opendev/system-config
Code Issues Proposed changes

Move Zuul to its own server.

Browse Source 
Remove zuul from jenkins server.
Remove transitional zuul config.
Add an extra argument to gerrit-git-prep for the git site name, so that it
doesn't have to be the same as the review site.
Serve zuul git repos via apache.

Change-Id: I342032bcedf317c0f48ff89b773546eb2ccd08f8
Reviewed-on: https://review.openstack.org/17949
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: James E. Blair <corvus@inaugust.com>
This commit is contained in:
James E. Blair 2012-12-02 16:32:10 +00:00 committed by James E. Blair
parent 3e3abe433b
commit 5b9461b5e1
8 changed files with 126 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
manifests/site.pp
View File

@ -71,14 +71,6 @@ node 'jenkins.openstack.org' {
ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'), ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'), sysadmins => hiera('sysadmins'),
} }
class { 'openstack_project::zuul':
jenkins_url => "https://${::fqdn}",
jenkins_user => 'hudson-openstack',
jenkins_apikey => hiera('zuul_jenkins_apikey'),
gerrit_server => 'review.openstack.org',
gerrit_user => 'jenkins',
url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
}
} }
node 'jenkins-dev.openstack.org' { node 'jenkins-dev.openstack.org' {
@ -193,14 +185,15 @@ node 'static.openstack.org' {
node 'zuul.openstack.org' { node 'zuul.openstack.org' {
class { 'openstack_project::zuul': class { 'openstack_project::zuul':
jenkins_host => 'jenkins.openstack.org', jenkins_host => 'jenkins.openstack.org',
jenkins_url => 'https://jenkins.openstack.org', jenkins_url => 'https://jenkins.openstack.org',
jenkins_user => 'hudson-openstack', jenkins_user => 'hudson-openstack',
jenkins_apikey => hiera('zuul_jenkins_apikey'), jenkins_apikey => hiera('zuul_jenkins_apikey'),
gerrit_server => 'review.openstack.org', gerrit_server => 'review.openstack.org',
gerrit_user => 'jenkins', gerrit_user => 'jenkins',
url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}', zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
sysadmins => hiera('sysadmins'), url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
sysadmins => hiera('sysadmins'),
} }
} }

23
modules/jenkins/files/slave_scripts/gerrit-git-prep.sh
View File

@ -10,10 +10,17 @@
# GERRIT_CHANGES="gtest-org/test:master:refs/changes/21/421/1" # GERRIT_CHANGES="gtest-org/test:master:refs/changes/21/421/1"
# GERRIT_CHANGES="" # GERRIT_CHANGES=""
SITE=$1 REVIEW_SITE=$1
if [ -z "$SITE" ] if [ -z "$REVIEW_SITE" ]
then then
echo "The site name (eg 'review.openstack.org') must be the first argument." echo "The git site name (eg 'https://review.openstack.org') must be the first argument."
exit 1
fi
GIT_SITE=$2
if [ -z "$GIT_SITE" ]
then
echo "The git site name (eg 'http://zuul.openstack.org') must be the second argument."
exit 1 exit 1
fi fi
@ -26,13 +33,13 @@ fi
if [ ! -z "$GERRIT_CHANGES" ] if [ ! -z "$GERRIT_CHANGES" ]
then then
CHANGE_NUMBER=`echo $GERRIT_CHANGES|grep -Po ".*/\K\d+(?=/\d+)"` CHANGE_NUMBER=`echo $GERRIT_CHANGES|grep -Po ".*/\K\d+(?=/\d+)"`
echo "Triggered by: https://$SITE/$CHANGE_NUMBER" echo "Triggered by: $REVIEW_SITE/$CHANGE_NUMBER"
fi fi
if [ ! -z "$GERRIT_REFSPEC" ] if [ ! -z "$GERRIT_REFSPEC" ]
then then
CHANGE_NUMBER=`echo $GERRIT_REFSPEC|grep -Po ".*/\K\d+(?=/\d+)"` CHANGE_NUMBER=`echo $GERRIT_REFSPEC|grep -Po ".*/\K\d+(?=/\d+)"`
echo "Triggered by: https://$SITE/$CHANGE_NUMBER" echo "Triggered by: $REVIEW_SITE/$CHANGE_NUMBER"
fi fi
function merge_change { function merge_change {
@ -41,10 +48,10 @@ function merge_change {
MAX_ATTEMPTS=${3:-3} MAX_ATTEMPTS=${3:-3}
COUNT=0 COUNT=0
until git fetch https://$SITE/p/$PROJECT $REFSPEC until git fetch $GIT_SITE/p/$PROJECT $REFSPEC
do do
COUNT=$(($COUNT + 1)) COUNT=$(($COUNT + 1))
logger -p user.warning -t 'gerrit-git-prep' FAILED: git fetch https://$SITE/p/$PROJECT $REFSPEC COUNT: $COUNT logger -p user.warning -t 'gerrit-git-prep' FAILED: git fetch $GIT_SITE/p/$PROJECT $REFSPEC COUNT: $COUNT
if [ $COUNT -eq $MAX_ATTEMPTS ] if [ $COUNT -eq $MAX_ATTEMPTS ]
then then
break break
@ -97,7 +104,7 @@ function merge_changes {
set -x set -x
if [[ ! -e .git ]] if [[ ! -e .git ]]
then then
git clone https://$SITE/p/$GERRIT_PROJECT . git clone $GIT_SITE/p/$GERRIT_PROJECT .
fi fi
git remote update || git remote update # attempt to work around bug #925790 git remote update || git remote update # attempt to work around bug #925790
git reset --hard git reset --hard

4
modules/openstack_project/files/jenkins_job_builder/config/macros.yaml
View File

@ -1,7 +1,7 @@
- builder: - builder:
name: gerrit-git-prep name: gerrit-git-prep
builders: builders:
- shell: "/usr/local/jenkins/slave_scripts/gerrit-git-prep.sh review.openstack.org" - shell: "/usr/local/jenkins/slave_scripts/gerrit-git-prep.sh https://review.openstack.org http://zuul.openstack.org"
- builder: - builder:
name: coverage name: coverage
@ -109,7 +109,7 @@
- shell: | - shell: |
#!/bin/bash -xe #!/bin/bash -xe
if [[ ! -e devstack-gate ]]; then if [[ ! -e devstack-gate ]]; then
git clone https://review.openstack.org/p/openstack-ci/devstack-gate git clone http://zuul.openstack.org/p/openstack-ci/devstack-gate
else else
cd devstack-gate cd devstack-gate
git remote update git remote update

29
modules/openstack_project/manifests/zuul.pp
View File

@ -1,35 +1,36 @@
# == Class: openstack_project::zuul # == Class: openstack_project::zuul
# #
class openstack_project::zuul( class openstack_project::zuul(
$vhost_name = $::fqdn,
$jenkins_host = '', $jenkins_host = '',
$jenkins_url = '', $jenkins_url = '',
$jenkins_user = '', $jenkins_user = '',
$jenkins_apikey = '', $jenkins_apikey = '',
$gerrit_server = '', $gerrit_server = '',
$gerrit_user = '', $gerrit_user = '',
$zuul_ssh_private_key = '',
$url_pattern = '', $url_pattern = '',
$sysadmins = [] $sysadmins = []
) { ) {
$rules = [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ] $rules = [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
# TODO: This is temporary to handle the transition to a standalone server class { 'openstack_project::server':
if ($sysadmins != []) { iptables_public_tcp_ports => [80],
class { 'openstack_project::server': iptables_rules4 => $rules,
iptables_public_tcp_ports => [80, 443], sysadmins => $sysadmins,
iptables_rules4 => $rules,
sysadmins => $sysadmins,
}
} }
class { '::zuul': class { '::zuul':
jenkins_server => $jenkins_url, vhost_name => $vhost_name,
jenkins_user => $jenkins_user, jenkins_server => $jenkins_url,
jenkins_apikey => $jenkins_apikey, jenkins_user => $jenkins_user,
gerrit_server => $gerrit_server, jenkins_apikey => $jenkins_apikey,
gerrit_user => $gerrit_user, gerrit_server => $gerrit_server,
url_pattern => $url_pattern, gerrit_user => $gerrit_user,
push_change_refs => true zuul_ssh_private_key => $zuul_ssh_private_key,
url_pattern => $url_pattern,
push_change_refs => true
} }
file { '/etc/zuul/layout.yaml': file { '/etc/zuul/layout.yaml':

2
modules/zuul/files/zuul.init
View File

@ -18,7 +18,7 @@ NAME=zuul
DAEMON=/usr/local/bin/zuul-server DAEMON=/usr/local/bin/zuul-server
PIDFILE=/var/run/$NAME/$NAME.pid PIDFILE=/var/run/$NAME/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME SCRIPTNAME=/etc/init.d/$NAME
USER=jenkins USER=zuul
# Exit if the package is not installed # Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0 [ -x "$DAEMON" ] || exit 0

75
modules/zuul/manifests/init.pp
View File

@ -1,16 +1,21 @@
# == Class: zuul # == Class: zuul
# #
class zuul ( class zuul (
$vhost_name = $::fqdn,
$serveradmin = "webmaster@${::fqdn}",
$jenkins_server = '', $jenkins_server = '',
$jenkins_user = '', $jenkins_user = '',
$jenkins_apikey = '', $jenkins_apikey = '',
$gerrit_server = '', $gerrit_server = '',
$gerrit_user = '', $gerrit_user = '',
$zuul_ssh_private_key = '',
$url_pattern = '', $url_pattern = '',
$status_url = "https://${::fqdn}/zuul/status", $status_url = "https://${::fqdn}/",
$git_source_repo = 'https://github.com/openstack-ci/zuul.git', $git_source_repo = 'https://github.com/openstack-ci/zuul.git',
$push_change_refs = false $push_change_refs = false
) { ) {
include apache
$packages = [ $packages = [
'python-webob', 'python-webob',
'python-daemon', 'python-daemon',
@ -22,6 +27,19 @@ class zuul (
ensure => present, ensure => present,
} }
user { 'zuul':
ensure => present,
home => '/home/zuul',
shell => '/bin/bash',
gid => 'zuul',
managehome => true,
require => Group['zuul'],
}
group { 'zuul':
ensure => present,
}
# A lot of things need yaml, be conservative requiring this package to avoid # A lot of things need yaml, be conservative requiring this package to avoid
# conflicts with other modules. # conflicts with other modules.
if ! defined(Package['python-yaml']) { if ! defined(Package['python-yaml']) {
@ -71,40 +89,56 @@ class zuul (
# at some point, but that still has some problems. # at some point, but that still has some problems.
file { '/etc/zuul/zuul.conf': file { '/etc/zuul/zuul.conf':
ensure => present, ensure => present,
owner => 'jenkins', owner => 'zuul',
mode => '0400', mode => '0400',
content => template('zuul/zuul.conf.erb'), content => template('zuul/zuul.conf.erb'),
require => [ require => [
File['/etc/zuul'], File['/etc/zuul'],
Package['jenkins'], User['zuul'],
], ],
} }
file { '/var/log/zuul': file { '/var/log/zuul':
ensure => directory, ensure => directory,
owner => 'jenkins', owner => 'zuul',
require => Package['jenkins'], require => User['zuul'],
} }
file { '/var/run/zuul': file { '/var/run/zuul':
ensure => directory, ensure => directory,
owner => 'jenkins', owner => 'zuul',
require => Package['jenkins'], require => User['zuul'],
} }
file { '/var/lib/zuul': file { '/var/lib/zuul':
ensure => directory, ensure => directory,
owner => 'jenkins', owner => 'zuul',
require => Package['jenkins'], require => User['zuul'],
} }
file { '/var/lib/zuul/git': file { '/var/lib/zuul/git':
ensure => directory, ensure => directory,
owner => 'jenkins', owner => 'zuul',
require => Package['jenkins'], require => User['zuul'],
} }
file { '/etc/init.d/zuul/': file { '/var/lib/zuul/ssh':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0500',
require => File['/var/lib/zuul'],
}
file { '/var/lib/zuul/ssh/id_rsa':
owner => 'zuul',
group => 'zuul',
mode => '0400',
require => File['/var/lib/zuul/ssh'],
content => $zuul_ssh_private_key,
}
file { '/etc/init.d/zuul':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -124,4 +158,21 @@ class zuul (
hasrestart => true, hasrestart => true,
require => File['/etc/init.d/zuul'], require => File['/etc/init.d/zuul'],
} }
apache::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'zuul/zuul.vhost.erb',
}
a2mod { 'rewrite':
ensure => present,
}
a2mod { 'proxy':
ensure => present,
}
a2mod { 'proxy_http':
ensure => present,
}
} }

2
modules/zuul/templates/zuul.conf.erb
View File

@ -6,7 +6,7 @@ apikey=<%= jenkins_apikey %>
[gerrit] [gerrit]
server=<%= gerrit_server %> server=<%= gerrit_server %>
user=<%= gerrit_user %> user=<%= gerrit_user %>
sshkey=/var/lib/jenkins/.ssh/id_rsa sshkey=/var/lib/zuul/ssh/id_rsa
[zuul] [zuul]
layout_config=/etc/zuul/layout.yaml layout_config=/etc/zuul/layout.yaml

20
modules/zuul/templates/zuul.vhost.erb Normal file
View File

@ -0,0 +1,20 @@
<VirtualHost <%= scope.lookupvar("::zuul::vhost_name") %>:80>
ServerAdmin <%= scope.lookupvar("::zuul::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::zuul::vhost_name") %>-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::zuul::vhost_name") %>-access.log combined
RewriteEngine on
RewriteRule /zuul/status http://127.0.0.1:8001/status [P]
RewriteRule / http://127.0.0.1:8001/status [P]
SetEnv GIT_PROJECT_ROOT /var/lib/zuul/git/
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/p/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/zuul/git/$1
AliasMatch ^/p/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/zuul/git/$1
ScriptAlias /p/ /usr/lib/git-core/git-http-backend/
</VirtualHost>