Open Stack

On Sun, Mar 25, 2018, at 11:54 PM, Bernd Bausch wrote:
> At least two places in the Infra documentation talk about setting up an
> infrastructure at home:
> -
> https://docs.openstack.org/infra/system-config/sysadmin.html#making-a-change
> -in-puppet
> - https://docs.openstack.org/infra/system-config/running-your-own.html and
> https://docs.openstack.org/infra/system-config/puppet.html. Yes, it's
> clearly marked as partially outdated.
> 
> I am trying to do that, with the purpose of learning and (perhaps, one
> day...) later contributing to the project. My setup attempts fail in both
> cases - the reason being that no hiera is set up.
> 
> For example, the first documentation page asks me to 
> - clone system-config
> - set up a local.pp, for example for an Etherpad server
> - run install_puppet.sh and install_modules.sh
> - apply the local.pp
> 
> I get:
> > 2018-03-26 15:34:45 +0900 Puppet (err): Could not find data item
> etherpad_ssl_cert_file_contents in any Hiera data file and no default
> supplied at /opt/system-config/local.pp:3 on node puppetmaster.home.

Can you share the contents of your local.pp?

Generally though hiera is used for anything that will be secret or very site specific. So in this case the expectation is that you will set up a hiera file with the info specific for your deployment (because you shouldn't have the ssl cert private data for our deployment and we shouldn't have yours).

This is likely a missing set of info for our docs. We should add something with general hiera setup to get people going.

With that out of the way, this specific case will actually avoid writing the file if you set the contents to be empty string, ''. In that case you can just set ssl_cert_file and ssl_key_file to use the system installed self signed snakeoil certificate. An example of doing this can be found in the config for our dev instance, https://git.openstack.org/cgit/openstack-infra/system-config/tree/modules/openstack_project/manifests/etherpad_dev.pp#n12

> 
> The second set of instructions also fails because of the absence of a hiera.
> I find no file on the system where etherpad_ssl_cert_file_contents is
> defined.
> 
> So my questions are:
> - am I supposed to create the hiera myself? If so, is there any help what
> should go inside, and where is its normal location?
> - or is one of the two install_* scripts supposed to do that but fails for
> some reason? None of them contains the string "hiera".
> - or is there something else I don't get?

Yes, you'll need to supply it yourself, or remove hiera entirely and supply the values as linked above, essentially just bake the variable values into your local.pp rather than doing a hiera lookup. Unfortunately I don't remember off the top of my head how to set up a hiera so I will have to dig into docs (or maybe someone else can chime in with that info).

> 
> My confusion may be caused by the fact that I started learning Puppet a few
> days ago. Also, the Puppet version I have learned so far turns out to have a
> different hiera syntax than the one used in openstack-infra.

Yes, it is worth noting that we are still running old currently distro supported puppet versions (puppet 3 in particular). Most of our manifests should work as is though with newer puppet though and I don't think this particular issue is puppet version related.

Hope this helps,
Clark