Modify puppet repo to work with stackforge
Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
This commit is contained in:
parent
0993cd74ce
commit
00059f5b2f
@ -68,7 +68,9 @@ class openstack_server {
|
||||
|
||||
class openstack_jenkins_slave {
|
||||
include openstack_server
|
||||
include jenkins_slave
|
||||
class { 'jenkins_slave':
|
||||
ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson'
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
@ -181,13 +183,18 @@ node "gerrit-dev.openstack.org" {
|
||||
node "jenkins.openstack.org" {
|
||||
$iptables_public_tcp_ports = [80, 443, 4155]
|
||||
include openstack_server
|
||||
include jenkins_master
|
||||
class { 'jenkins_master':
|
||||
site => 'jenkins.openstack.org',
|
||||
serveradmin => 'webmaster@openstack.org'
|
||||
}
|
||||
}
|
||||
|
||||
node "jenkins-dev.openstack.org" {
|
||||
$iptables_public_tcp_ports = [80, 443, 4155]
|
||||
include openstack_server
|
||||
include jenkins_master
|
||||
class { 'jenkins_master':
|
||||
site => 'openstack'
|
||||
}
|
||||
}
|
||||
|
||||
node "community.openstack.org" {
|
||||
|
110
manifests/stackforge.pp
Normal file
110
manifests/stackforge.pp
Normal file
@ -0,0 +1,110 @@
|
||||
import "doc_server" # TODO: refactor out of module
|
||||
import "users"
|
||||
#
|
||||
# Abstract classes:
|
||||
#
|
||||
class openstack_base {
|
||||
include openstack_project::users
|
||||
include ssh
|
||||
include snmpd
|
||||
include exim
|
||||
include sudoers
|
||||
|
||||
class { 'iptables':
|
||||
public_tcp_ports => $iptables_public_tcp_ports,
|
||||
}
|
||||
|
||||
file { '/etc/profile.d/Z98-byobu.sh':
|
||||
ensure => 'absent'
|
||||
}
|
||||
|
||||
package { "ntp":
|
||||
ensure => installed
|
||||
}
|
||||
|
||||
service { 'ntpd':
|
||||
name => 'ntp',
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasrestart => true,
|
||||
require => Package['ntp'],
|
||||
}
|
||||
|
||||
$packages = ["python-software-properties",
|
||||
"puppet",
|
||||
"bzr",
|
||||
"git",
|
||||
"python-setuptools",
|
||||
"python-virtualenv",
|
||||
"byobu"]
|
||||
package { $packages: ensure => "latest" }
|
||||
}
|
||||
|
||||
# A template host with no running services
|
||||
class openstack_template {
|
||||
include openstack_base
|
||||
realize (
|
||||
User::Virtual::Localuser["mordred"],
|
||||
User::Virtual::Localuser["corvus"],
|
||||
User::Virtual::Localuser["soren"],
|
||||
User::Virtual::Localuser["linuxjedi"],
|
||||
)
|
||||
}
|
||||
|
||||
# A server that we expect to run for some time
|
||||
class openstack_server {
|
||||
include openstack_template
|
||||
}
|
||||
|
||||
class openstack_jenkins_slave {
|
||||
include openstack_server
|
||||
class { 'jenkins_slave':
|
||||
ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvlHx1TM9y6Y+oWJwPQP1jDejQYLA5MaTgD2oQOgQapSAWWU3f9/xcKKF4I5cC833xrSqFCqpstuWt5FdtO6qL5KMqGeVOwTCgcH0uGHciSF/zxBVpHp2n3rHLb0Fibyz/ys2kI+9J/hD0+GlVNQ/U8h9PZPMLFoJIZz5ep5WBszLM5z4vymBZ3GeytD8hk1BW0GLYi9vYWFrwoCTH6o6xRtdKajNE/9NcRGXjkY+SW7EGvqTAfLdsQ8q23MIO2ZX6YOpnmxAmR3OyNEOMo7Y/XCWjqTGWhQ669YaFxagS65f7EGCGwhhgQPtReDwkW88yTGhU3fZjS6Rc3BymTsnx jenkins@jenkins.stackforge.org'
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Default: should at least behave like an openstack server
|
||||
#
|
||||
|
||||
node default {
|
||||
include openstack_server
|
||||
}
|
||||
|
||||
#
|
||||
# Long lived servers:
|
||||
#
|
||||
node "puppet.stackforge.org" {
|
||||
$iptables_public_tcp_ports = [8140]
|
||||
include openstack_server
|
||||
}
|
||||
|
||||
node "review.stackforge.org" {
|
||||
$iptables_public_tcp_ports = [80, 443, 29418]
|
||||
include openstack_server
|
||||
class { 'gerrit':
|
||||
canonicalweburl => "https://review.stackforge.org/",
|
||||
email => "review@stackforge.org",
|
||||
github_projects => [ {
|
||||
name => 'stackforge/MRaaS',
|
||||
close_pull => 'true'
|
||||
} ]
|
||||
}
|
||||
}
|
||||
|
||||
node "jenkins.stackforge.org" {
|
||||
$iptables_public_tcp_ports = [80, 443, 4155]
|
||||
include openstack_server
|
||||
class { 'jenkins_master':
|
||||
serveradmin => 'webmaster@stackforge.org',
|
||||
site => 'jenkins.stackforge.org'
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Jenkins slaves:
|
||||
#
|
||||
node /^build.*\.slave\.stackforge\.org$/ {
|
||||
include openstack_jenkins_slave
|
||||
}
|
||||
|
@ -1,5 +0,0 @@
|
||||
Facter.add("gerrit_installed") do
|
||||
setcode do
|
||||
FileTest.directory?("/home/gerrit2/review_site/")
|
||||
end
|
||||
end
|
@ -17,6 +17,21 @@ $commentlinks = [ { name => 'changeid',
|
||||
]
|
||||
) {
|
||||
|
||||
user { "gerrit2":
|
||||
ensure => present,
|
||||
comment => "Gerrit",
|
||||
home => "/home/gerrit2",
|
||||
shell => "/bin/bash",
|
||||
gid => "gerrit2",
|
||||
system => true,
|
||||
managehome => true,
|
||||
require => Group["gerrit2"]
|
||||
}
|
||||
|
||||
group { "gerrit2":
|
||||
ensure => present
|
||||
}
|
||||
|
||||
package { "gitweb":
|
||||
ensure => latest
|
||||
}
|
||||
@ -33,104 +48,129 @@ $commentlinks = [ { name => 'changeid',
|
||||
require => Package[python-pip]
|
||||
}
|
||||
|
||||
if $gerrit_installed {
|
||||
#notice('Gerrit is installed')
|
||||
cron { "gerritupdateci":
|
||||
user => gerrit2,
|
||||
minute => "*/15",
|
||||
command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
|
||||
}
|
||||
|
||||
cron { "gerritupdateci":
|
||||
user => gerrit2,
|
||||
minute => "*/15",
|
||||
command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
|
||||
}
|
||||
cron { "gerritsyncusers":
|
||||
user => gerrit2,
|
||||
minute => "*/15",
|
||||
command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
|
||||
}
|
||||
|
||||
cron { "gerritsyncusers":
|
||||
user => gerrit2,
|
||||
minute => "*/15",
|
||||
command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
|
||||
}
|
||||
cron { "gerritclosepull":
|
||||
user => gerrit2,
|
||||
minute => "*/5",
|
||||
command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
|
||||
}
|
||||
|
||||
cron { "gerritclosepull":
|
||||
user => gerrit2,
|
||||
minute => "*/5",
|
||||
command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
|
||||
}
|
||||
cron { "expireoldreviews":
|
||||
user => gerrit2,
|
||||
hour => 6,
|
||||
minute => 3,
|
||||
command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
|
||||
}
|
||||
|
||||
cron { "expireoldreviews":
|
||||
user => gerrit2,
|
||||
hour => 6,
|
||||
minute => 3,
|
||||
command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
|
||||
}
|
||||
cron { "gerrit_repack":
|
||||
user => gerrit2,
|
||||
weekday => 0,
|
||||
hour => 4,
|
||||
minute => 7,
|
||||
command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
|
||||
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
|
||||
}
|
||||
|
||||
cron { "gerrit_repack":
|
||||
user => gerrit2,
|
||||
weekday => 0,
|
||||
hour => 4,
|
||||
minute => 7,
|
||||
command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
|
||||
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
|
||||
}
|
||||
file { "/var/log/gerrit":
|
||||
ensure => "directory",
|
||||
owner => 'gerrit2'
|
||||
}
|
||||
|
||||
file { "/var/log/gerrit":
|
||||
ensure => "directory",
|
||||
owner => 'gerrit2'
|
||||
}
|
||||
# directory creation hacks until we can automate gerrit installation
|
||||
|
||||
file { '/home/gerrit2/github.config':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
content => template('gerrit/github.config.erb'),
|
||||
replace => 'true',
|
||||
}
|
||||
file { "/home/gerrit2/review_site":
|
||||
ensure => "directory",
|
||||
owner => "gerrit2",
|
||||
require => User["gerrit2"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/etc/replication.config':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/replication.config',
|
||||
replace => 'true',
|
||||
}
|
||||
file { "/home/gerrit2/review_site/etc":
|
||||
ensure => "directory",
|
||||
owner => "gerrit2",
|
||||
require => File["/home/gerrit2/review_site"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/etc/gerrit.config':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
content => template('gerrit/gerrit.config.erb'),
|
||||
replace => 'true',
|
||||
}
|
||||
file { "/home/gerrit2/review_site/hooks":
|
||||
ensure => "directory",
|
||||
owner => "gerrit2",
|
||||
require => File["/home/gerrit2/review_site"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/hooks/change-merged':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 555,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/change-merged',
|
||||
replace => 'true',
|
||||
}
|
||||
file { "/home/gerrit2/review_site/static":
|
||||
ensure => "directory",
|
||||
owner => "gerrit2",
|
||||
require => File["/home/gerrit2/review_site"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/hooks/patchset-created':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 555,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/patchset-created',
|
||||
replace => 'true',
|
||||
}
|
||||
file { '/home/gerrit2/github.config':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
content => template('gerrit/github.config.erb'),
|
||||
replace => 'true',
|
||||
require => User["gerrit2"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/static/echosign-cla.html':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/echosign-cla.html',
|
||||
replace => 'true',
|
||||
}
|
||||
file { '/home/gerrit2/review_site/etc/replication.config':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/replication.config',
|
||||
replace => 'true',
|
||||
require => File["/home/gerrit2/review_site/etc"]
|
||||
}
|
||||
|
||||
} else {
|
||||
notice('Gerrit is not installed')
|
||||
file { '/home/gerrit2/review_site/etc/gerrit.config':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
content => template('gerrit/gerrit.config.erb'),
|
||||
replace => 'true',
|
||||
require => File["/home/gerrit2/review_site/etc"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/hooks/change-merged':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 555,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/change-merged',
|
||||
replace => 'true',
|
||||
require => File["/home/gerrit2/review_site/hooks"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/hooks/patchset-created':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 555,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/patchset-created',
|
||||
replace => 'true',
|
||||
require => File["/home/gerrit2/review_site/hooks"]
|
||||
}
|
||||
|
||||
file { '/home/gerrit2/review_site/static/echosign-cla.html':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/gerrit/echosign-cla.html',
|
||||
replace => 'true',
|
||||
require => File["/home/gerrit2/review_site/static"]
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,4 +1,4 @@
|
||||
class jenkins_master {
|
||||
class jenkins_master($site, $serveradmin) {
|
||||
|
||||
#This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
|
||||
apt::key { "D50582E6":
|
||||
@ -21,7 +21,7 @@ class jenkins_master {
|
||||
group => 'root',
|
||||
mode => 444,
|
||||
ensure => 'present',
|
||||
source => "puppet:///modules/jenkins_master/apache.conf",
|
||||
content => template("jenkins_master/apache.conf.erb"),
|
||||
replace => 'true',
|
||||
require => Package['apache2'],
|
||||
}
|
||||
|
@ -1,5 +1,5 @@
|
||||
<VirtualHost _default_:80>
|
||||
ServerAdmin webmaster@openstack.org
|
||||
ServerAdmin <%= serveradmin %>
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/jenkins-error.log
|
||||
|
||||
@ -9,12 +9,12 @@
|
||||
|
||||
CustomLog ${APACHE_LOG_DIR}/jenkins-access.log combined
|
||||
|
||||
Redirect / https://jenkins.openstack.org/
|
||||
Redirect / https://<%= site %>/
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
ServerAdmin webmaster@openstack.org
|
||||
ServerAdmin <%= serveradmin %>
|
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/jenkins-ssl-error.log
|
||||
|
||||
@ -28,8 +28,8 @@
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
SSLCertificateFile /etc/ssl/certs/jenkins.openstack.org.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/jenkins.openstack.org.key
|
||||
SSLCertificateFile /etc/ssl/certs/<%= site %>.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/<%= site %>.key
|
||||
SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
|
||||
|
||||
BrowserMatch "MSIE [2-6]" \
|
||||
@ -39,8 +39,8 @@
|
||||
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||
|
||||
RewriteEngine on
|
||||
RewriteCond %{HTTP_HOST} !jenkins.openstack.org
|
||||
RewriteRule ^.*$ https://jenkins.openstack.org/
|
||||
RewriteCond %{HTTP_HOST} !<%= site %>
|
||||
RewriteRule ^.*$ https://<%= site %>/
|
||||
|
||||
ProxyPass / http://127.0.0.1:8080/ retry=0
|
||||
ProxyPassReverse / http://127.0.0.1:8080/
|
@ -1,7 +1,8 @@
|
||||
class jenkins_slave {
|
||||
class jenkins_slave($ssh_key) {
|
||||
|
||||
jenkinsuser { "jenkins":
|
||||
ensure => present,
|
||||
ssh_key => "${ssh_key}"
|
||||
}
|
||||
|
||||
slavecirepo { "openstack-ci":
|
||||
|
@ -1,4 +1,4 @@
|
||||
define jenkinsuser($ensure = present) {
|
||||
define jenkinsuser($ensure = present, $ssh_key) {
|
||||
|
||||
group { 'jenkins':
|
||||
ensure => 'present'
|
||||
@ -36,7 +36,7 @@ define jenkinsuser($ensure = present) {
|
||||
owner => 'jenkins',
|
||||
group => 'jenkins',
|
||||
mode => 640,
|
||||
content => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson",
|
||||
content => "${ssh_key}",
|
||||
ensure => 'present',
|
||||
require => File['jenkinssshdir'],
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user