From 4f25a69a89c5cf1bc55f5c1f20f8489cc97add47 Mon Sep 17 00:00:00 2001 From: Jonathan Harker Date: Fri, 16 May 2014 11:46:59 -0400 Subject: [PATCH] Run the puppet apply test (requires sudo) The test.sh script is not currently being run in any jobs, this change removes the redundant validation code that's also in the puppet-syntax job and creates a puppet-apply-test job that runs the test.sh script. Running `puppet apply --noop` requires sudo, otherwise it will give errors about refusing to run commands as other users. Change-Id: Ie6b278d98390a8a5dd8bb24899c8c4083f5755c9 --- manifests/site.pp | 398 +++++++++--------- .../jenkins_job_builder/config/macros.yaml | 5 + .../jenkins_job_builder/config/projects.yaml | 1 + .../config/puppet-module-jobs.yaml | 11 + .../openstack_project/files/zuul/layout.yaml | 4 + test.sh | 15 +- 6 files changed, 227 insertions(+), 207 deletions(-) diff --git a/manifests/site.pp b/manifests/site.pp index c73e45214e..b446c4b4dd 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -4,7 +4,7 @@ node default { include openstack_project::puppet_cron class { 'openstack_project::server': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admins']), } } @@ -13,70 +13,70 @@ node default { # node 'review.openstack.org' { class { 'openstack_project::review': - github_oauth_token => hiera('gerrit_github_token'), - github_project_username => hiera('github_project_username'), - github_project_password => hiera('github_project_password'), - mysql_host => hiera('gerrit_mysql_host'), - mysql_password => hiera('gerrit_mysql_password'), - email_private_key => hiera('gerrit_email_private_key'), - gerritbot_password => hiera('gerrit_gerritbot_password'), - gerritbot_ssh_rsa_key_contents => hiera('gerritbot_ssh_rsa_key_contents'), - gerritbot_ssh_rsa_pubkey_contents => hiera('gerritbot_ssh_rsa_pubkey_contents'), - ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'), - ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'), - ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'), - ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'), - ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'), - ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents'), - ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents'), - ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key'), - ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key'), - ssh_replication_rsa_key_contents => hiera('gerrit_replication_ssh_rsa_key_contents'), - ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'), - lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'), - lp_sync_token => hiera('gerrit_lp_access_token'), - lp_sync_secret => hiera('gerrit_lp_access_secret'), - contactstore_appsec => hiera('gerrit_contactstore_appsec'), - contactstore_pubkey => hiera('gerrit_contactstore_pubkey'), - sysadmins => hiera('sysadmins'), - swift_username => hiera('swift_store_user'), - swift_password => hiera('swift_store_key'), + github_oauth_token => hiera('gerrit_github_token', 'XXX'), + github_project_username => hiera('github_project_username', 'username'), + github_project_password => hiera('github_project_password', 'XXX'), + mysql_host => hiera('gerrit_mysql_host', 'localhost'), + mysql_password => hiera('gerrit_mysql_password', 'XXX'), + email_private_key => hiera('gerrit_email_private_key', 'XXX'), + gerritbot_password => hiera('gerrit_gerritbot_password', 'XXX'), + gerritbot_ssh_rsa_key_contents => hiera('gerritbot_ssh_rsa_key_contents', 'XXX'), + gerritbot_ssh_rsa_pubkey_contents => hiera('gerritbot_ssh_rsa_pubkey_contents', 'XXX'), + ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents', 'XXX'), + ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents', 'XXX'), + ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents', 'XXX'), + ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents', 'XXX'), + ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents', 'XXX'), + ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents', 'XXX'), + ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), + ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents', 'XXX'), + ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents', 'XXX'), + ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key', 'XXX'), + ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key', 'XXX'), + ssh_replication_rsa_key_contents => hiera('gerrit_replication_ssh_rsa_key_contents', 'XXX'), + ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents', 'XXX'), + lp_sync_consumer_key => hiera('gerrit_lp_consumer_key', 'XXX'), + lp_sync_token => hiera('gerrit_lp_access_token', 'XXX'), + lp_sync_secret => hiera('gerrit_lp_access_secret', 'XXX'), + contactstore_appsec => hiera('gerrit_contactstore_appsec', 'XXX'), + contactstore_pubkey => hiera('gerrit_contactstore_pubkey', 'XXX'), + sysadmins => hiera('sysadmins', ['admins']), + swift_username => hiera('swift_store_user', 'username'), + swift_password => hiera('swift_store_key', 'XXX'), } } node 'review-dev.openstack.org' { class { 'openstack_project::review_dev': - github_oauth_token => hiera('gerrit_dev_github_token'), - github_project_username => hiera('github_dev_project_username'), - github_project_password => hiera('github_dev_project_password'), - mysql_host => hiera('gerrit_dev_mysql_host'), - mysql_password => hiera('gerrit_dev_mysql_password'), - email_private_key => hiera('gerrit_dev_email_private_key'), - contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'), - contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'), - ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'), - ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'), - ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'), - ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'), - ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents'), - ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents'), - lp_sync_consumer_key => hiera('gerrit_dev_lp_consumer_key'), - lp_sync_token => hiera('gerrit_dev_lp_access_token'), - lp_sync_secret => hiera('gerrit_dev_lp_access_secret'), - sysadmins => hiera('sysadmins'), + github_oauth_token => hiera('gerrit_dev_github_token', 'XXX'), + github_project_username => hiera('github_dev_project_username', 'username'), + github_project_password => hiera('github_dev_project_password', 'XXX'), + mysql_host => hiera('gerrit_dev_mysql_host', 'localhost'), + mysql_password => hiera('gerrit_dev_mysql_password', 'XXX'), + email_private_key => hiera('gerrit_dev_email_private_key', 'XXX'), + contactstore_appsec => hiera('gerrit_dev_contactstore_appsec', 'XXX'), + contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey', 'XXX'), + ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents', 'XXX'), + ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents', 'XXX'), + ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents', 'XXX'), + ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents', 'XXX'), + ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents', 'XXX'), + ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents', 'XXX'), + lp_sync_consumer_key => hiera('gerrit_dev_lp_consumer_key', 'XXX'), + lp_sync_token => hiera('gerrit_dev_lp_access_token', 'XXX'), + lp_sync_secret => hiera('gerrit_dev_lp_access_secret', 'XXX'), + sysadmins => hiera('sysadmins', ['admins']), } } node 'jenkins.openstack.org' { class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'), - sysadmins => hiera('sysadmins'), + jenkins_jobs_password => hiera('jenkins_jobs_password', 'XXX'), + jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'), + ssl_cert_file_contents => hiera('jenkins_ssl_cert_file_contents', 'XXX'), + ssl_key_file_contents => hiera('jenkins_ssl_key_file_contents', 'XXX'), + ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents', 'XXX'), + sysadmins => hiera('sysadmins', ['admins']), zmq_event_receivers => ['logstash.openstack.org', 'nodepool.openstack.org', ], @@ -85,12 +85,12 @@ node 'jenkins.openstack.org' { node /^jenkins\d+\.openstack\.org$/ { class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), + jenkins_jobs_password => hiera('jenkins_jobs_password', 'XXX'), + jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'), ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', ssl_chain_file => '', - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admins']), zmq_event_receivers => ['logstash.openstack.org', 'nodepool.openstack.org', ], @@ -99,36 +99,36 @@ node /^jenkins\d+\.openstack\.org$/ { node 'jenkins-dev.openstack.org' { class { 'openstack_project::jenkins_dev': - jenkins_ssh_private_key => hiera('jenkins_dev_ssh_private_key_contents'), - sysadmins => hiera('sysadmins'), - mysql_password => hiera('nodepool_dev_mysql_password'), - mysql_root_password => hiera('nodepool_dev_mysql_root_password'), - nodepool_ssh_private_key => hiera('jenkins_dev_ssh_private_key_contents'), - jenkins_api_user => hiera('jenkins_dev_api_user'), - jenkins_api_key => hiera('jenkins_dev_api_key'), - jenkins_credentials_id => hiera('jenkins_dev_credentials_id'), - hpcloud_username => hiera('nodepool_hpcloud_username'), - hpcloud_password => hiera('nodepool_hpcloud_password'), - hpcloud_project => hiera('nodepool_hpcloud_project'), + jenkins_ssh_private_key => hiera('jenkins_dev_ssh_private_key_contents', 'XXX'), + sysadmins => hiera('sysadmins', ['admins']), + mysql_password => hiera('nodepool_dev_mysql_password', 'XXX'), + mysql_root_password => hiera('nodepool_dev_mysql_root_password', 'XXX'), + nodepool_ssh_private_key => hiera('jenkins_dev_ssh_private_key_contents', 'XXX'), + jenkins_api_user => hiera('jenkins_dev_api_user', 'username'), + jenkins_api_key => hiera('jenkins_dev_api_key', 'XXX'), + jenkins_credentials_id => hiera('jenkins_dev_credentials_id', 'XXX'), + hpcloud_username => hiera('nodepool_hpcloud_username', 'username'), + hpcloud_password => hiera('nodepool_hpcloud_password', 'XXX'), + hpcloud_project => hiera('nodepool_hpcloud_project', 'XXX'), } } node 'cacti.openstack.org' { include openstack_project::ssl_cert_check class { 'openstack_project::cacti': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'community.openstack.org' { class { 'openstack_project::community': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'ci-puppetmaster.openstack.org' { class { 'openstack_project::puppetmaster': - root_rsa_key => hiera('puppetmaster_root_rsa_key'), + root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'), override_list => [ 'git01.openstack.org', 'git02.openstack.org', @@ -137,22 +137,22 @@ node 'ci-puppetmaster.openstack.org' { 'git05.openstack.org', 'review.openstack.org', ], - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'puppetdb.openstack.org' { class { 'openstack_project::puppetdb': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'graphite.openstack.org' { class { 'openstack_project::graphite': - sysadmins => hiera('sysadmins'), - graphite_admin_user => hiera('graphite_admin_user'), - graphite_admin_email => hiera('graphite_admin_email'), - graphite_admin_password => hiera('graphite_admin_password'), + sysadmins => hiera('sysadmins', ['admin']), + graphite_admin_user => hiera('graphite_admin_user', 'username'), + graphite_admin_email => hiera('graphite_admin_email', 'email@example.com'), + graphite_admin_password => hiera('graphite_admin_password', 'XXX'), statsd_hosts => ['logstash.openstack.org', 'nodepool.openstack.org', 'zuul.openstack.org'], @@ -161,86 +161,86 @@ node 'graphite.openstack.org' { node 'groups.openstack.org' { class { 'openstack_project::groups': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'groups-dev.openstack.org' { class { 'openstack_project::groups_dev': - sysadmins => hiera('sysadmins'), - site_admin_password => hiera('groups_dev_site_admin_password'), - site_mysql_host => hiera('groups_dev_site_mysql_host'), - site_mysql_password => hiera('groups_dev_site_mysql_password'), + sysadmins => hiera('sysadmins', ['admin']), + site_admin_password => hiera('groups_dev_site_admin_password', 'XXX'), + site_mysql_host => hiera('groups_dev_site_mysql_host', 'localhost'), + site_mysql_password => hiera('groups_dev_site_mysql_password', 'XXX'), } } node 'lists.openstack.org' { class { 'openstack_project::lists': - listadmins => hiera('listadmins'), - listpassword => hiera('listpassword'), + listadmins => hiera('listadmins', ['admin']), + listpassword => hiera('listpassword', 'XXX'), } } node 'paste.openstack.org' { class { 'openstack_project::paste': - db_host => hiera('paste_db_host'), - db_password => hiera('paste_db_password'), - sysadmins => hiera('sysadmins'), + db_host => hiera('paste_db_host', 'localhost'), + db_password => hiera('paste_db_password', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'planet.openstack.org' { class { 'openstack_project::planet': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'eavesdrop.openstack.org' { class { 'openstack_project::eavesdrop': - nickpass => hiera('openstack_meetbot_password'), - sysadmins => hiera('sysadmins'), - statusbot_nick => hiera('statusbot_nick'), - statusbot_password => hiera('statusbot_nick_password'), + nickpass => hiera('openstack_meetbot_password', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), + statusbot_nick => hiera('statusbot_nick', 'username'), + statusbot_password => hiera('statusbot_nick_password', 'XXX'), statusbot_server => 'chat.freenode.net', statusbot_channels => 'edeploy, fuel-dev, heat, magnetodb, murano, openstack, openstack-101, openstack-anvil, openstack-bacon, openstack-barbican, openstack-blazar, openstack-board, openstack-ceilometer, openstack-chef, openstack-cinder, openstack-climate, openstack-cloudkeep, openstack-community, openstack-containers, openstack-dev, openstack-dns, openstack-doc, openstack-entropy, openstack-foundation, openstack-gantt, openstack-gate, openstack-hyper-v, openstack-infra, openstack-ironic, openstack-keystone, openstack-manila, openstack-marconi, openstack-meeting, openstack-meeting-3, openstack-meeting-alt, openstack-meniscus, openstack-merges, openstack-metering, openstack-neutron, openstack-nova, openstack-opw, openstack-oslo, openstack-packaging, openstack-qa, openstack-raksha, openstack-relmgr-office, openstack-sdks, openstack-state-management, openstack-swift, openstack-translation, openstack-trove, packstack-dev, refstack, storyboard, syscompass, tripleo', statusbot_auth_nicks => 'jeblair, ttx, fungi, mordred, clarkb, sdague, SergeyLukjanov', - statusbot_wiki_user => hiera('statusbot_wiki_username'), - statusbot_wiki_password => hiera('statusbot_wiki_password'), + statusbot_wiki_user => hiera('statusbot_wiki_username', 'username'), + statusbot_wiki_password => hiera('statusbot_wiki_password', 'XXX'), statusbot_wiki_url => 'https://wiki.openstack.org/w/api.php', statusbot_wiki_pageid => '1781', - accessbot_nick => hiera('accessbot_nick'), - accessbot_password => hiera('accessbot_nick_password'), + accessbot_nick => hiera('accessbot_nick', 'username'), + accessbot_password => hiera('accessbot_nick_password', 'XXX'), } } node 'etherpad.openstack.org' { class { 'openstack_project::etherpad': - ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'), - mysql_host => hiera('etherpad_db_host'), - mysql_user => hiera('etherpad_db_user'), - mysql_password => hiera('etherpad_db_password'), - sysadmins => hiera('sysadmins'), + ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents', 'XXX'), + ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents', 'XXX'), + ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents', 'XXX'), + mysql_host => hiera('etherpad_db_host', 'localhost'), + mysql_user => hiera('etherpad_db_user', 'username'), + mysql_password => hiera('etherpad_db_password', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'etherpad-dev.openstack.org' { class { 'openstack_project::etherpad_dev': - mysql_host => hiera('etherpad-dev_db_host'), - mysql_user => hiera('etherpad-dev_db_user'), - mysql_password => hiera('etherpad-dev_db_password'), - sysadmins => hiera('sysadmins'), + mysql_host => hiera('etherpad-dev_db_host', 'localhost'), + mysql_user => hiera('etherpad-dev_db_user', 'username'), + mysql_password => hiera('etherpad-dev_db_password', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), } } node 'wiki.openstack.org' { class { 'openstack_project::wiki': - mysql_root_password => hiera('wiki_db_password'), - sysadmins => hiera('sysadmins'), - ssl_cert_file_contents => hiera('wiki_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('wiki_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('wiki_ssl_chain_file_contents'), + mysql_root_password => hiera('wiki_db_password', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), + ssl_cert_file_contents => hiera('wiki_ssl_cert_file_contents', 'XXX'), + ssl_key_file_contents => hiera('wiki_ssl_key_file_contents', 'XXX'), + ssl_chain_file_contents => hiera('wiki_ssl_chain_file_contents', 'XXX'), } } @@ -255,7 +255,7 @@ $elasticsearch_nodes = [ node 'logstash.openstack.org' { class { 'openstack_project::logstash': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), elasticsearch_nodes => $elasticsearch_nodes, gearman_workers => [ 'logstash-worker01.openstack.org', @@ -288,7 +288,7 @@ node 'logstash.openstack.org' { node /^logstash-worker\d+\.openstack\.org$/ { class { 'openstack_project::logstash_worker': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), elasticsearch_nodes => $elasticsearch_nodes, discover_node => 'elasticsearch01.openstack.org', } @@ -296,7 +296,7 @@ node /^logstash-worker\d+\.openstack\.org$/ { node /^elasticsearch\d+\.openstack\.org$/ { class { 'openstack_project::elasticsearch_node': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), elasticsearch_nodes => $elasticsearch_nodes, elasticsearch_clients => [ 'logstash.openstack.org', @@ -324,7 +324,7 @@ node /^elasticsearch\d+\.openstack\.org$/ { # A CentOS machine to load balance git access. node 'git.openstack.org' { class { 'openstack_project::git': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), balancer_member_names => [ 'git01.openstack.org', 'git02.openstack.org', @@ -348,11 +348,11 @@ node /^git\d+\.openstack\.org$/ { include openstack_project class { 'openstack_project::git_backend': vhost_name => 'git.openstack.org', - sysadmins => hiera('sysadmins'), - git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents'), - ssl_cert_file_contents => hiera('git_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('git_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'), + sysadmins => hiera('sysadmins', ['admin']), + git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents', 'XXX'), + ssl_cert_file_contents => hiera('git_ssl_cert_file_contents', 'XXX'), + ssl_key_file_contents => hiera('git_ssl_key_file_contents', 'XXX'), + ssl_chain_file_contents => hiera('git_ssl_chain_file_contents', 'XXX'), behind_proxy => true, } } @@ -360,66 +360,66 @@ node /^git\d+\.openstack\.org$/ { # A machine to run ODSREG in preparation for summits. node 'summit.openstack.org' { class { 'openstack_project::summit': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } # A machine to run Storyboard node 'storyboard.openstack.org' { class { 'openstack_project::storyboard': - sysadmins => hiera('sysadmins'), - mysql_host => hiera('storyboard_db_host'), - mysql_user => hiera('storyboard_db_user'), - mysql_password => hiera('storyboard_db_password'), - ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents'), + sysadmins => hiera('sysadmins', ['admin']), + mysql_host => hiera('storyboard_db_host', 'localhost'), + mysql_user => hiera('storyboard_db_user', 'username'), + mysql_password => hiera('storyboard_db_password', 'XXX'), + ssl_cert_file_contents => hiera('storyboard_ssl_cert_file_contents', 'XXX'), + ssl_key_file_contents => hiera('storyboard_ssl_key_file_contents', 'XXX'), + ssl_chain_file_contents => hiera('storyboard_ssl_chain_file_contents', 'XXX'), } } # A machine to serve static content. node 'static.openstack.org' { class { 'openstack_project::static': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } # A machine to serve various project status updates. node 'status.openstack.org' { class { 'openstack_project::status': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), gerrit_host => 'review.openstack.org', - gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), - reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents'), - reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents'), - releasestatus_ssh_public_key => hiera('releasestatus_rsa_pubkey_contents'), - releasestatus_ssh_private_key => hiera('releasestatus_rsa_key_contents'), - recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key'), - recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key'), + gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), + reviewday_ssh_public_key => hiera('reviewday_rsa_pubkey_contents', 'XXX'), + reviewday_ssh_private_key => hiera('reviewday_rsa_key_contents', 'XXX'), + releasestatus_ssh_public_key => hiera('releasestatus_rsa_pubkey_contents', 'XXX'), + releasestatus_ssh_private_key => hiera('releasestatus_rsa_key_contents', 'XXX'), + recheck_ssh_public_key => hiera('elastic-recheck_gerrit_ssh_public_key', 'XXX'), + recheck_ssh_private_key => hiera('elastic-recheck_gerrit_ssh_private_key', 'XXX'), recheck_bot_nick => 'openstackrecheck', - recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'), + recheck_bot_passwd => hiera('elastic-recheck_ircbot_password', 'XXX'), } } node 'nodepool.openstack.org' { class { 'openstack_project::nodepool_prod': - mysql_password => hiera('nodepool_mysql_password'), - mysql_root_password => hiera('nodepool_mysql_root_password'), - nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - sysadmins => hiera('sysadmins'), + mysql_password => hiera('nodepool_mysql_password', 'XXX'), + mysql_root_password => hiera('nodepool_mysql_root_password', 'XXX'), + nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), statsd_host => 'graphite.openstack.org', - jenkins_api_user => hiera('jenkins_api_user'), - jenkins_api_key => hiera('jenkins_api_key'), - jenkins_credentials_id => hiera('jenkins_credentials_id'), - rackspace_username => hiera('nodepool_rackspace_username'), - rackspace_password => hiera('nodepool_rackspace_password'), - rackspace_project => hiera('nodepool_rackspace_project'), - hpcloud_username => hiera('nodepool_hpcloud_username'), - hpcloud_password => hiera('nodepool_hpcloud_password'), - hpcloud_project => hiera('nodepool_hpcloud_project'), - tripleo_username => hiera('nodepool_tripleo_username'), - tripleo_password => hiera('nodepool_tripleo_password'), - tripleo_project => hiera('nodepool_tripleo_project'), + jenkins_api_user => hiera('jenkins_api_user', 'username'), + jenkins_api_key => hiera('jenkins_api_key', 'XXX'), + jenkins_credentials_id => hiera('jenkins_credentials_id', 'XXX'), + rackspace_username => hiera('nodepool_rackspace_username', 'username'), + rackspace_password => hiera('nodepool_rackspace_password', 'XXX'), + rackspace_project => hiera('nodepool_rackspace_project', 'project'), + hpcloud_username => hiera('nodepool_hpcloud_username', 'username'), + hpcloud_password => hiera('nodepool_hpcloud_password', 'XXX'), + hpcloud_project => hiera('nodepool_hpcloud_project', 'project'), + tripleo_username => hiera('nodepool_tripleo_username', 'username'), + tripleo_password => hiera('nodepool_tripleo_password', 'XXX'), + tripleo_project => hiera('nodepool_tripleo_project', 'project'), } } @@ -427,18 +427,18 @@ node 'zuul.openstack.org' { class { 'openstack_project::zuul_prod': gerrit_server => 'review.openstack.org', gerrit_user => 'jenkins', - gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), - zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'), + gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), + zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'), url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}', swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/', swift_user => 'infra-files-rw', - swift_key => hiera('infra_files_rw_password'), - swift_tenant_name => hiera('infra_files_tenant_name'), + swift_key => hiera('infra_files_rw_password', 'XXX'), + swift_tenant_name => hiera('infra_files_tenant_name', 'tenantname'), swift_region_name => 'DFW', swift_default_container => 'infra-files', swift_default_logserver_prefix => 'http://logs.openstack.org/', zuul_url => 'http://zuul.openstack.org/p', - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), statsd_host => 'graphite.openstack.org', gearman_workers => [ 'nodepool.openstack.org', @@ -462,9 +462,9 @@ node 'zm01.openstack.org' { gearman_server => 'zuul.openstack.org', gerrit_server => 'review.openstack.org', gerrit_user => 'jenkins', - gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), - zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'), - sysadmins => hiera('sysadmins'), + gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), + zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), } } @@ -473,9 +473,9 @@ node 'zm02.openstack.org' { gearman_server => 'zuul.openstack.org', gerrit_server => 'review.openstack.org', gerrit_user => 'jenkins', - gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), - zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'), - sysadmins => hiera('sysadmins'), + gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), + zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'), + sysadmins => hiera('sysadmins', ['admin']), } } @@ -483,10 +483,10 @@ node 'zuul-dev.openstack.org' { class { 'openstack_project::zuul_dev': gerrit_server => 'review-dev.openstack.org', gerrit_user => 'zuul-dev', - zuul_ssh_private_key => hiera('zuul_dev_ssh_private_key_contents'), + zuul_ssh_private_key => hiera('zuul_dev_ssh_private_key_contents', 'XXX'), url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}', zuul_url => 'http://zuul-dev.openstack.org/p', - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), statsd_host => 'graphite.openstack.org', gearman_workers => [ 'jenkins.openstack.org', @@ -504,13 +504,13 @@ node 'zuul-dev.openstack.org' { node 'pbx.openstack.org' { class { 'openstack_project::pbx': - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), sip_providers => [ { provider => 'voipms', hostname => 'dallas.voip.ms', - username => hiera('voipms_username'), - password => hiera('voipms_password'), + username => hiera('voipms_username', 'username'), + password => hiera('voipms_password', 'XXX'), outgoing => false, }, ], @@ -530,7 +530,7 @@ node 'mirror26.slave.openstack.org' { include openstack_project class { 'openstack_project::mirror26_slave': jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key, - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents') + jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX') } } @@ -538,7 +538,7 @@ node 'mirror27.slave.openstack.org' { include openstack_project class { 'openstack_project::mirror27_slave': jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key, - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents') + jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX') } } @@ -546,7 +546,7 @@ node 'mirror33.slave.openstack.org' { include openstack_project class { 'openstack_project::mirror33_slave': jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key, - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents') + jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX') } } @@ -554,10 +554,10 @@ node 'proposal.slave.openstack.org' { include openstack_project class { 'openstack_project::proposal_slave': transifex_username => 'openstackjenkins', - transifex_password => hiera('transifex_password'), + transifex_password => hiera('transifex_password', 'XXX'), jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key, - proposal_ssh_public_key => hiera('proposal_ssh_public_key_contents'), - proposal_ssh_private_key => hiera('proposal_ssh_private_key_contents'), + proposal_ssh_public_key => hiera('proposal_ssh_public_key_contents', 'XXX'), + proposal_ssh_private_key => hiera('proposal_ssh_private_key_contents', 'XXX'), } } @@ -565,12 +565,12 @@ node 'pypi.slave.openstack.org' { include openstack_project class { 'openstack_project::pypi_slave': pypi_username => 'openstackci', - pypi_password => hiera('pypi_password'), + pypi_password => hiera('pypi_password', 'XXX'), jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key, - jenkinsci_username => hiera('jenkins_ci_org_user'), - jenkinsci_password => hiera('jenkins_ci_org_password'), - mavencentral_username => hiera('mavencentral_org_user'), - mavencentral_password => hiera('mavencentral_org_password'), + jenkinsci_username => hiera('jenkins_ci_org_user', 'username'), + jenkinsci_password => hiera('jenkins_ci_org_password', 'XXX'), + mavencentral_username => hiera('mavencentral_org_user', 'username'), + mavencentral_password => hiera('mavencentral_org_password', 'XXX'), } } @@ -586,7 +586,7 @@ node /^precise-dev\d+.*\.slave\.openstack\.org$/ { include openstack_project::puppet_cron class { 'openstack_project::slave': ssh_key => $openstack_project::jenkins_dev_ssh_key, - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } @@ -595,7 +595,7 @@ node /^precisepy3k-dev\d+.*\.slave\.openstack\.org$/ { include openstack_project::puppet_cron class { 'openstack_project::slave': ssh_key => $openstack_project::jenkins_dev_ssh_key, - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), python3 => true, include_pypy => true, } @@ -606,7 +606,7 @@ node /^centos6-dev\d+\.slave\.openstack\.org$/ { include openstack_project::puppet_cron class { 'openstack_project::slave': ssh_key => $openstack_project::jenkins_dev_ssh_key, - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), } } @@ -615,25 +615,25 @@ node /^fedora18-dev\d+\.slave\.openstack\.org$/ { include openstack_project::puppet_cron class { 'openstack_project::slave': ssh_key => $openstack_project::jenkins_dev_ssh_key, - sysadmins => hiera('sysadmins'), + sysadmins => hiera('sysadmins', ['admin']), python3 => true, } } node 'openstackid-dev.openstack.org' { class { 'openstack_project::openstackid_dev': - sysadmins => hiera('sysadmins'), - site_admin_password => hiera('openstackid_dev_site_admin_password'), - id_mysql_host => hiera('openstackid_dev_id_mysql_host'), - id_mysql_password => hiera('openstackid_dev_id_mysql_password'), - ss_mysql_host => hiera('openstackid_dev_ss_mysql_host'), - ss_mysql_password => hiera('openstackid_dev_ss_mysql_password'), - ss_mysql_user => hiera('openstackid_dev_ss_mysql_user'), - ss_db_name => hiera('openstackid_dev_ss_db_name'), - redis_password => hiera('openstackid_dev_redis_password'), - ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents'), + sysadmins => hiera('sysadmins', ['admin']), + site_admin_password => hiera('openstackid_dev_site_admin_password', 'XXX'), + id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'), + id_mysql_password => hiera('openstackid_dev_id_mysql_password', 'XXX'), + ss_mysql_host => hiera('openstackid_dev_ss_mysql_host', 'localhost'), + ss_mysql_password => hiera('openstackid_dev_ss_mysql_password', 'XXX'), + ss_mysql_user => hiera('openstackid_dev_ss_mysql_user', 'username'), + ss_db_name => hiera('openstackid_dev_ss_db_name', 'username'), + redis_password => hiera('openstackid_dev_redis_password', 'XXX'), + ssl_cert_file_contents => hiera('openstackid_dev_ssl_cert_file_contents', 'XXX'), + ssl_key_file_contents => hiera('openstackid_dev_ssl_key_file_contents', 'XXX'), + ssl_chain_file_contents => hiera('openstackid_dev_ssl_chain_file_contents', 'XXX'), } } diff --git a/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml b/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml index d97f282532..145e3d4401 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml @@ -111,6 +111,11 @@ erb -x -T '-' $f | ruby -c done +- builder: + name: puppet-apply + builders: + - shell: "./test.sh" + - builder: name: chef-bundler-prep builders: diff --git a/modules/openstack_project/files/jenkins_job_builder/config/projects.yaml b/modules/openstack_project/files/jenkins_job_builder/config/projects.yaml index be86936209..a709dca7db 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/projects.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/projects.yaml @@ -160,6 +160,7 @@ jobs: - gate-{name}-puppet-lint - gate-{name}-puppet-syntax + - gate-{name}-puppet-apply - gate-{name}-pep8 - project: diff --git a/modules/openstack_project/files/jenkins_job_builder/config/puppet-module-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/puppet-module-jobs.yaml index b0d1060b33..7445d49b16 100644 --- a/modules/openstack_project/files/jenkins_job_builder/config/puppet-module-jobs.yaml +++ b/modules/openstack_project/files/jenkins_job_builder/config/puppet-module-jobs.yaml @@ -39,6 +39,17 @@ publishers: - console-log +- job-template: + name: 'gate-{name}-puppet-apply' + node: '{node}' + + builders: + - gerrit-git-prep + - puppet-apply + + publishers: + - console-log + - job-group: name: 'puppet-module-unit' puppet_version: diff --git a/modules/openstack_project/files/zuul/layout.yaml b/modules/openstack_project/files/zuul/layout.yaml index ce5b7c669f..ab59e4f2e7 100644 --- a/modules/openstack_project/files/zuul/layout.yaml +++ b/modules/openstack_project/files/zuul/layout.yaml @@ -587,6 +587,8 @@ jobs: voting: false - name: gate-puppet-vswitch-puppet-syntax voting: false + - name: gate-config-puppet-apply + voting: false - name: gate-tomograph-python33 voting: false - name: ^check-rally-install-.*$ @@ -2811,6 +2813,7 @@ projects: - gate-config-pep8 - gate-config-puppet-lint - gate-config-puppet-syntax + - gate-config-puppet-apply - gate-config-irc-access - gate-ci-docs - check-projects-yaml-alphabetized @@ -2820,6 +2823,7 @@ projects: - gate-config-pep8 - gate-config-puppet-lint - gate-config-puppet-syntax + - gate-config-puppet-apply - gate-config-irc-access - check-projects-yaml-alphabetized - check-projects-yaml-upstream diff --git a/test.sh b/test.sh index 4b2990dbbf..c2313d46e7 100755 --- a/test.sh +++ b/test.sh @@ -1,7 +1,7 @@ -find . -iname '*.pp' | xargs puppet parser validate --modulepath=`pwd`/modules -for f in `find . -iname *.erb` ; do - erb -x -T '-' $f | ruby -c >/dev/null || echo "Error in $f" -done +#!/bin/bash -e + +ROOT=$(readlink -fn $(dirname $0)) +MODULE_PATH="${ROOT}/modules:/etc/puppet/modules" if [ ! -d applytest ] ; then mkdir applytest @@ -9,9 +9,8 @@ fi csplit -sf applytest/puppetapplytest manifests/site.pp '/^$/' {*} sed -i -e 's/^[^[:space:]]/#&/g' applytest/puppetapplytest* -sed -i -e 's/hiera..sysadmins../["admin"]/' applytest/puppetapplytest* -sed -i -e 's/hiera..listadmins../["admin"]/' applytest/puppetapplytest* -sed -i -e 's/hiera.*/PASSWORD,/' applytest/puppetapplytest* +sed -i -e 's@hiera(.\([^.]*\).,\([^)]*\))@\2@' applytest/puppetapplytest* + for f in `find applytest -name 'puppetapplytest*' -print` ; do - puppet apply --modulepath=./modules:/etc/puppet/modules -v --noop --debug $f >/dev/null + sudo puppet apply --modulepath=${MODULE_PATH} --noop --verbose --debug $f >/dev/null done