opendev/system-config
Code Issues Proposed changes
system-config/modules/openstack_project/manifests/zuul_prod.pp
Jeremy Stanley cd324bdfac Also serve zuul status.json via HTTPS 
So that we can include slices of zuul status data via Javascript at
https://review.openstack.org/ we also need it to be served via HTTPS
to match or else browsers will balk at it. Note that this does not
stop serving via HTTP or redirect it in any way, it is merely a
secondary means of obtaining the same data.

Change-Id: I1a11c990ea83e00550a0564ac1cf9d5d883db97d
Depends-On: I9799f39bf170f660bcbc17719937e1e87b68ac4a
2015-02-26 14:45:31 -08:00

112 lines
3.8 KiB
Puppet
Raw Blame History

# == Class: openstack_project::zuul_prod
#
class openstack_project::zuul_prod(
$vhost_name = $::fqdn,
$gearman_server = '127.0.0.1',
$gerrit_server = '',
$gerrit_user = '',
$gerrit_ssh_host_key = '',
$zuul_ssh_private_key = '',
$url_pattern = '',
$zuul_url = '',
$status_url = 'http://status.openstack.org/zuul/',
$swift_authurl = '',
$swift_auth_version = '',
$swift_user = '',
$swift_key = '',
$swift_tenant_name = '',
$swift_region_name = '',
$swift_default_container = '',
$swift_default_logserver_prefix = '',
$swift_default_expiry = 7200,
$proxy_ssl_cert_file_contents = '',
$proxy_ssl_key_file_contents = '',
$proxy_ssl_chain_file_contents = '',
$sysadmins = [],
$statsd_host = '',
$gearman_workers = [],
$project_config_repo = '',
) {
# Turn a list of hostnames into a list of iptables rules
$iptables_rules = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => $sysadmins,
}
class { 'project_config':
url => $project_config_repo,
}
class { '::zuul':
vhost_name => $vhost_name,
gearman_server => $gearman_server,
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
zuul_ssh_private_key => $zuul_ssh_private_key,
url_pattern => $url_pattern,
zuul_url => $zuul_url,
job_name_in_report => true,
status_url => $status_url,
statsd_host => $statsd_host,
git_email => 'jenkins@openstack.org',
git_name => 'OpenStack Jenkins',
swift_authurl => $swift_authurl,
swift_auth_version => $swift_auth_version,
swift_user => $swift_user,
swift_key => $swift_key,
swift_tenant_name => $swift_tenant_name,
swift_region_name => $swift_region_name,
swift_default_container => $swift_default_container,
swift_default_logserver_prefix => $swift_default_logserver_prefix,
swift_default_expiry => $swift_default_expiry,
proxy_ssl_cert_file_contents => $proxy_ssl_cert_file_contents,
proxy_ssl_key_file_contents => $proxy_ssl_key_file_contents,
proxy_ssl_chain_file_contents => $proxy_ssl_chain_file_contents,
}
class { '::zuul::server':
layout_dir => $::project_config::zuul_layout_dir,
require => $::project_config::config_dir,
}
if $gerrit_ssh_host_key != '' {
file { '/home/zuul/.ssh':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0700',
require => Class['::zuul'],
}
file { '/home/zuul/.ssh/known_hosts':
ensure => present,
owner => 'zuul',
group => 'zuul',
mode => '0600',
content => "review.openstack.org,23.253.232.87,2001:4800:7815:104:3bc3:d7f6:ff03:bf5d ${gerrit_ssh_host_key}",
replace => true,
require => File['/home/zuul/.ssh'],
}
}
file { '/etc/zuul/logging.conf':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/logging.conf',
notify => Exec['zuul-reload'],
}
file { '/etc/zuul/gearman-logging.conf':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/gearman-logging.conf',
notify => Exec['zuul-reload'],
}
file { '/etc/zuul/merger-logging.conf':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/merger-logging.conf',
}
}
View Git Blame Copy Permalink