opendev/system-config
Code Issues Proposed changes
system-config/modules/openstack_project/manifests/jenkins.pp
Clark Boylan 929ebfd170 Use snakeoil certs on numbered jenkins masters. 
Make it easier to deploy jenkins masters by using snakeoil certs on
numbered jenkins masters. This also simplifies the process of replacing
certs as make-ssl-cert can easily regenerate snakeoil certs for us.

Change-Id: I4966b1e502e0edf4f6fad25f06b9bacca25c5951
2014-04-09 14:50:19 -07:00

182 lines
4.6 KiB
Puppet
Raw Blame History

# == Class: openstack_project::jenkins
#
class openstack_project::jenkins (
$vhost_name = $::fqdn,
$jenkins_jobs_password = '',
$jenkins_jobs_username = 'gerrig', # This is not a typo, well it isn't anymore.
$manage_jenkins_jobs = true,
$ssl_cert_file = '',
$ssl_key_file = '',
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$jenkins_ssh_private_key = '',
$zmq_event_receivers = [],
$sysadmins = []
) {
include openstack_project
$iptables_rule = regsubst ($zmq_event_receivers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 8888 -s \1 -j ACCEPT')
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
iptables_rules6 => $iptables_rule,
iptables_rules4 => $iptables_rule,
sysadmins => $sysadmins,
}
# Set defaults here because they evaluate variables which you cannot
# do in the class parameter list.
if $ssl_cert_file == '' {
$prv_ssl_cert_file = "/etc/ssl/certs/${vhost_name}.pem"
}
else {
$prv_ssl_cert_file = $ssl_cert_file
}
if $ssl_key_file == '' {
$prv_ssl_key_file = "/etc/ssl/private/${vhost_name}.key"
}
else {
$prv_ssl_key_file = $ssl_key_file
}
class { '::jenkins::master':
vhost_name => $vhost_name,
serveradmin => 'webmaster@openstack.org',
logo => 'openstack.png',
ssl_cert_file => $prv_ssl_cert_file,
ssl_key_file => $prv_ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
jenkins_ssh_private_key => $jenkins_ssh_private_key,
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
}
jenkins::plugin { 'ansicolor':
version => '0.3.1',
}
jenkins::plugin { 'bazaar':
version => '1.20',
}
jenkins::plugin { 'build-timeout':
version => '1.10',
}
jenkins::plugin { 'copyartifact':
version => '1.22',
}
jenkins::plugin { 'dashboard-view':
version => '2.3',
}
jenkins::plugin { 'envinject':
version => '1.70',
}
jenkins::plugin { 'gearman-plugin':
version => '0.0.3',
}
jenkins::plugin { 'git':
version => '1.1.23',
}
jenkins::plugin { 'github-api':
version => '1.33',
}
jenkins::plugin { 'github':
version => '1.4',
}
jenkins::plugin { 'greenballs':
version => '1.12',
}
jenkins::plugin { 'htmlpublisher':
version => '1.0',
}
jenkins::plugin { 'extended-read-permission':
version => '1.0',
}
jenkins::plugin { 'postbuild-task':
version => '1.8',
}
# TODO(clarkb): release
# jenkins::plugin { 'zmq-event-publisher':
# version => '1.0',
# }
jenkins::plugin { 'jclouds-jenkins':
version => '2.3.1',
}
# TODO(jeblair): release
# jenkins::plugin { 'scp':
# version => '1.9',
# }
jenkins::plugin { 'violations':
version => '0.7.11',
}
jenkins::plugin { 'jobConfigHistory':
version => '1.13',
}
jenkins::plugin { 'monitoring':
version => '1.40.0',
}
jenkins::plugin { 'nodelabelparameter':
version => '1.2.1',
}
jenkins::plugin { 'notification':
version => '1.4',
}
jenkins::plugin { 'openid':
version => '1.5',
}
jenkins::plugin { 'parameterized-trigger':
version => '2.15',
}
jenkins::plugin { 'publish-over-ftp':
version => '1.7',
}
jenkins::plugin { 'rebuild':
version => '1.14',
}
jenkins::plugin { 'simple-theme-plugin':
version => '0.2',
}
jenkins::plugin { 'timestamper':
version => '1.3.1',
}
jenkins::plugin { 'token-macro':
version => '1.5.1',
}
jenkins::plugin { 'url-change-trigger':
version => '1.2',
}
jenkins::plugin { 'urltrigger':
version => '0.24',
}
if $manage_jenkins_jobs == true {
class { '::jenkins::job_builder':
url => "https://${vhost_name}/",
username => $jenkins_jobs_username,
password => $jenkins_jobs_password,
}
file { '/etc/jenkins_jobs/config':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
recurse => true,
purge => true,
force => true,
source =>
'puppet:///modules/openstack_project/jenkins_job_builder/config',
notify => Exec['jenkins_jobs_update'],
}
file { '/etc/default/jenkins':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/openstack_project/jenkins/jenkins.default',
}
}
}
View Git Blame Copy Permalink