Modify puppet repo to work with stackforge

Add stackforge manifest (can be pointed to in puppet.ini)
Remove gerrit_installed lib (doesn't work with puppet master)
Make jenkins_master module more generic
Have an SSH key for different jenkins_slave setups

Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
This commit is contained in:
Andrew Hutchings 2012-03-06 13:37:46 +00:00
parent 0993cd74ce
commit 00059f5b2f
8 changed files with 258 additions and 105 deletions

View File

@ -68,7 +68,9 @@ class openstack_server {
class openstack_jenkins_slave { class openstack_jenkins_slave {
include openstack_server include openstack_server
include jenkins_slave class { 'jenkins_slave':
ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson'
}
} }
# #
@ -181,13 +183,18 @@ node "gerrit-dev.openstack.org" {
node "jenkins.openstack.org" { node "jenkins.openstack.org" {
$iptables_public_tcp_ports = [80, 443, 4155] $iptables_public_tcp_ports = [80, 443, 4155]
include openstack_server include openstack_server
include jenkins_master class { 'jenkins_master':
site => 'jenkins.openstack.org',
serveradmin => 'webmaster@openstack.org'
}
} }
node "jenkins-dev.openstack.org" { node "jenkins-dev.openstack.org" {
$iptables_public_tcp_ports = [80, 443, 4155] $iptables_public_tcp_ports = [80, 443, 4155]
include openstack_server include openstack_server
include jenkins_master class { 'jenkins_master':
site => 'openstack'
}
} }
node "community.openstack.org" { node "community.openstack.org" {

110
manifests/stackforge.pp Normal file
View File

@ -0,0 +1,110 @@
import "doc_server" # TODO: refactor out of module
import "users"
#
# Abstract classes:
#
class openstack_base {
include openstack_project::users
include ssh
include snmpd
include exim
include sudoers
class { 'iptables':
public_tcp_ports => $iptables_public_tcp_ports,
}
file { '/etc/profile.d/Z98-byobu.sh':
ensure => 'absent'
}
package { "ntp":
ensure => installed
}
service { 'ntpd':
name => 'ntp',
ensure => running,
enable => true,
hasrestart => true,
require => Package['ntp'],
}
$packages = ["python-software-properties",
"puppet",
"bzr",
"git",
"python-setuptools",
"python-virtualenv",
"byobu"]
package { $packages: ensure => "latest" }
}
# A template host with no running services
class openstack_template {
include openstack_base
realize (
User::Virtual::Localuser["mordred"],
User::Virtual::Localuser["corvus"],
User::Virtual::Localuser["soren"],
User::Virtual::Localuser["linuxjedi"],
)
}
# A server that we expect to run for some time
class openstack_server {
include openstack_template
}
class openstack_jenkins_slave {
include openstack_server
class { 'jenkins_slave':
ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvlHx1TM9y6Y+oWJwPQP1jDejQYLA5MaTgD2oQOgQapSAWWU3f9/xcKKF4I5cC833xrSqFCqpstuWt5FdtO6qL5KMqGeVOwTCgcH0uGHciSF/zxBVpHp2n3rHLb0Fibyz/ys2kI+9J/hD0+GlVNQ/U8h9PZPMLFoJIZz5ep5WBszLM5z4vymBZ3GeytD8hk1BW0GLYi9vYWFrwoCTH6o6xRtdKajNE/9NcRGXjkY+SW7EGvqTAfLdsQ8q23MIO2ZX6YOpnmxAmR3OyNEOMo7Y/XCWjqTGWhQ669YaFxagS65f7EGCGwhhgQPtReDwkW88yTGhU3fZjS6Rc3BymTsnx jenkins@jenkins.stackforge.org'
}
}
#
# Default: should at least behave like an openstack server
#
node default {
include openstack_server
}
#
# Long lived servers:
#
node "puppet.stackforge.org" {
$iptables_public_tcp_ports = [8140]
include openstack_server
}
node "review.stackforge.org" {
$iptables_public_tcp_ports = [80, 443, 29418]
include openstack_server
class { 'gerrit':
canonicalweburl => "https://review.stackforge.org/",
email => "review@stackforge.org",
github_projects => [ {
name => 'stackforge/MRaaS',
close_pull => 'true'
} ]
}
}
node "jenkins.stackforge.org" {
$iptables_public_tcp_ports = [80, 443, 4155]
include openstack_server
class { 'jenkins_master':
serveradmin => 'webmaster@stackforge.org',
site => 'jenkins.stackforge.org'
}
}
#
# Jenkins slaves:
#
node /^build.*\.slave\.stackforge\.org$/ {
include openstack_jenkins_slave
}

View File

@ -1,5 +0,0 @@
Facter.add("gerrit_installed") do
setcode do
FileTest.directory?("/home/gerrit2/review_site/")
end
end

View File

@ -17,6 +17,21 @@ $commentlinks = [ { name => 'changeid',
] ]
) { ) {
user { "gerrit2":
ensure => present,
comment => "Gerrit",
home => "/home/gerrit2",
shell => "/bin/bash",
gid => "gerrit2",
system => true,
managehome => true,
require => Group["gerrit2"]
}
group { "gerrit2":
ensure => present
}
package { "gitweb": package { "gitweb":
ensure => latest ensure => latest
} }
@ -33,104 +48,129 @@ $commentlinks = [ { name => 'changeid',
require => Package[python-pip] require => Package[python-pip]
} }
if $gerrit_installed { cron { "gerritupdateci":
#notice('Gerrit is installed') user => gerrit2,
minute => "*/15",
command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
}
cron { "gerritupdateci": cron { "gerritsyncusers":
user => gerrit2, user => gerrit2,
minute => "*/15", minute => "*/15",
command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master' command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
} }
cron { "gerritsyncusers": cron { "gerritclosepull":
user => gerrit2, user => gerrit2,
minute => "*/15", minute => "*/5",
command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py' command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
} }
cron { "gerritclosepull": cron { "expireoldreviews":
user => gerrit2, user => gerrit2,
minute => "*/5", hour => 6,
command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py' minute => 3,
} command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
}
cron { "expireoldreviews": cron { "gerrit_repack":
user => gerrit2, user => gerrit2,
hour => 6, weekday => 0,
minute => 3, hour => 4,
command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py' minute => 7,
} command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
}
cron { "gerrit_repack": file { "/var/log/gerrit":
user => gerrit2, ensure => "directory",
weekday => 0, owner => 'gerrit2'
hour => 4, }
minute => 7,
command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
}
file { "/var/log/gerrit": # directory creation hacks until we can automate gerrit installation
ensure => "directory",
owner => 'gerrit2'
}
file { '/home/gerrit2/github.config': file { "/home/gerrit2/review_site":
owner => 'root', ensure => "directory",
group => 'root', owner => "gerrit2",
mode => 444, require => User["gerrit2"]
ensure => 'present', }
content => template('gerrit/github.config.erb'),
replace => 'true',
}
file { '/home/gerrit2/review_site/etc/replication.config': file { "/home/gerrit2/review_site/etc":
owner => 'root', ensure => "directory",
group => 'root', owner => "gerrit2",
mode => 444, require => File["/home/gerrit2/review_site"]
ensure => 'present', }
source => 'puppet:///modules/gerrit/replication.config',
replace => 'true',
}
file { '/home/gerrit2/review_site/etc/gerrit.config': file { "/home/gerrit2/review_site/hooks":
owner => 'root', ensure => "directory",
group => 'root', owner => "gerrit2",
mode => 444, require => File["/home/gerrit2/review_site"]
ensure => 'present', }
content => template('gerrit/gerrit.config.erb'),
replace => 'true',
}
file { '/home/gerrit2/review_site/hooks/change-merged': file { "/home/gerrit2/review_site/static":
owner => 'root', ensure => "directory",
group => 'root', owner => "gerrit2",
mode => 555, require => File["/home/gerrit2/review_site"]
ensure => 'present', }
source => 'puppet:///modules/gerrit/change-merged',
replace => 'true',
}
file { '/home/gerrit2/review_site/hooks/patchset-created': file { '/home/gerrit2/github.config':
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => 555, mode => 444,
ensure => 'present', ensure => 'present',
source => 'puppet:///modules/gerrit/patchset-created', content => template('gerrit/github.config.erb'),
replace => 'true', replace => 'true',
} require => User["gerrit2"]
}
file { '/home/gerrit2/review_site/static/echosign-cla.html': file { '/home/gerrit2/review_site/etc/replication.config':
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => 444, mode => 444,
ensure => 'present', ensure => 'present',
source => 'puppet:///modules/gerrit/echosign-cla.html', source => 'puppet:///modules/gerrit/replication.config',
replace => 'true', replace => 'true',
} require => File["/home/gerrit2/review_site/etc"]
}
} else { file { '/home/gerrit2/review_site/etc/gerrit.config':
notice('Gerrit is not installed') owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
content => template('gerrit/gerrit.config.erb'),
replace => 'true',
require => File["/home/gerrit2/review_site/etc"]
}
file { '/home/gerrit2/review_site/hooks/change-merged':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
source => 'puppet:///modules/gerrit/change-merged',
replace => 'true',
require => File["/home/gerrit2/review_site/hooks"]
}
file { '/home/gerrit2/review_site/hooks/patchset-created':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
source => 'puppet:///modules/gerrit/patchset-created',
replace => 'true',
require => File["/home/gerrit2/review_site/hooks"]
}
file { '/home/gerrit2/review_site/static/echosign-cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/gerrit/echosign-cla.html',
replace => 'true',
require => File["/home/gerrit2/review_site/static"]
} }
} }

View File

@ -1,4 +1,4 @@
class jenkins_master { class jenkins_master($site, $serveradmin) {
#This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key #This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
apt::key { "D50582E6": apt::key { "D50582E6":
@ -21,7 +21,7 @@ class jenkins_master {
group => 'root', group => 'root',
mode => 444, mode => 444,
ensure => 'present', ensure => 'present',
source => "puppet:///modules/jenkins_master/apache.conf", content => template("jenkins_master/apache.conf.erb"),
replace => 'true', replace => 'true',
require => Package['apache2'], require => Package['apache2'],
} }

View File

@ -1,5 +1,5 @@
<VirtualHost _default_:80> <VirtualHost _default_:80>
ServerAdmin webmaster@openstack.org ServerAdmin <%= serveradmin %>
ErrorLog ${APACHE_LOG_DIR}/jenkins-error.log ErrorLog ${APACHE_LOG_DIR}/jenkins-error.log
@ -9,12 +9,12 @@
CustomLog ${APACHE_LOG_DIR}/jenkins-access.log combined CustomLog ${APACHE_LOG_DIR}/jenkins-access.log combined
Redirect / https://jenkins.openstack.org/ Redirect / https://<%= site %>/
</VirtualHost> </VirtualHost>
<VirtualHost _default_:443> <VirtualHost _default_:443>
ServerAdmin webmaster@openstack.org ServerAdmin <%= serveradmin %>
ErrorLog ${APACHE_LOG_DIR}/jenkins-ssl-error.log ErrorLog ${APACHE_LOG_DIR}/jenkins-ssl-error.log
@ -28,8 +28,8 @@
# Enable/Disable SSL for this virtual host. # Enable/Disable SSL for this virtual host.
SSLEngine on SSLEngine on
SSLCertificateFile /etc/ssl/certs/jenkins.openstack.org.pem SSLCertificateFile /etc/ssl/certs/<%= site %>.pem
SSLCertificateKeyFile /etc/ssl/private/jenkins.openstack.org.key SSLCertificateKeyFile /etc/ssl/private/<%= site %>.key
SSLCertificateChainFile /etc/ssl/certs/intermediate.pem SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
BrowserMatch "MSIE [2-6]" \ BrowserMatch "MSIE [2-6]" \
@ -39,8 +39,8 @@
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on RewriteEngine on
RewriteCond %{HTTP_HOST} !jenkins.openstack.org RewriteCond %{HTTP_HOST} !<%= site %>
RewriteRule ^.*$ https://jenkins.openstack.org/ RewriteRule ^.*$ https://<%= site %>/
ProxyPass / http://127.0.0.1:8080/ retry=0 ProxyPass / http://127.0.0.1:8080/ retry=0
ProxyPassReverse / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/

View File

@ -1,7 +1,8 @@
class jenkins_slave { class jenkins_slave($ssh_key) {
jenkinsuser { "jenkins": jenkinsuser { "jenkins":
ensure => present, ensure => present,
ssh_key => "${ssh_key}"
} }
slavecirepo { "openstack-ci": slavecirepo { "openstack-ci":

View File

@ -1,4 +1,4 @@
define jenkinsuser($ensure = present) { define jenkinsuser($ensure = present, $ssh_key) {
group { 'jenkins': group { 'jenkins':
ensure => 'present' ensure => 'present'
@ -36,7 +36,7 @@ define jenkinsuser($ensure = present) {
owner => 'jenkins', owner => 'jenkins',
group => 'jenkins', group => 'jenkins',
mode => 640, mode => 640,
content => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson", content => "${ssh_key}",
ensure => 'present', ensure => 'present',
require => File['jenkinssshdir'], require => File['jenkinssshdir'],
} }