Pass jenkins.o.o cert contents in from hiera.
Use hiera to store the jenkins.o.o cert contents and populate the cert files from the values in hiera. Change-Id: Iffd724b7fabf9403506f08f76fa927c3b461ba19 Reviewed-on: https://review.openstack.org/13933 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
This commit is contained in:
parent
2f261bc1ee
commit
82a18132f0
@ -36,8 +36,11 @@ node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' {
|
|||||||
|
|
||||||
node 'jenkins.openstack.org' {
|
node 'jenkins.openstack.org' {
|
||||||
class { 'openstack_project::jenkins':
|
class { 'openstack_project::jenkins':
|
||||||
jenkins_jobs_password => hiera('jenkins_jobs_password'),
|
jenkins_jobs_password => hiera('jenkins_jobs_password'),
|
||||||
sysadmins => hiera('sysadmins'),
|
ssl_cert_file_contents => hiera('jenkins_ssl_cert_file_contents'),
|
||||||
|
ssl_key_file_contents => hiera('jenkins_ssl_key_file_contents'),
|
||||||
|
ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'),
|
||||||
|
sysadmins => hiera('sysadmins'),
|
||||||
}
|
}
|
||||||
class { 'openstack_project::zuul':
|
class { 'openstack_project::zuul':
|
||||||
jenkins_server => "https://${::fqdn}",
|
jenkins_server => "https://${::fqdn}",
|
||||||
|
@ -1,9 +1,13 @@
|
|||||||
class jenkins::master($vhost_name=$fqdn,
|
class jenkins::master(
|
||||||
$serveradmin="webmaster@$fqdn",
|
$vhost_name=$fqdn,
|
||||||
$logo,
|
$serveradmin="webmaster@$fqdn",
|
||||||
$ssl_cert_file='',
|
$logo,
|
||||||
$ssl_key_file='',
|
$ssl_cert_file='',
|
||||||
$ssl_chain_file=''
|
$ssl_key_file='',
|
||||||
|
$ssl_chain_file='',
|
||||||
|
$ssl_cert_file_contents='', # If left empty puppet will not create file.
|
||||||
|
$ssl_key_file_contents='', # If left empty puppet will not create file.
|
||||||
|
$ssl_chain_file_contents='' # If left empty puppet will not create file.
|
||||||
) {
|
) {
|
||||||
include pip
|
include pip
|
||||||
include apt
|
include apt
|
||||||
@ -41,6 +45,39 @@ class jenkins::master($vhost_name=$fqdn,
|
|||||||
ensure => present
|
ensure => present
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $ssl_cert_file_contents != '' {
|
||||||
|
file { $ssl_cert_file:
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0640',
|
||||||
|
content => $ssl_cert_file_contents,
|
||||||
|
require => Class[apache],
|
||||||
|
before => Apache::Vhost[$vhost_name],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssl_key_file_contents != '' {
|
||||||
|
file { $ssl_key_file:
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0640',
|
||||||
|
content => $ssl_key_file_contents,
|
||||||
|
require => Class[apache],
|
||||||
|
before => Apache::Vhost[$vhost_name],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if $ssl_chain_file_contents != '' {
|
||||||
|
file { $ssl_chain_file:
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0640',
|
||||||
|
content => $ssl_chain_file_contents,
|
||||||
|
require => Class[apache],
|
||||||
|
before => Apache::Vhost[$vhost_name],
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$packages = [
|
$packages = [
|
||||||
'python-babel',
|
'python-babel',
|
||||||
'wget',
|
'wget',
|
||||||
|
@ -1,40 +1,47 @@
|
|||||||
class openstack_project::jenkins (
|
class openstack_project::jenkins (
|
||||||
$jenkins_jobs_password,
|
$jenkins_jobs_password,
|
||||||
$sysadmins = []
|
$ssl_cert_file_contents = '',
|
||||||
|
$ssl_key_file_contents = '',
|
||||||
|
$ssl_chain_file_contents = '',
|
||||||
|
$sysadmins = [],
|
||||||
) {
|
) {
|
||||||
|
|
||||||
class { 'openstack_project::server':
|
class { 'openstack_project::server':
|
||||||
iptables_public_tcp_ports => [80, 443, 4155],
|
iptables_public_tcp_ports => [80, 443, 4155],
|
||||||
sysadmins => $sysadmins
|
sysadmins => $sysadmins
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$vhost_name = 'jenkins.openstack.org'
|
||||||
class { '::jenkins::master':
|
class { '::jenkins::master':
|
||||||
vhost_name => 'jenkins.openstack.org',
|
vhost_name => $vhost_name,
|
||||||
serveradmin => 'webmaster@openstack.org',
|
serveradmin => 'webmaster@openstack.org',
|
||||||
logo => 'openstack.png',
|
logo => 'openstack.png',
|
||||||
ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem',
|
ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem',
|
||||||
ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key',
|
ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key',
|
||||||
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
|
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
|
||||||
|
ssl_cert_file_contents => $ssl_cert_file_contents,
|
||||||
|
ssl_key_file_contents => $ssl_key_file_contents,
|
||||||
|
ssl_chain_file_contents => $ssl_chain_file_contents,
|
||||||
}
|
}
|
||||||
|
|
||||||
class { "::jenkins::job_builder":
|
class { '::jenkins::job_builder':
|
||||||
url => "https://jenkins.openstack.org/",
|
url => "https://${vhost_name}/",
|
||||||
username => "gerrig",
|
username => 'gerrig',
|
||||||
password => $jenkins_jobs_password,
|
password => $jenkins_jobs_password,
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/etc/jenkins_jobs/config':
|
file { '/etc/jenkins_jobs/config':
|
||||||
owner => 'root',
|
ensure => directory,
|
||||||
group => 'root',
|
owner => 'root',
|
||||||
mode => 755,
|
group => 'root',
|
||||||
ensure => 'directory',
|
mode => '0755',
|
||||||
recurse => true,
|
recurse => true,
|
||||||
source => ['puppet:///modules/openstack_project/jenkins_job_builder/config'],
|
source => ['puppet:///modules/openstack_project/jenkins_job_builder/config'],
|
||||||
notify => Exec["jenkins_jobs_update"]
|
notify => Exec['jenkins_jobs_update']
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/etc/default/jenkins":
|
file { '/etc/default/jenkins':
|
||||||
ensure => 'present',
|
ensure => present,
|
||||||
source => 'puppet:///modules/openstack_project/jenkins/jenkins.default'
|
source => 'puppet:///modules/openstack_project/jenkins/jenkins.default'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user