Pass sysadmins list into node defs.
Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
This commit is contained in:
Clark Boylan
Jenkins
parent
1150793436
commit
94a7768dc3
@ -3,7 +3,9 @@
|
||||
#
|
||||
node default {
|
||||
include openstack_project::puppet_cron
|
||||
include openstack_project::server
|
||||
class { 'openstack_project::server':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
@ -16,6 +18,7 @@ node "review.openstack.org" {
|
||||
mysql_root_password => hiera('gerrit_mysql_root_password'),
|
||||
email_private_key => hiera('gerrit_email_private_key'),
|
||||
gerritbot_password => hiera('gerrit_gerritbot_password'),
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,7 +27,8 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
|
||||
github_oauth_token => hiera('gerrit_dev_github_token'),
|
||||
mysql_password => hiera('gerrit_dev_mysql_password'),
|
||||
mysql_root_password => hiera('gerrit_dev_mysql_root_password'),
|
||||
email_private_key => hiera('gerrit_dev_email_private_key')
|
||||
email_private_key => hiera('gerrit_dev_email_private_key'),
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,20 +42,27 @@ node "jenkins.openstack.org" {
|
||||
jenkins_apikey => hiera('zuul_jenkins_apikey'),
|
||||
gerrit_server => 'review.openstack.org',
|
||||
gerrit_user => 'jenkins',
|
||||
url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}'
|
||||
url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node "jenkins-dev.openstack.org" {
|
||||
include openstack_project::jenkins_dev
|
||||
class { 'openstack_project::jenkins_dev':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node "community.openstack.org" {
|
||||
include openstack_project::community
|
||||
class { 'openstack_project::community':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node "ci-puppetmaster.openstack.org" {
|
||||
include openstack_project::puppetmaster
|
||||
class { 'openstack_project::puppetmaster':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node "lists.openstack.org" {
|
||||
@ -61,21 +72,28 @@ node "lists.openstack.org" {
|
||||
}
|
||||
|
||||
node "paste.openstack.org" {
|
||||
include openstack_project::paste
|
||||
class { 'openstack_project::paste':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node "planet.openstack.org" {
|
||||
include openstack_project::planet
|
||||
class { 'openstack_project::planet':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node "eavesdrop.openstack.org" {
|
||||
class { 'openstack_project::eavesdrop':
|
||||
nickpass => hiera('openstack_meetbot_password'),
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node "pypi.openstack.org" {
|
||||
include openstack_project::pypi
|
||||
class { 'openstack_project::pypi':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node 'etherpad.openstack.org' {
|
||||
@ -83,12 +101,14 @@ node 'etherpad.openstack.org' {
|
||||
etherpad_crt => hiera('etherpad_crt'),
|
||||
etherpad_key => hiera('etherpad_key'),
|
||||
database_password => hiera('etherpad_db_password'),
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
node 'wiki.openstack.org' {
|
||||
class { 'openstack_project::wiki':
|
||||
mysql_root_password => hiera('wiki_db_password'),
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
@ -96,12 +116,15 @@ node 'puppet-dashboard.openstack.org' {
|
||||
class { 'openstack_project::dashboard':
|
||||
password => hiera('dashboard_password'),
|
||||
mysql_password => hiera('dashboard_mysql_password'),
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
# A machine to serve static content.
|
||||
node 'static.openstack.org' {
|
||||
include openstack_project::static
|
||||
class { 'openstack_project::static':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
}
|
||||
|
||||
# A bare machine, but with a jenkins user
|
||||
@ -123,6 +146,7 @@ node /^precise.*\.slave\.openstack\.org$/ {
|
||||
include openstack_project::puppet_cron
|
||||
class { 'openstack_project::slave':
|
||||
certname => 'precise.slave.openstack.org',
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
class { 'openstack_project::glancetest':
|
||||
s3_store_access_key => hiera('s3_store_access_key'),
|
||||
@ -147,6 +171,7 @@ node /^oneiric.*\.slave\.openstack\.org$/ {
|
||||
include openstack_project::puppet_cron
|
||||
class { 'openstack_project::slave':
|
||||
certname => 'oneiric.slave.openstack.org',
|
||||
sysadmins => hiera('sysadmins'),
|
||||
}
|
||||
class { 'openstack_project::glancetest':
|
||||
s3_store_access_key => hiera('s3_store_access_key'),
|
||||
@ -162,4 +187,4 @@ node /^.*\.jclouds\.openstack\.org$/ {
|
||||
class { 'openstack_project::bare_slave':
|
||||
certname => 'jclouds.openstack.org',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
class openstack_project::community {
|
||||
class openstack_project::community (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 8099, 8080]
|
||||
iptables_public_tcp_ports => [80, 443, 8099, 8080],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
realize (
|
||||
|
||||
@ -1,21 +1,24 @@
|
||||
class openstack_project::dashboard(
|
||||
class openstack_project::dashboard (
|
||||
$password,
|
||||
$mysql_password) {
|
||||
$mysql_password,
|
||||
$sysadmins = []
|
||||
) {
|
||||
|
||||
class { 'openstack_project::template':
|
||||
iptables_public_tcp_ports => [80, 443, 3000]
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 3000],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
class {'::dashboard':
|
||||
dashboard_ensure => 'present',
|
||||
dashboard_user => 'www-data',
|
||||
dashboard_group => 'www-data',
|
||||
dashboard_password => $password,
|
||||
dashboard_db => 'dashboard_prod',
|
||||
dashboard_charset => 'utf8',
|
||||
dashboard_site => $fqdn,
|
||||
dashboard_port => '3000',
|
||||
mysql_root_pw => $mysql_password,
|
||||
passenger => true,
|
||||
dashboard_ensure => 'present',
|
||||
dashboard_user => 'www-data',
|
||||
dashboard_group => 'www-data',
|
||||
dashboard_password => $password,
|
||||
dashboard_db => 'dashboard_prod',
|
||||
dashboard_charset => 'utf8',
|
||||
dashboard_site => $fqdn,
|
||||
dashboard_port => '3000',
|
||||
mysql_root_pw => $mysql_password,
|
||||
passenger => true,
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,7 +1,10 @@
|
||||
class openstack_project::eavesdrop($nickpass) {
|
||||
class openstack_project::eavesdrop (
|
||||
$nickpass,
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
|
||||
iptables_public_tcp_ports => [80]
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
include meetbot
|
||||
|
||||
|
||||
@ -1,9 +1,12 @@
|
||||
class openstack_project::etherpad(
|
||||
class openstack_project::etherpad (
|
||||
$etherpad_crt,
|
||||
$etherpad_key,
|
||||
$database_password) {
|
||||
$database_password,
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443]
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
include etherpad_lite
|
||||
|
||||
@ -32,9 +32,11 @@ class openstack_project::gerrit (
|
||||
$mysql_root_password,
|
||||
$email_private_key,
|
||||
$testmode=false,
|
||||
$sysadmins=[]
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 29418]
|
||||
iptables_public_tcp_ports => [80, 443, 29418],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
class { '::gerrit':
|
||||
|
||||
@ -2,11 +2,4 @@ class openstack_project {
|
||||
|
||||
$jenkins_ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson\n"
|
||||
|
||||
$sysadmins = [
|
||||
'corvus@inaugust.com',
|
||||
'mordred@inaugust.com',
|
||||
'andrew@linuxjedi.co.uk',
|
||||
'devananda.vdv@gmail.com',
|
||||
'clark.boylan@gmail.com'
|
||||
]
|
||||
}
|
||||
|
||||
@ -1,7 +1,11 @@
|
||||
class openstack_project::jenkins($jenkins_jobs_password) {
|
||||
class openstack_project::jenkins (
|
||||
$jenkins_jobs_password,
|
||||
$sysadmins = []
|
||||
) {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 4155]
|
||||
iptables_public_tcp_ports => [80, 443, 4155],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
class { '::jenkins::master':
|
||||
|
||||
@ -1,7 +1,10 @@
|
||||
class openstack_project::jenkins_dev {
|
||||
class openstack_project::jenkins_dev (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 4155]
|
||||
}
|
||||
iptables_public_tcp_ports => [80, 443, 4155],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
include bup
|
||||
bup::site { 'rs-ord':
|
||||
backup_user => 'bup-jenkins-dev',
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
class openstack_project::paste {
|
||||
class openstack_project::paste (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80]
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
include lodgeit
|
||||
lodgeit::site { "openstack":
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
class openstack_project::planet {
|
||||
class openstack_project::planet (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80]
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
include ::planet
|
||||
|
||||
|
||||
@ -1,6 +1,9 @@
|
||||
class openstack_project::puppetmaster {
|
||||
class openstack_project::puppetmaster (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [8140]
|
||||
iptables_public_tcp_ports => [8140],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
cron { "updatepuppetmaster":
|
||||
user => root,
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
class openstack_project::pypi {
|
||||
class openstack_project::pypi (
|
||||
$sysadmins = []
|
||||
) {
|
||||
include tmpreaper
|
||||
include unattended_upgrades
|
||||
include openstack_project
|
||||
|
||||
# include jenkins slave so that build deps are there for the pip download
|
||||
class { 'jenkins::slave':
|
||||
@ -10,7 +11,8 @@ class openstack_project::pypi {
|
||||
}
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80]
|
||||
iptables_public_tcp_ports => [80],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
class { "pypimirror":
|
||||
|
||||
@ -24,13 +24,14 @@
|
||||
# 12:08 <@spearce> to a method that accepts milliseconds
|
||||
# 12:09 <@spearce> so. you get 5 milliseconds before aborting
|
||||
# thus, set it to 5000minutes until the bug is fixed.
|
||||
class openstack_project::review(
|
||||
class openstack_project::review (
|
||||
$github_oauth_token,
|
||||
$mysql_password,
|
||||
$mysql_root_password,
|
||||
$email_private_key,
|
||||
$gerritbot_password) {
|
||||
include openstack_project
|
||||
$gerritbot_password,
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::gerrit':
|
||||
ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem',
|
||||
ssl_key_file => '/etc/ssl/private/review.openstack.org.key',
|
||||
@ -53,6 +54,7 @@ class openstack_project::review(
|
||||
mysql_password => $mysql_password,
|
||||
mysql_root_password => $mysql_root_password,
|
||||
email_private_key => $email_private_key,
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
class { 'gerritbot':
|
||||
nick => 'openstackgerrit',
|
||||
|
||||
@ -1,8 +1,10 @@
|
||||
class openstack_project::review_dev(
|
||||
class openstack_project::review_dev (
|
||||
$github_oauth_token,
|
||||
$mysql_password,
|
||||
$mysql_root_password,
|
||||
$email_private_key) {
|
||||
$email_private_key,
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::gerrit':
|
||||
vhost_name => 'review-dev.openstack.org',
|
||||
canonicalweburl => "https://review-dev.openstack.org/",
|
||||
@ -20,6 +22,7 @@ class openstack_project::review_dev(
|
||||
mysql_password => $mysql_password,
|
||||
mysql_root_password => $mysql_root_password,
|
||||
email_private_key => $email_private_key,
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
file { '/var/log/gerrit_user_sync':
|
||||
|
||||
@ -1,14 +1,14 @@
|
||||
# A server that we expect to run for some time
|
||||
class openstack_project::server (
|
||||
$iptables_public_tcp_ports = [],
|
||||
$certname=$fqdn
|
||||
) {
|
||||
include openstack_project
|
||||
$sysadmins = [],
|
||||
$certname = $fqdn
|
||||
) {
|
||||
class { 'openstack_project::template':
|
||||
iptables_public_tcp_ports => $iptables_public_tcp_ports,
|
||||
certname => $certname,
|
||||
}
|
||||
class { 'exim':
|
||||
sysadmin => $openstack_project::sysadmins
|
||||
sysadmin => $sysadmins
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,16 +1,16 @@
|
||||
class openstack_project::slave(
|
||||
$certname=$fqdn
|
||||
) {
|
||||
class openstack_project::slave (
|
||||
$certname=$fqdn,
|
||||
$sysadmins=[]
|
||||
) {
|
||||
include openstack_project
|
||||
include tmpreaper
|
||||
include unattended_upgrades
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [],
|
||||
certname => $certname,
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
class { 'jenkins::slave':
|
||||
ssh_key => $openstack_project::jenkins_ssh_key
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1,7 +1,10 @@
|
||||
class openstack_project::static() {
|
||||
class openstack_project::static (
|
||||
$sysadmins = []
|
||||
) {
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443]
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
class { 'jenkins::jenkinsuser':
|
||||
|
||||
@ -1,10 +1,14 @@
|
||||
class openstack_project::wiki($mysql_root_password) {
|
||||
class openstack_project::wiki (
|
||||
$mysql_root_password,
|
||||
$sysadmins = []
|
||||
) {
|
||||
|
||||
include openssl
|
||||
include subversion
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443]
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => $sysadmins
|
||||
}
|
||||
|
||||
realize (
|
||||
|
||||
1
test.sh
Normal file → Executable file
1
test.sh
Normal file → Executable file
@ -9,6 +9,7 @@ fi
|
||||
|
||||
csplit -sf applytest/puppetapplytest manifests/site.pp '/^$/' {*}
|
||||
sed -i -e 's/^[^[:space:]]/#&/g' applytest/puppetapplytest*
|
||||
sed -i -e 's/hiera..sysadmins../["admin"]/' applytest/puppetapplytest*
|
||||
sed -i -e 's/hiera..listadmins../["admin"]/' applytest/puppetapplytest*
|
||||
sed -i -e 's/hiera.*/PASSWORD,/' applytest/puppetapplytest*
|
||||
for f in `find applytest -name 'puppetapplytest*' -print` ; do
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user