Pass jenkins.o.o cert contents in from hiera.

Use hiera to store the jenkins.o.o cert contents and populate the cert files from the values in hiera. Change-Id: Iffd724b7fabf9403506f08f76fa927c3b461ba19 Reviewed-on: https://review.openstack.org/13933 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-01 18:53:58 -07:00 · 2012-10-01 18:53:58 -07:00 · 82a18132f0
commit 82a18132f0
parent 2f261bc1ee
3 changed files with 74 additions and 27 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -36,8 +36,11 @@ node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' {

 node 'jenkins.openstack.org' {
  class { 'openstack_project::jenkins':
-    jenkins_jobs_password => hiera('jenkins_jobs_password'),
-    sysadmins             => hiera('sysadmins'),
+    jenkins_jobs_password   => hiera('jenkins_jobs_password'),
+    ssl_cert_file_contents  => hiera('jenkins_ssl_cert_file_contents'),
+    ssl_key_file_contents   => hiera('jenkins_ssl_key_file_contents'),
+    ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'),
+    sysadmins               => hiera('sysadmins'),
  }
  class { 'openstack_project::zuul':
    jenkins_server  => "https://${::fqdn}",
--- a/modules/jenkins/manifests/master.pp
+++ b/modules/jenkins/manifests/master.pp
@ -1,9 +1,13 @@
-class jenkins::master($vhost_name=$fqdn,
-      $serveradmin="webmaster@$fqdn",
-      $logo,
-      $ssl_cert_file='',
-      $ssl_key_file='',
-      $ssl_chain_file=''
+class jenkins::master(
+  $vhost_name=$fqdn,
+  $serveradmin="webmaster@$fqdn",
+  $logo,
+  $ssl_cert_file='',
+  $ssl_key_file='',
+  $ssl_chain_file='',
+  $ssl_cert_file_contents='', # If left empty puppet will not create file.
+  $ssl_key_file_contents='', # If left empty puppet will not create file.
+  $ssl_chain_file_contents='' # If left empty puppet will not create file.
 ) {
  include pip
  include apt
@ -41,6 +45,39 @@ class jenkins::master($vhost_name=$fqdn,
    ensure => present
  }

+  if $ssl_cert_file_contents != '' {
+    file { $ssl_cert_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_cert_file_contents,
+      require => Class[apache],
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_key_file_contents != '' {
+    file { $ssl_key_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_key_file_contents,
+      require => Class[apache],
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_chain_file_contents != '' {
+    file { $ssl_chain_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_chain_file_contents,
+      require => Class[apache],
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
  $packages = [
    'python-babel',
    'wget',
--- a/modules/openstack_project/manifests/jenkins.pp
+++ b/modules/openstack_project/manifests/jenkins.pp
@ -1,40 +1,47 @@
 class openstack_project::jenkins (
  $jenkins_jobs_password,
-  $sysadmins = []
+  $ssl_cert_file_contents = '',
+  $ssl_key_file_contents = '',
+  $ssl_chain_file_contents = '',
+  $sysadmins = [],
 ) {

  class { 'openstack_project::server':
    iptables_public_tcp_ports => [80, 443, 4155],
-    sysadmins => $sysadmins
+    sysadmins                 => $sysadmins
  }

+  $vhost_name = 'jenkins.openstack.org'
  class { '::jenkins::master':
-    vhost_name => 'jenkins.openstack.org',
-    serveradmin => 'webmaster@openstack.org',
-    logo => 'openstack.png',
-    ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem',
-    ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key',
-    ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
+    vhost_name              => $vhost_name,
+    serveradmin             => 'webmaster@openstack.org',
+    logo                    => 'openstack.png',
+    ssl_cert_file           => '/etc/ssl/certs/jenkins.openstack.org.pem',
+    ssl_key_file            => '/etc/ssl/private/jenkins.openstack.org.key',
+    ssl_chain_file          => '/etc/ssl/certs/intermediate.pem',
+    ssl_cert_file_contents  => $ssl_cert_file_contents,
+    ssl_key_file_contents   => $ssl_key_file_contents,
+    ssl_chain_file_contents => $ssl_chain_file_contents,
  }

-  class { "::jenkins::job_builder":
-    url => "https://jenkins.openstack.org/",
-    username => "gerrig",
+  class { '::jenkins::job_builder':
+    url      => "https://${vhost_name}/",
+    username => 'gerrig',
    password => $jenkins_jobs_password,
  }

  file { '/etc/jenkins_jobs/config':
-    owner => 'root',
-    group => 'root',
-    mode => 755,
-    ensure => 'directory',
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
    recurse => true,
-    source => ['puppet:///modules/openstack_project/jenkins_job_builder/config'],
-    notify => Exec["jenkins_jobs_update"]
+    source  => ['puppet:///modules/openstack_project/jenkins_job_builder/config'],
+    notify  => Exec['jenkins_jobs_update']
  }

-  file { "/etc/default/jenkins":
-    ensure => 'present',
+  file { '/etc/default/jenkins':
+    ensure => present,
    source => 'puppet:///modules/openstack_project/jenkins/jenkins.default'
  }