+{
+  vars:
+      "${name}" data => mergedata("${default_data}", "${user_data}");
+    debug::
+      "debug_result" string  => storejson("${name}");
+      "debug_default" string => storejson("${default_data}");
+      "debug_config" string  => storejson("${user_data}");
+
+  reports:
+    debug::
+      "${configuration.debug} Merging '${debug_default}' and '${debug_config}' into ${name}:'${debug_result}'";
+}