ReleaseEngineering/PuppetAgain/Modules/config: Difference between revisions

This module handles retrieving and access of the site specific config values.

Summary

We handle config variables via puppets extlookup() function, which reads data from keys in csv files in a directory we specify, and in the order we specify. Missing files are not errors, but missing keys (when not specified with a default here) are. We do not specify any defaults in the extlookup() function at all.

The csv files are stored in the modules/extlookup/ dir of our whole repo (source). Our search order is as follows, first->last.

1. local-config.csv

   optional, preferably symlinked to an in-repo site specific config file (e.g. seamonkey-config.csv)

2. default-config.csv

   stored directly in puppet, and should contain reasonable defaults.

3. moco-config.csv, seamonkey-config.csv

   User-specific configuration (more can be added). These are generally linked to by local-config.csv.

4. supplied-config.csv

   optional lower precedence than local-config.csv, this can be used for automated creation of config. Within mozilla we use this to inject configuration from the puppet instance that builds our puppetmasters (don't think about that too hard!)

5. secrets.csv

   Necessarily not stored in hg as this file contains secrets (e.g. password hashes). For simplicity we have a secrets.csv.in file in this directory that can be copied over and have the secrets added.

Manifests

Config

Usage

in manifests

class foo {
  include config
  if ($config::builder_username == "")
     fail("bad settings")
  }
}

in templates (note use of empty namespace designation)

Username is <%= scope.lookupvar('::config::builder_username') %>

Variables

puppet_notif_email

The e-mail address or list to send errors of the puppet daemon to. (Defaults to dustin@mozilla.com)

puppet_server

The hostname of the puppet master we should connect to. Qualified or unqualified hostnames are acceptable. (Defaults to puppet)

puppet_servers

A list of all puppet servers, so clients can try other servers if puppet_server is down (Defaults to a one-element list containing the value of puppet_server)

data_server

The hostname of the data server (Defaults to the repos)

data_servers

A list of all data servers (Defaults to a one-element list containing data_server)

builder_username

The username for the build and test slaves (Defaults to cltbld)

nrpe_allowed_hosts

A comma-separated list of IPs from which NRPE should accept check requests (added in bug 733545)

relay_domains

The fqdn where your smarthost will send mail (added in bug 733536)

ganglia_config_class

The puppet class to use to configure ganglia, e.g., ganglia::config-moco

crl_sync_url

The URL of CRL PEM file distributed by the CA server used by puppet masters to invalidate revoked certificates.

puppet_again_repo

The repository from which the PuppetAgain source should be fetched by puppet masters

global_authorized_keys

Names for SSH keys (see the ssh module) that will be accepted for root and (where applicable) builder on all hosts. All names listed here must have corresponding keys in modules/ssh/manifests/keys.pp.

puppet_server_reports

The 'reports' parameter that should be configured on puppet masters

puppet_server_reporturl

The 'reporturl' parameter that should be configured on puppet masters

buildbot_configs_hg_repo

mercurial repository for buildbot-configs it should point to: http://hg.mozilla.org/build/buildbot-configs (used in buildmaster)

buildbot_configs_branch

buildbot-configs branch to be checked out (used in buildmaster)

buildbot_mail_to

email address for buildbotmaster notifications (used in buildmaster)

buildbot_tools_hg_repo

mercurial repository for buildbot-configs http://hg.mozilla.org/build/tools (used in buildmaster)

master_json

URL for masters.json (not confusion about plurality) (used in buildmaster)

Config::Secrets

The Secrets module handles all the secret config options, for clarity. It is imported directly by the config module, for simplicity throughout.

Usage

in manifests

class foo {
  include ::config
  if ($::config::secrets::builder_password == "")
     fail("missing password")
  }
}

in strings (note use of empty namespace designation)

Hash is ${::config::secrets::builder_password}

Variables

root_pw_hash

linux md5 password hash for the root password (No Default) (where to find)

root_pw_pbkdf2

Mac OS X 10.8 entropy for the root password (No Default) (where to find)

root_pw_pbkdf2_salt

Mac OS X 10.8 salt for the root password (No Default) (where to find)

root_pw_pbkdf2_iterations

Mac OS X 10.8 iterations for the root password (No Default) (where to find)

root_pw_saltedsha512

Mac OS X 10.7 password hash(No Default) (where to find)

builder_pw_hash

linux md5 password hash for the builder user's password (No Default) (where to find)

builder_pw_pbkdf2

Mac OS X 10.8 entropy for the builder user's password (No Default) (where to find)

builder_pw_pbkdf2_salt

Mac OS X 10.8 salt for the builder user's password (No Default) (where to find)

builder_pw_pbkdf2_iterations

Mac OS X 10.8 iterations for the builder user's password (No Default) (where to find)

builder_pw_saltedsha512

Mac OS X 10.7 password hash for the builder user(No Default) (where to find)

builder_pw_kcpassword_base64

kcpassword-obfuscated cleartext of the builder user's password, for autologin on Darwin (No Default) (where to find)

builder_pw_vnc_base64

base64-encoded version of the password that should appear in ~/.vnc/passwd on Linux

mozpool_inventory_url

base URL for the Mozilla inventory

mozpool_inventory_username

LDAP username for the Mozilla inventory

mozpool_inventory_password

LDAP password for the Mozilla inventory

mozpool_db_hostname

DB hostname for the Mozilla inventory

mozpool_db_database

DB name for the Mozilla inventory

mozpool_db_username

DB username for the Mozilla inventory

mozpool_db_password

DB password for the Mozilla inventory

mozpool_staging_db_hostname

Staging DB hostname for the Mozilla inventory (used if $mozpool_staging is true)

mozpool_staging_db_database

Staging DB name for the Mozilla inventory (used if $mozpool_staging is true)

mozpool_staging_db_username

Staging DB username for the Mozilla inventory (used if $mozpool_staging is true)

mozpool_staging_db_password

Staging DB password for the Mozilla inventory (used if $mozpool_staging is true)

balrog_password

Balrog password (used in buildmaster)

balrog_username

Balrog username (used in buildmaster)

buildbot_schedulerdb_database

Scheduler database (used in buildmaster)

buildbot_schedulerdb_hostname

Scheduler database hostname (used in buildmaster)

buildbot_schedulerdb_password

Scheduler database password(used in buildmaster)

buildbot_schedulerdb_username

Scheduler database username (used in buildmaster)

buildbot_statusdb_database

Statusdb database (used in buildmaster)

buildbot_statusdb_hostname

Statusdb database hostname (used in buildmaster)

buildbot_statusdb_password

Statusdb database password (used in buildmaster)

buildbot_statusdb_username

Statusdb database username (used in buildmaster)

jetperf_oauth_key

jetperf oauth key (used in buildmaster)

jetperf_oauth_secret

jetperf oauth secret (used in buildmaster)

linux_tests_password

Buildbot slave password for linux test hosts (used in buildmaster)

mac_tests_password

Buildbot slave password for mac test hosts (used in buildmaster)

prod_bulid_password

Buildbot slave password for production build hosts (used in buildmaster)

pulse_exchange

pulse exchange (used in buildmaster)

pulse_password

pulse password (used in buildmaster)

pulse_username

pulse username (used in buildmaster)

signing_server_dep_password

signing_server_nightly_password

signing_server_release_password

signing_server_username

credentials for signing servers (used in buildmaster)

talos_oauth_key

talos oauth key (used in buildmaster)

talos_oauth_secret

talos oauth secret (used in buildmaster)

try_build_password

Buildbot slave password for try build hosts (used in buildmaster)

tuxedo_password

tuxedo_username

tuxedo credentials (used in buildmaster)