opendev/system-config
Code Issues Proposed changes

Pass jenkins.o.o cert contents in from hiera.

Browse Source 
Use hiera to store the jenkins.o.o cert contents and populate the cert
files from the values in hiera.

Change-Id: Iffd724b7fabf9403506f08f76fa927c3b461ba19
Reviewed-on: https://review.openstack.org/13933
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This commit is contained in:
Clark Boylan 2012-10-01 18:53:58 -07:00 committed by Jenkins
parent 2f261bc1ee
commit 82a18132f0
3 changed files with 74 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
manifests/site.pp
View File

@ -37,6 +37,9 @@ node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' {
node 'jenkins.openstack.org' {
class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'),
ssl_cert_file_contents => hiera('jenkins_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
}
class { 'openstack_project::zuul':

41
modules/jenkins/manifests/master.pp
View File

@ -1,9 +1,13 @@
class jenkins::master($vhost_name=$fqdn,
class jenkins::master(
$vhost_name=$fqdn,
$serveradmin="webmaster@$fqdn",
$logo,
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file=''
$ssl_chain_file='',
$ssl_cert_file_contents='', # If left empty puppet will not create file.
$ssl_key_file_contents='', # If left empty puppet will not create file.
$ssl_chain_file_contents='' # If left empty puppet will not create file.
) {
include pip
include apt
@ -41,6 +45,39 @@ class jenkins::master($vhost_name=$fqdn,
ensure => present
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
require => Class[apache],
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_key_file_contents,
require => Class[apache],
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
require => Class[apache],
before => Apache::Vhost[$vhost_name],
}
}
$packages = [
'python-babel',
'wget',

27
modules/openstack_project/manifests/jenkins.pp
View File

@ -1,6 +1,9 @@
class openstack_project::jenkins (
$jenkins_jobs_password,
$sysadmins = []
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$sysadmins = [],
) {
class { 'openstack_project::server':
@ -8,33 +11,37 @@ class openstack_project::jenkins (
sysadmins => $sysadmins
}
$vhost_name = 'jenkins.openstack.org'
class { '::jenkins::master':
vhost_name => 'jenkins.openstack.org',
vhost_name => $vhost_name,
serveradmin => 'webmaster@openstack.org',
logo => 'openstack.png',
ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem',
ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key',
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
}
class { "::jenkins::job_builder":
url => "https://jenkins.openstack.org/",
username => "gerrig",
class { '::jenkins::job_builder':
url => "https://${vhost_name}/",
username => 'gerrig',
password => $jenkins_jobs_password,
}
file { '/etc/jenkins_jobs/config':
ensure => directory,
owner => 'root',
group => 'root',
mode => 755,
ensure => 'directory',
mode => '0755',
recurse => true,
source => ['puppet:///modules/openstack_project/jenkins_job_builder/config'],
notify => Exec["jenkins_jobs_update"]
notify => Exec['jenkins_jobs_update']
}
file { "/etc/default/jenkins":
ensure => 'present',
file { '/etc/default/jenkins':
ensure => present,
source => 'puppet:///modules/openstack_project/jenkins/jenkins.default'
}