Connectivity from workers to gearmand on zuul.

* manifests/site.pp: Pass both jenkins.openstack.org and
jenkins-dev.openstack.org to openstack_project::zuul as the list of
gearman workers for use in iptables rules.

* modules/openstack_project/manifests/jenkins.pp
* modules/openstack_project/manifests/jenkins_dev.pp: Remove unused
4155/tcp from public allowed ports list, previously for a bzr
service which is no longer running on these servers.

* modules/openstack_project/manifests/zuul.pp: Add iptables rules
allowing access from gearman workers to the gearmand, and also
configure gearmand to listen on all addresses including IPv6, as
opposed to its IPv4-only default.

Change-Id: I3c9c31732bcb8d4033a5ec9a602242656d993d7b
Reviewed-on: https://review.openstack.org/25583
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This commit is contained in:
Jeremy Stanley 2013-03-28 02:42:05 +00:00 committed by Jenkins
parent 60b92dbad7
commit f61a6e53dd
4 changed files with 18 additions and 5 deletions

View File

@ -229,9 +229,16 @@ node 'zuul.openstack.org' {
url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}', url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
sysadmins => hiera('sysadmins'), sysadmins => hiera('sysadmins'),
statsd_host => 'graphite.openstack.org', statsd_host => 'graphite.openstack.org',
gearman_workers => [
'jenkins.openstack.org',
'jenkins-dev.openstack.org',
],
} }
# co-host gearman-job-server # co-host gearman-job-server
include gearman include gearman
class { 'gearman':
listen => '::',
}
} }
# A bare machine, but with a jenkins user # A bare machine, but with a jenkins user

View File

@ -9,7 +9,7 @@ class openstack_project::jenkins (
$sysadmins = [] $sysadmins = []
) { ) {
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155], iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins, sysadmins => $sysadmins,
} }

View File

@ -4,7 +4,7 @@ class openstack_project::jenkins_dev (
$sysadmins = [] $sysadmins = []
) { ) {
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155], iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins, sysadmins => $sysadmins,
} }
include bup include bup

View File

@ -11,14 +11,20 @@ class openstack_project::zuul(
$zuul_ssh_private_key = '', $zuul_ssh_private_key = '',
$url_pattern = '', $url_pattern = '',
$sysadmins = [], $sysadmins = [],
$statsd_host = '' $statsd_host = '',
$gearman_workers = []
) { ) {
$rules = [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ] # Turn a list of hostnames into a list of iptables rules
$iptables_rules6 = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
$iptables_rules4 = $iptables_rules6
$iptables_rules4 += [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [80], iptables_public_tcp_ports => [80],
iptables_rules4 => $rules, iptables_rules6 => $iptables_rules6,
iptables_rules4 => $iptables_rules4,
sysadmins => $sysadmins, sysadmins => $sysadmins,
} }