Connectivity from workers to gearmand on zuul.
* manifests/site.pp: Pass both jenkins.openstack.org and jenkins-dev.openstack.org to openstack_project::zuul as the list of gearman workers for use in iptables rules. * modules/openstack_project/manifests/jenkins.pp * modules/openstack_project/manifests/jenkins_dev.pp: Remove unused 4155/tcp from public allowed ports list, previously for a bzr service which is no longer running on these servers. * modules/openstack_project/manifests/zuul.pp: Add iptables rules allowing access from gearman workers to the gearmand, and also configure gearmand to listen on all addresses including IPv6, as opposed to its IPv4-only default. Change-Id: I3c9c31732bcb8d4033a5ec9a602242656d993d7b Reviewed-on: https://review.openstack.org/25583 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
This commit is contained in:
parent
60b92dbad7
commit
f61a6e53dd
@ -229,9 +229,16 @@ node 'zuul.openstack.org' {
|
||||
url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
|
||||
sysadmins => hiera('sysadmins'),
|
||||
statsd_host => 'graphite.openstack.org',
|
||||
gearman_workers => [
|
||||
'jenkins.openstack.org',
|
||||
'jenkins-dev.openstack.org',
|
||||
],
|
||||
}
|
||||
# co-host gearman-job-server
|
||||
include gearman
|
||||
class { 'gearman':
|
||||
listen => '::',
|
||||
}
|
||||
}
|
||||
|
||||
# A bare machine, but with a jenkins user
|
||||
|
@ -9,7 +9,7 @@ class openstack_project::jenkins (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 4155],
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
|
||||
|
@ -4,7 +4,7 @@ class openstack_project::jenkins_dev (
|
||||
$sysadmins = []
|
||||
) {
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80, 443, 4155],
|
||||
iptables_public_tcp_ports => [80, 443],
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
include bup
|
||||
|
@ -11,14 +11,20 @@ class openstack_project::zuul(
|
||||
$zuul_ssh_private_key = '',
|
||||
$url_pattern = '',
|
||||
$sysadmins = [],
|
||||
$statsd_host = ''
|
||||
$statsd_host = '',
|
||||
$gearman_workers = []
|
||||
) {
|
||||
|
||||
$rules = [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
|
||||
# Turn a list of hostnames into a list of iptables rules
|
||||
$iptables_rules6 = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
|
||||
$iptables_rules4 = $iptables_rules6
|
||||
|
||||
$iptables_rules4 += [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [80],
|
||||
iptables_rules4 => $rules,
|
||||
iptables_rules6 => $iptables_rules6,
|
||||
iptables_rules4 => $iptables_rules4,
|
||||
sysadmins => $sysadmins,
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user