opendev
/
puppet-jenkins
Code Issues Proposed changes

Retire repo 

Depends-On: https://review.opendev.org/720892
Change-Id: I51d9b165299d73d708ee389a5faf49f1a1b63a97
This commit is contained in:
Monty Taylor 2020-04-22 08:56:37 -05:00
parent 382d78c48d
commit 90fbfe458e
51 changed files with 8 additions and 2055 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,5 +0,0 @@
Gemfile.lock
.bundled_gems/
log/
junit/
.vagrant/

2
.gitreview
View File

@ -1,4 +1,4 @@
[gerrit]
host=review.opendev.org
port=29418
project=opendev/puppet-jenkins.git
project=opendev/puppet-jenkins.git

15
Gemfile
View File

@ -1,15 +0,0 @@
source 'https://rubygems.org'
if ENV['ZUUL_REF'] && File.exists?("#{ENV['WORKSPACE']}/openstack-infra/puppet-openstack_infra_spec_helper")
gem_checkout_method = {:path => "#{ENV['WORKSPACE']}/openstack-infra/puppet-openstack_infra_spec_helper"}
else
gem_checkout_method = {:git => 'https://git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'}
end
gem_checkout_method[:require] = false
group :development, :test, :system_tests do
gem 'puppet-openstack_infra_spec_helper',
gem_checkout_method
end
# vim:ft=ruby

202
LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

3
README.md
View File

@ -1,3 +0,0 @@
# OpenStack Jenkins Module
This module installs and configures Jenkins

7
README.rst Normal file
View File

@ -0,0 +1,7 @@
This Repo is Retired
====================
It is no longer maintained. If you are still using it,
you should pin your use to the commit before this one
and then start working on moving off of it.

8
Rakefile
View File

@ -1,8 +0,0 @@
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.fail_on_warnings = true
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_autoloader_layout')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
PuppetLint.configuration.send('disable_class_parameter_defaults')

24
files/10-ptrace.conf
View File

@ -1,24 +0,0 @@
# This file is managed by puppet.
#
# The PTRACE system is used for debugging. With it, a single user process
# can attach to any other dumpable process owned by the same user. In the
# case of malicious software, it is possible to use PTRACE to access
# credentials that exist in memory (re-using existing SSH connections,
# extracting GPG agent information, etc).
#
# A PTRACE scope of "0" is the more permissive mode. A scope of "1" limits
# PTRACE only to direct child processes (e.g. "gdb name-of-program" and
# "strace -f name-of-program" work, but gdb's "attach" and "strace -fp $PID"
# do not). The PTRACE scope is ignored when a user has CAP_SYS_PTRACE, so
# "sudo strace -fp $PID" will work as before. For more details see:
# https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace
#
# For applications launching crash handlers that need PTRACE, exceptions can
# be registered by the debugee by declaring in the segfault handler
# specifically which process will be using PTRACE on the debugee:
# prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
#
# In general, PTRACE is not needed for the average running Ubuntu system.
# To that end, the default is to set the PTRACE scope to "1". This value
# may not be appropriate for developers or servers with only admin accounts.
kernel.yama.ptrace_scope = 0

17
files/cgroups/cgconfig.service
View File

@ -1,17 +0,0 @@
[Unit]
Description=Control Group configuration service
# The service should be able to start as soon as possible,
# before any 'normal' services:
DefaultDependencies=no
Conflicts=shutdown.target
Before=basic.target shutdown.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf -s 1664
ExecStop=/usr/sbin/cgclear -l /etc/cgconfig.conf -e
[Install]
WantedBy=sysinit.target

11
files/cgroups/cgred.service
View File

@ -1,11 +0,0 @@
[Unit]
Description=CGroups Rules Engine Daemon
After=syslog.target
[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/cgred
ExecStart=/usr/sbin/cgrulesengd $OPTIONS
[Install]
WantedBy=multi-user.target

3
files/cgroups/cgrules.conf
View File

@ -1,3 +0,0 @@
jenkins:java memory /jenkins
jenkins:sshd memory /jenkins
jenkins memory /jenkins/children

6
files/cgroups/upstart_cgconfig
View File

@ -1,6 +0,0 @@
description "load legacy cgconfig files"
author "Jeremy Stanley <fungi@yuggoth.org>"
start on started cgroup-lite
pre-start script
/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
end script

6
files/cgroups/upstart_cgred
View File

@ -1,6 +0,0 @@
description "launch cgrulesengd"
author "Jeremy Stanley <fungi@yuggoth.org>"
start on started cgconfig
pre-start script
/usr/sbin/cgrulesengd
end script

47
files/cli-shutdown.groovy
View File

@ -1,47 +0,0 @@
/*
=======================================================================
Taken directly from https://github.com/jenkinsci-cert/SECURITY-218
See https://jenkins-ci.org/content
/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
=======================================================================
The MIT License
Copyright (c) 2015, Kohsuke Kawaguchi
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
import jenkins.*;
import jenkins.model.*;
import hudson.model.*;
// disabled CLI access over TCP listener (separate port)
def p = AgentProtocol.all()
p.each { x ->
if (x.name.contains("CLI")) p.remove(x)
}
// disable CLI access over /cli URL
def removal = { lst ->
lst.each { x -> if (x.getClass().name.contains("CLIAction")) lst.remove(x) }
}
def j = Jenkins.instance;
removal(j.getExtensionList(RootAction.class))
removal(j.actions)

12
files/localrc
View File

@ -1,12 +0,0 @@
# This file is managed by puppet.
MYSQL_PASSWORD=secret
RABBIT_PASSWORD=secret
ADMIN_PASSWORD=secret
SERVICE_TOKEN=111222333444
ROOTSLEEP=0
SYSLOG=True
ACTIVE_TIMEOUT=60
BOOT_TIMEOUT=90
ASSOCIATE_TIMEOUT=60
MULTI_HOST=1

28
files/logger.conf
View File

@ -1,28 +0,0 @@
# Properties file which configures the operation of the JDK
# logging facility.
# reference: http://www.javapractices.com/topic/TopicAction.do?Id=143
# The system will look for this config file, first using
# a System property specified at startup:
#
# >java -Djava.util.logging.config.file=myLoggingConfigFilePath
#
# If this property is not specified, then the config file is
# retrieved from its default location at:
#
# JDK_HOME/jre/lib/logging.properties
# Global logging properties.
# ------------------------------------------
# The set of handlers to be loaded upon startup.
# Comma-separated list of class names.
# (? LogManager docs say no comma here, but JDK example has comma.)
handlers=java.util.logging.ConsoleHandler
# Loggers
# ------------------------------------------
# Loggers are usually attached to packages.
# Here, the level for each package is specified.
# The global level is used by default, so levels
# specified here simply act as an override.
org.gearman.session.logger.level=WARNING

BIN
files/openstack-page-bkg.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.7 KiB

24
files/openstack.css
View File

@ -1,24 +0,0 @@
body {color: #535353 !important; background: url("/plugin/simple-theme-plugin/openstack-page-bkg.jpg") no-repeat scroll 0 0 white !important; position: static}
a,a:visited {color: #264D69 !important; text-decoration: none !important;}
a:hover {color: #000 !important; text-decoration: underline !important}
#breadcrumbs {border-top: 1px solid #D3D7CF; background: #fff}
#header {margin-top: 5px}
#header tr:first-child {height: 60px}
#heading_text {font-size: 26px; padding-left: 10px; color: #CF2F19; font-family: 'PT Sans', sans-serif; font-weight: normal; letter-spacing: -1px}
#top-panel a:hover {text-decoration: none !important}
#top-panel {background: none;}
#top-panel img:first-child {display: none;}
.pane tr:nth-child(even) {background: #EEF3F5; color: #353535}
.pane tr:nth-child(odd) {background: #FFF; color: #353535}
.pane td {border: 1px solid #C5E2EA !important}
div.top-sticker-inner {background: none;}
div[id*='title-dashboard_portlet'] {background-color: #EEEEEE !important; border: 1px solid #D8D8D8 !important}
#statistics th {background-color: #EEEEEE !important; border: 1px solid #D8D8D8 !important}
#viewList td.inactive {border-top: 0; border-right: 0; border-left: 0; border-bottom: 1px solid #C5E2EA;}
#viewList td.inactive a {color: #353535 !important}
#viewList td.inactive:hover {background: none !important}
#viewList td.active {border-top: 0; border-right: 0; border-left: 0; border-bottom: 3px solid #CF2F19; padding-bottom: 0px !important; color: #CF2F19; background: none;}
#viewList td.filler {border: 0}
pre {color: black}
label {color: black}

BIN
files/openstack.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.6 KiB

93
files/safe_jenkins_shutdown
View File

@ -1,93 +0,0 @@
#!/usr/bin/env python
# Copyright 2015 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import argparse
import time
import jenkins
def delete_offline_nodes(server, timeout):
start = time.time()
end = start + timeout
while True:
nodes = server.get_nodes()
offline_nodes = [node for node in nodes if node['offline'] and
node['name'] != 'master']
if not offline_nodes:
# We have converged to no offline nodes state
break
elif time.time() > end:
raise Exception("Offline slave deletion timeout exceeded.")
try:
for n in offline_nodes:
server.delete_node(n['name'])
# This may have raced an external system deleting nodes
# after jobs complete. Just retry as we should
# converage on no jobs running and no deletions.
except jenkins.NotFoundException:
pass
except jenkins.JenkinsException as e:
if '[500]' in str(e):
pass
else:
raise
time.sleep(1)
def parse_args():
parser = argparse.ArgumentParser(description='Safely stop Jenkins.')
parser.add_argument('--url', default='http://localhost:8080',
help='Base url for Jenkins master.')
parser.add_argument('--user', required=True,
help='Username to connect to Jenkins with.')
parser.add_argument('--password', required=True,
help='Password to auth with.')
parser.add_argument('--no-delete', dest='delete', action='store_false',
default=True, help="Don't delete offline slaves.")
parser.add_argument('--delete-timeout', type=int, default=300,
help="Seconds to spend deleting offline slaves.")
args = parser.parse_args()
return args
def main():
args = parse_args()
server = jenkins.Jenkins(args.url,
username=args.user,
password=args.password)
# Put in shutdown mode
server.quiet_down()
while True:
try:
if not server.get_running_builds():
break
# This may have raced an external system deleting executors
# while listing the running jobs. Just retry as we should
# converage on no jobs running and no deletions.
except jenkins.NotFoundException:
pass
except jenkins.JenkinsException as e:
if '[500]' in str(e):
pass
else:
raise
# Jobs are slow wait a minute between polls
time.sleep(60)
if args.delete:
# Remove any offline nodes so they don't go online after restart.
delete_offline_nodes(server, args.delete_timeout)
if __name__ == '__main__':
main()

34
files/settings.xml
View File

@ -1,34 +0,0 @@
<settings>
<pluginGroups>
<pluginGroup>org.jenkins-ci.tools</pluginGroup>
</pluginGroups>
<profiles>
<!-- Give access to Jenkins plugins -->
<profile>
<id>jenkins</id>
<activation>
<activeByDefault>true</activeByDefault> <!-- change this to false, if you don't like to have it on per default -->
</activation>
<repositories>
<repository>
<id>repo.jenkins-ci.org</id>
<url>http://repo.jenkins-ci.org/public/</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>repo.jenkins-ci.org</id>
<url>http://repo.jenkins-ci.org/public/</url>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<mirrors>
<mirror>
<id>repo.jenkins-ci.org</id>
<url>http://repo.jenkins-ci.org/public/</url>
<mirrorOf>m.g.o-public</mirrorOf>
</mirror>
</mirrors>
</settings>

3
files/ssh_config
View File

@ -1,3 +0,0 @@
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
LogLevel=ERROR

BIN
files/stackforge.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.6 KiB

8
files/versions.conf
View File

@ -1,8 +0,0 @@
description "BZR smart server of tarball versions"
author "Monty Taylor <mordred@inaugust.com>"
start on (local-filesystems and net-device-up)
stop on runlevel [!2345]
exec bzr serve --allow-writes -d /var/lib/jenkins/versions/

19
lib/facter/dpkg.rb
View File

@ -1,19 +0,0 @@
Facter.add(:dpkg_arch) do
confine :kernel => :linux
confine :osfamily => :Debian
setcode do
arch = Facter::Util::Resolution.exec('dpkg --print-architecture')
arch
end
end
Facter.add(:dpkg) do
confine :kernel => :linux
confine :osfamily => :Debian
dpkg = {}
setcode do
arch = Facter::Util::Resolution.exec('dpkg --print-architecture')
dpkg['architecture'] = arch
dpkg
end
end

7
lib/facter/memorytotalbytes.rb
View File

@ -1,7 +0,0 @@
# memorytotalbytes.rb
Facter.add("memorytotalbytes") do
setcode do
Facter::Util::Resolution.exec('free -b | sed -n \'s/^Mem:\W\+\([0-9]\+\).*$/\1/p\'')
end
end

104
manifests/cgroups.pp
View File

@ -1,104 +0,0 @@
# == Class: jenkins::cgroups
#
class jenkins::cgroups {
include ::jenkins::params
if ($::jenkins::params::cgroups_tools_package != '') {
package { 'cgroups-tools':
ensure => present,
name => $::jenkins::params::cgroups_tools_package,
}
}
package { 'cgroups':
ensure => present,
name => $::jenkins::params::cgroups_package,
}
file { '/etc/cgconfig.conf':
ensure => present,
replace => true,
owner => 'root',
group => 'jenkins',
mode => '0644',
content => template('jenkins/cgconfig.erb'),
}
file { '/etc/cgrules.conf':
ensure => present,
replace => true,
owner => 'root',
group => 'jenkins',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/cgrules.conf',
}
if $::osfamily == 'Debian' {
# 14.04 and below is using upstart.
if $::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '14.04') <= 0 {
file { 'cgconfig.service':
ensure => present,
replace => true,
owner => 'root',
path => '/etc/init/cgconfig.conf',
group => 'root',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/upstart_cgconfig',
}
file { '/etc/init.d/cgconfig':
ensure => link,
target => '/lib/init/upstart-job',
}
file { 'cgred.service':
ensure => present,
replace => true,
owner => 'root',
path => '/etc/init/cgred.conf',
group => 'root',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/upstart_cgred',
}
file { '/etc/init.d/cgred':
ensure => link,
target => '/lib/init/upstart-job',
}
} else {
file { 'cgred.service':
ensure => present,
replace => true,
owner => 'root',
path => '/etc/systemd/system/cgred.service',
group => 'root',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/cgred.service',
}
file { 'cgconfig.service':
ensure => present,
replace => true,
owner => 'root',
path => '/etc/systemd/system/cgconfig.service',
group => 'root',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/cgconfig.service',
}
}
}
service { 'cgconfig':
ensure => running,
enable => true,
require => $::jenkins::params::cgconfig_require,
subscribe => File['/etc/cgconfig.conf'],
}
service { 'cgred':
ensure => running,
enable => true,
require => $::jenkins::params::cgred_require,
subscribe => File['/etc/cgrules.conf'],
}
}

23
manifests/cli.pp
View File

@ -1,23 +0,0 @@
# == Class: jenkins::cli
#
class jenkins::cli (
$base_folder = '/opt/jenkins',
$dest_folder = 'cli',
) {
file { $base_folder:
ensure => directory,
}
file { "${base_folder}/${dest_folder}":
ensure => directory,
require => File[$base_folder],
}
exec { 'download-cli':
command => '/usr/bin/wget http://localhost:8080/jnlpJars/jenkins-cli.jar',
cwd => "${base_folder}/${dest_folder}",
creates => "${base_folder}/${dest_folder}/jenkins-cli.jar",
require => File["${base_folder}/${dest_folder}"],
onlyif => '/usr/sbin/service jenkins status',
}
}

152
manifests/jenkinsuser.pp
View File

@ -1,152 +0,0 @@
# == Class: jenkins::jenkinsuser
#
class jenkins::jenkinsuser(
$ssh_key = undef,
$ensure = present,
$gitfullname = 'OpenStack Jenkins',
$gitemail = 'jenkins@openstack.org',
$gitpgpkey = 'jenkins@openstack.org',
$gerrituser = 'jenkins',
$gerritkeytype = 'rsa',
$gerritkey = undef,
) {
group { 'jenkins':
ensure => present,
}
user { 'jenkins':
ensure => present,
comment => 'Jenkins User',
home => '/home/jenkins',
gid => 'jenkins',
shell => '/bin/bash',
membership => 'minimum',
groups => [],
require => Group['jenkins'],
}
file { '/home/jenkins':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0644',
require => User['jenkins'],
}
file { '/home/jenkins/.pip':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => File['/home/jenkins'],
}
file { '/home/jenkins/.gitconfig':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
content => template('jenkins/gitconfig.erb'),
require => File['/home/jenkins'],
}
file { '/home/jenkins/.ssh':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0700',
require => File['/home/jenkins'],
}
if $ssh_key != undef {
file { '/home/jenkins/.ssh/authorized_keys':
ensure => 'file',
owner => 'jenkins',
group => 'jenkins',
mode => '0600',
content => template('jenkins/authorized_keys.erb'),
require => File['/home/jenkins/.ssh'],
}
}
if $gerritkey != undef {
file { "/home/jenkins/.ssh/id_${gerritkeytype}":
ensure => 'file',
owner => 'jenkins',
group => 'jenkins',
mode => '0600',
content => $gerritkey,
require => File['/home/jenkins/.ssh'],
}
}
#NOTE: not all distributions have default bash files in /etc/skel
if ($::osfamily == 'Debian') {
file { '/home/jenkins/.bashrc':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
source => '/etc/skel/.bashrc',
replace => false,
require => File['/home/jenkins'],
}
file { '/home/jenkins/.bash_logout':
ensure => present,
source => '/etc/skel/.bash_logout',
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
replace => false,
require => File['/home/jenkins'],
}
file { '/home/jenkins/.profile':
ensure => present,
source => '/etc/skel/.profile',
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
replace => false,
require => File['/home/jenkins'],
}
}
file { '/home/jenkins/.ssh/config':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
require => File['/home/jenkins/.ssh'],
source => 'puppet:///modules/jenkins/ssh_config',
}
file { '/home/jenkins/.config':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0755',
require => File['/home/jenkins'],
}
file { '/home/jenkins/.m2':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0755',
require => File['/home/jenkins'],
}
file { '/home/jenkins/.m2/settings.xml':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0644',
require => File['/home/jenkins/.m2'],
source => 'puppet:///modules/jenkins/settings.xml',
}
}

93
manifests/job_builder.pp
View File

@ -1,93 +0,0 @@
# == Class: jenkins::job_builder
#
class jenkins::job_builder (
$url,
$username,
$password,
$git_revision = 'master',
$git_url = 'https://git.openstack.org/openstack-infra/jenkins-job-builder',
$config_dir = '',
$jenkins_jobs_update_timeout = '600',
$query_plugins_info = true,
$extensions = [],
$manage_user = false,
) {
validate_array($extensions)
# A lot of things need yaml, be conservative requiring this package to avoid
# conflicts with other modules.
if ! defined(Package['python-yaml']) {
package { 'python-yaml':
ensure => present,
}
}
if ! defined(Package['python-jenkins']) {
package { 'python-jenkins':
ensure => latest,
provider => openstack_pip,
}
}
vcsrepo { '/opt/jenkins_job_builder':
ensure => latest,
provider => git,
revision => $git_revision,
source => $git_url,
}
exec { 'install_jenkins_job_builder':
command => 'pip install /opt/jenkins_job_builder',
path => '/usr/local/bin:/usr/bin:/bin/',
refreshonly => true,
subscribe => Vcsrepo['/opt/jenkins_job_builder'],
}
if $manage_user {
ensure_resource('user', $username, {
ensure => present,
password => $password,
comment => 'Jenkins Job Builder',
home => '/etc/jenkins_jobs',
system => true,
})
}
file { '/etc/jenkins_jobs':
ensure => directory,
}
file { '/etc/jenkins_jobs/config':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
recurse => true,
purge => true,
force => true,
source => $config_dir,
require => File['/etc/jenkins_jobs'],
notify => Exec['jenkins_jobs_update'],
}
exec { 'jenkins_jobs_update':
command => 'jenkins-jobs update --delete-old /etc/jenkins_jobs/config',
timeout => $jenkins_jobs_update_timeout,
path => '/bin:/usr/bin:/usr/local/bin',
refreshonly => true,
require => [
File['/etc/jenkins_jobs/jenkins_jobs.ini'],
Package['python-jenkins'],
Package['python-yaml'],
],
}
# TODO: We should put in notify Exec['jenkins_jobs_update']
# at some point, but that still has some problems.
file { '/etc/jenkins_jobs/jenkins_jobs.ini':
ensure => present,
mode => '0400',
content => template('jenkins/jenkins_jobs.ini.erb'),
require => File['/etc/jenkins_jobs'],
}
}

328
manifests/master.pp
View File

@ -1,328 +0,0 @@
# == Class: jenkins::master
#
# This class will install and configure Jenkins master
#
# === Parameters
#
# [*jenkins_default*]
# (Optional) Puppet source from which to initialize /etc/defaults/jenkins.
# E.g. 'puppet:///modules/<yourmodule/jenkins.default'. If specified,
# java_args_override, run_standalone, max_open_files, and http_port are
# ignored.
class jenkins::master(
$logo = '',
$vhost_name = $::fqdn,
$serveradmin = "webmaster@${::fqdn}",
$ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$jenkins_ssh_private_key = '',
$jenkins_ssh_public_key = '',
$jenkins_default = undef,
$jenkins_version = 'present',
$java_args_override = undef,
$jenkins_deb_url_base = 'http://pkg.jenkins.io/debian/binary',
$run_standalone = true,
$max_open_files = 8192,
$http_port = 8080,
) {
include ::pip
include ::apt
include ::httpd
include ::jenkins::params
package { $::jenkins::params::jre_package:
ensure => present,
}
package { $::jenkins::params::jre_low_package:
ensure => purged,
require => Package[$::jenkins::params::jre_package],
}
apt::source { 'jenkins':
location => 'http://pkg.jenkins.io/debian-stable',
release => 'binary/',
repos => '',
key => {
'id' => 'D50582E6',
'source' => 'http://pkg.jenkins.io/debian-stable/jenkins.io.key',
},
require => [
Package[$::jenkins::params::jre_package],
],
include_src => false,
}
::httpd::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'jenkins/jenkins.vhost.erb',
ssl => true,
}
if ! defined(Httpd::Mod['rewrite']) {
httpd::mod { 'rewrite':
ensure => present,
}
}
if ! defined(Httpd::Mod['proxy']) {
httpd::mod { 'proxy':
ensure => present,
}
}
if ! defined(Httpd::Mod['proxy_http']) {
httpd::mod { 'proxy_http':
ensure => present,
}
}
if ! defined(Httpd::Mod['headers']) {
httpd::mod { 'headers':
ensure => present,
}
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
require => Package['ssl-cert'],
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
$packages = [
'python-babel',
'python-sqlalchemy', # devstack-gate
'ssl-cert',
'sqlite3', # interact with devstack-gate DB
]
package { $packages:
ensure => present,
}
# jenkins apt-repo doesn't offer multiple versions
# so if anything other than 'present' or 'latest'
# is set, pull down the .deb using wget
# and install via the dpkg resource
if ($jenkins_version == 'present') or
($jenkins_version == 'latest')
{
package { 'jenkins':
ensure => $jenkins_version,
require => Apt::Source['jenkins'],
}
} else {
$jenkins_deb = "jenkins_${jenkins_version}_all.deb"
$jenkins_deb_url = "${jenkins_deb_url_base}/${jenkins_deb}"
$jenkins_deb_tmp = "/var/tmp/${jenkins_deb}"
archive { 'jenkins_deb':
source => $jenkins_deb_url,
path => $jenkins_deb_tmp,
}
# required by jenkins.deb, but as we're not using apt,
# no dependency resolution is performed.
package { 'daemon': }
package { 'jenkins':
# for the dpkg provider, latest means check the version,
# installed/present skips the version check, we want to version
# check so that we can move between versions using puppet
ensure => latest,
provider => dpkg,
source => $jenkins_deb_tmp,
require => [Package['daemon'], Archive['jenkins_deb']],
}
}
exec { 'update apt cache':
subscribe => File['/etc/apt/sources.list.d/jenkins.list'],
refreshonly => true,
path => '/bin:/usr/bin',
command => 'apt-get update',
}
# Template uses:
# - $java_args_override
# - $run_standalone
# - $max_open_files
# - $http_port
if ! $jenkins_default {
file { '/etc/default/jenkins':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template('jenkins/jenkins.default.erb'),
}
} else {
file { '/etc/default/jenkins':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => $jenkins_default
}
}
file { '/var/lib/jenkins':
ensure => directory,
owner => 'jenkins',
group => 'adm',
require => Package['jenkins'],
}
file { '/var/lib/jenkins/.ssh/':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0700',
require => File['/var/lib/jenkins'],
}
file { '/var/lib/jenkins/.ssh/id_rsa':
owner => 'jenkins',
group => 'jenkins',
mode => '0600',
content => $jenkins_ssh_private_key,
replace => true,
require => File['/var/lib/jenkins/.ssh/'],
}
file { '/var/lib/jenkins/.ssh/id_rsa.pub':
owner => 'jenkins',
group => 'jenkins',
mode => '0644',
content => "ssh_rsa ${jenkins_ssh_public_key} jenkins@${::fqdn}",
replace => true,
require => File['/var/lib/jenkins/.ssh/'],
}
file { '/var/lib/jenkins/plugins':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0750',
require => File['/var/lib/jenkins'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => File['/var/lib/jenkins/plugins'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/openstack.css':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
source => 'puppet:///modules/jenkins/openstack.css',
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/openstack.js':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
content => template('jenkins/openstack.js.erb'),
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/openstack-page-bkg.jpg':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
source => 'puppet:///modules/jenkins/openstack-page-bkg.jpg',
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/var/lib/jenkins/logger.conf':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
source => 'puppet:///modules/jenkins/logger.conf',
require => File['/var/lib/jenkins'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/title.png':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
source => "puppet:///modules/jenkins/${logo}",
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/var/lib/jenkins/init.groovy.d':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => File['/var/lib/jenkins'],
}
file { '/var/lib/jenkins/init.groovy.d/cli-shutdown.groovy':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
source => 'puppet:///modules/jenkins/cli-shutdown.groovy',
require => File['/var/lib/jenkins/init.groovy.d'],
}
file { '/usr/local/jenkins':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
# Jenkins management utility scripts
if ! defined(Package['python-jenkins']) {
package { 'python-jenkins':
ensure => latest,
provider => openstack_pip,
}
}
file { '/usr/local/jenkins/bin':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/usr/local/jenkins/bin/safe_jenkins_shutdown':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/jenkins/safe_jenkins_shutdown',
}
}

93
manifests/params.pp
View File

@ -1,93 +0,0 @@
# Class: jenkins::params
#
# This class holds parameters that need to be
# accessed by other classes.
class jenkins::params {
case $::osfamily {
'RedHat': {
#yum groupinstall "Development Tools"
# common packages
if ($::operatingsystem == 'Fedora') and (versioncmp($::operatingsystemrelease, '21') >= 0) {
$jdk_package = 'java-1.8.0-openjdk-devel'
} else {
$jdk_package = 'java-1.7.0-openjdk-devel'
}
$ccache_package = 'ccache'
$python_netaddr_package = 'python-netaddr'
# FIXME: No Maven packages on RHEL
#$maven_package = 'maven'
$cgroups_package = 'libcgroup'
if ($::operatingsystem == 'Fedora') and (versioncmp($::operatingsystemrelease, '19') >= 0) {
$cgroups_tools_package = 'libcgroup-tools'
$cgconfig_require = [
Package['cgroups'],
Package['cgroups-tools'],
]
$cgred_require = [
Package['cgroups'],
Package['cgroups-tools'],
]
} else {
$cgroups_tools_package = ''
$cgconfig_require = Package['cgroups']
$cgred_require = Package['cgroups']
}
$jre_package = 'openjdk-7-jre-headless'
$jre_low_package = 'openjdk-6-jre-headless'
}
'Suse': {
$jdk_package = 'java-1_8_0-openjdk-devel'
$ccache_package = 'ccache'
$python_netaddr_package = 'python-netaddr'
$cgroups_package = 'libcgroup1'
$cgroups_tools_package = 'libcgroup-tools'
$cgconfig_require = [
Package['libcgroup-tools']
]
$cgred_require = [
Package['libcgroup-tools']
]
$jre_package = 'openjdk-7-jre-headless'
$jre_low_package = 'openjdk-6-jre-headless'
}
'Debian': {
# common packages
$ccache_package = 'ccache'
$python_netaddr_package = 'python-netaddr'
if ($::operatingsystem == 'Ubuntu') and ($::operatingsystemrelease >= '16.04') {
$jdk_package = 'openjdk-8-jdk'
$maven_package = 'maven'
$jre_package = 'openjdk-8-jre-headless'
$jre_low_package = 'openjdk-7-jre-headless'
} else {
$jdk_package = 'openjdk-7-jdk'
$maven_package = 'maven2'
$jre_package = 'openjdk-7-jre-headless'
$jre_low_package = 'openjdk-6-jre-headless'
}
$cgroups_package = 'cgroup-bin'
$cgroups_tools_package = ''
$cgconfig_require = [
Package['cgroups'],
File['cgconfig.service'],
]
$cgred_require = [
Package['cgroups'],
File['cgred.service'],
]
# ruby packages
# ruby1.9.1 is not present in Debian Jessie, use ruby instead
if ($::operatingsystem == 'Debian' or $::lsbdistcodename == 'xenial') {
$ruby_package = 'ruby'
$ruby_dev_package = 'ruby-dev'
}
else {
$ruby_package = 'ruby1.9.1'
$ruby_dev_package = 'ruby1.9.1-dev'
}
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'jenkins' module only supports osfamily Debian, RedHat or Suse (slaves only).")
}
}
}

91
manifests/plugin.pp
View File

@ -1,91 +0,0 @@
# Copyright (C) 2014 R. Tyler Croy <tyler@monkeypox.org>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Defined resource type to install jenkins plugins.
#
# Borrowed from: https://github.com/jenkinsci/puppet-jenkins
#
define jenkins::plugin(
$version='latest',
$pin=false,
$plugin_url=undef,
) {
$plugin = "${name}.hpi"
$plugin_dir = '/var/lib/jenkins/plugins'
$plugin_parent_dir = '/var/lib/jenkins'
if ($version == 'latest') {
$base_url = 'http://updates.jenkins-ci.org/latest'
} else {
$base_url = "http://updates.jenkins-ci.org/download/plugins/${name}/${version}"
}
if $plugin_url == undef {
$_plugin_url = "${base_url}/${plugin}"
} else {
$_plugin_url = $plugin_url
}
if (!defined(File[$plugin_dir])) {
file {
[
$plugin_parent_dir,
$plugin_dir,
]:
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => [Group['jenkins'], User['jenkins']],
}
}
if (!defined(Group['jenkins'])) {
group { 'jenkins' :
ensure => present,
}
}
if (!defined(User['jenkins'])) {
user { 'jenkins' :
ensure => present,
}
}
exec { "download-${name}" :
command => "wget --no-check-certificate ${_plugin_url}",
cwd => $plugin_dir,
require => File[$plugin_dir],
path => ['/usr/bin', '/usr/sbin',],
user => 'jenkins',
unless => "test -f ${plugin_dir}/${name}.?pi",
# OpenStack modification: don't auto-restart jenkins so we can control
# outage timing better.
# notify => Service['jenkins'],
}
if ($pin) {
file { "${plugin_dir}/${plugin}.pinned":
ensure => present,
require => Exec["download-${name}"],
owner => 'jenkins',
group => 'jenkins',
mode => '0644',
}
} else {
file { "${plugin_dir}/${plugin}.pinned":
ensure => absent,
}
}
}

177
manifests/slave.pp
View File

@ -1,177 +0,0 @@
# == Class: jenkins::slave
#
class jenkins::slave(
$ssh_key = undef,
$user = true,
$gitfullname = 'OpenStack Jenkins',
$gitemail = 'jenkins@openstack.org',
$gitpgpkey = 'jenkins@openstack.org',
$gerrituser = 'jenkins',
$gerritkeytype = 'rsa',
$gerritkey = undef,
) {
include ::haveged
include ::pip
include ::jenkins::params
if ($user == true) {
class { '::jenkins::jenkinsuser':
ensure => present,
ssh_key => $ssh_key,
gitfullname => $gitfullname,
gitemail => $gitemail,
gitpgpkey => $gitpgpkey,
gerrituser => $gerrituser,
gerritkeytype => $gerritkeytype,
gerritkey => $gerritkey,
}
}
anchor { 'jenkins::slave::update-java-alternatives': }
# Packages that all jenkins slaves need
$packages = [
$::jenkins::params::jdk_package, # jdk for building java jobs
$::jenkins::params::ccache_package,
$::jenkins::params::python_netaddr_package, # Needed for devstack address_in_net()
]
file { '/etc/apt/sources.list.d/cloudarchive.list':
ensure => absent,
}
package { $packages:
ensure => present,
before => Anchor['jenkins::slave::update-java-alternatives']
}
case $::osfamily {
'RedHat': {
exec { 'yum Group Install':
unless => '/usr/bin/yum grouplist "Development tools" | /bin/grep "^Installed [Gg]roups"',
command => '/usr/bin/yum -y groupinstall "Development tools"',
timeout => 1800,
}
if ($::operatingsystem != 'Fedora') {
exec { 'update-java-alternatives':
unless => '/bin/ls -l /etc/alternatives/java | /bin/grep 1.7.0-openjdk',
command => '/usr/sbin/alternatives --set java /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java && /usr/sbin/alternatives --set javac /usr/lib/jvm/java-1.7.0-openjdk.x86_64/bin/javac',
require => Anchor['jenkins::slave::update-java-alternatives']
}
}
}
'Suse': {
exec { 'zypper devel pattern install':
unless => '/usr/bin/zypper -n info -t pattern devel_basis | /bin/grep -q "Installed.*yes"',
command => '/usr/bin/zypper -n in -t pattern devel_basis',
timeout => 1800,
}
}
'Debian': {
# install build-essential package group
package { 'build-essential':
ensure => present,
}
package { $::jenkins::params::maven_package:
ensure => present,
require => Package[$::jenkins::params::jdk_package],
}
package { $::jenkins::params::ruby_package:
ensure => present,
}
package { $::jenkins::params::ruby_dev_package:
ensure => present,
}
package { 'openjdk-6-jre-headless':
ensure => purged,
require => Package[$::jenkins::params::jdk_package],
}
if ($::operatingsystem == 'Ubuntu' and versioncmp($::operatingsystemrelease, '16.04') < 0) {
exec { 'update-java-alternatives':
unless => "/bin/ls -l /etc/alternatives/java | /bin/grep java-7-openjdk-${::dpkg_arch}",
command => "/usr/sbin/update-java-alternatives --set java-1.7.0-openjdk-${::dpkg_arch}",
require => Anchor['jenkins::slave::update-java-alternatives']
}
}
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'jenkins' module only supports osfamily Debian, RedHat or Suse (slaves only).")
}
}
package { 'tox':
ensure => 'latest',
provider => openstack_pip,
require => Class[pip],
}
# TODO(fungi): switch jobs to use /usr/git-review-env/bin/git-review
package { 'git-review':
ensure => '1.25.0',
provider => openstack_pip,
require => Class[pip],
}
file { '/usr/local/bin/gcc':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/bin/g++':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/bin/cc':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/bin/c++':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-gcc":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-g++":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-cc":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-c++":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/jenkins':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
}

11
metadata.json
View File

@ -1,11 +0,0 @@
{
"name": "openstackinfra-jenkins",
"version": "0.0.1",
"author": "Openstack CI",
"summary": "Puppet module for Jenkins",
"license": "Apache 2.0",
"source": "https://git.openstack.org/openstack-infra/puppet-jenkins.git",
"project_page": "http://docs.openstack.org/infra/system-config/",
"issues_url": "https://storyboard.openstack.org/#!/project/752",
"dependencies": []
}

7
spec/acceptance/fixtures/master.pp
View File

@ -1,7 +0,0 @@
class { '::jenkins::jenkinsuser': }
class { '::jenkins::master':
jenkins_ssh_private_key => file('/tmp/jenkins-ssh-keys/ssh_rsa_key'),
jenkins_ssh_public_key => file('/tmp/jenkins-ssh-keys/ssh_rsa_key.pub'),
require => Class['::jenkins::jenkinsuser'],
}

46
spec/acceptance/fixtures/preconditions.pp
View File

@ -1,46 +0,0 @@
exec { 'update apt':
command => '/usr/bin/apt-get update',
}
# Installing ssl-cert in order to get snakeoil certs
package { 'ssl-cert':
ensure => present,
require => Exec['update apt'],
}
vcsrepo { '/etc/project-config':
ensure => latest,
provider => git,
revision => 'master',
source => 'https://git.openstack.org/openstack-infra/project-config',
}
# Generates ssh rsa keys
define ssh_keygen (
$ssh_directory = undef
) {
Exec { path => '/bin:/usr/bin' }
$ssh_key_file = "${ssh_directory}/${name}"
exec { "ssh-keygen for ${name}":
command => "ssh-keygen -t rsa -f ${ssh_key_file} -N ''",
creates => $ssh_key_file,
}
}
$ssh_key_directory = '/tmp/jenkins-ssh-keys'
file { $ssh_key_directory:
ensure => directory,
}
ssh_keygen { 'ssh_rsa_key':
ssh_directory => $ssh_key_directory,
require => File[$ssh_key_directory],
}
# JJB doesn't have a --insecure or --capath, so add the snakeoil certs to the system trust store
exec { 'trust snake oil':
command => '/bin/cp /etc/ssl/certs/ssl-cert-snakeoil.pem /usr/local/share/ca-certificates/ubuntu.crt && /usr/sbin/update-ca-certificates',
require => Package['ssl-cert'],
}

12
spec/acceptance/fixtures/slave.pp
View File

@ -1,12 +0,0 @@
class { '::jenkins::slave':
user => true
}
class { '::jenkins::job_builder':
url => "https://${::fqdn}",
username => 'admin',
password => '<<jenkins_default_password>>',
jenkins_jobs_update_timeout => 1200,
config_dir => '/etc/project-config/jenkins',
require => Class['::jenkins::slave'],
}

37
spec/acceptance/master_spec.rb
View File

@ -1,37 +0,0 @@
require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
describe 'puppet-jenkins master module', :if => ['debian', 'ubuntu'].include?(os[:family]) do
def pp_path
base_path = File.dirname(__FILE__)
File.join(base_path, 'fixtures')
end
def preconditions_puppet_module
module_path = File.join(pp_path, 'preconditions.pp')
File.read(module_path)
end
def jenkins_master_puppet_module
module_path = File.join(pp_path, 'master.pp')
File.read(module_path)
end
before(:all) do
apply_manifest(preconditions_puppet_module, catch_failures: true)
end
it 'should work with no errors' do
apply_manifest(jenkins_master_puppet_module, catch_failures: true)
end
it 'should be idempotent' do
apply_manifest(jenkins_master_puppet_module, catch_changes: true)
end
describe 'required services' do
describe command('curl https://`hostname -f`/login --insecure --location --verbose') do
its(:stdout) { should contain('Jenkins') }
end
end
end

11
spec/acceptance/nodesets/default.yml
View File

@ -1,11 +0,0 @@
HOSTS:
ubuntu-server-1404-x64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: git

10
spec/acceptance/nodesets/nodepool-centos7.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-trusty.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-xenial.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-16.04-amd64:
roles:
- master
platform: ubuntu-16.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

34
spec/acceptance/slave_spec.rb
View File

@ -1,34 +0,0 @@
require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
describe 'puppet-jenkins slave module', :if => ['debian', 'ubuntu'].include?(os[:family]) do
def pp_path
base_path = File.dirname(__FILE__)
File.join(base_path, 'fixtures')
end
def preconditions_puppet_module
module_path = File.join(pp_path, 'preconditions.pp')
File.read(module_path)
end
def default_password
command('/bin/cat /var/lib/jenkins/secrets/initialAdminPassword').stdout.chomp
end
def jenkins_slave_puppet_module
module_path = File.join(pp_path, 'slave.pp')
File.read(module_path).gsub('<<jenkins_default_password>>', default_password)
end
before(:all) do
apply_manifest(preconditions_puppet_module, catch_failures: true)
end
it 'should work with no errors' do
apply_manifest(jenkins_slave_puppet_module, catch_failures: true)
end
it 'should be idempotent' do
apply_manifest(jenkins_slave_puppet_module, catch_changes: true)
end
end

10
templates/authorized_keys.erb
View File

@ -1,10 +0,0 @@
# HEADER: This file has been autogenerated by puppet.
# HEADER: While it can still be managed manually, it
# HEADER: is definitely not recommended.
<% if @ssh_key.is_a? Array -%>
<% @ssh_key.each do |key| -%>
ssh-rsa <%= key %>
<% end -%>
<% else %>
ssh-rsa <%= @ssh_key %>
<% end -%>

68
templates/cgconfig.erb
View File

@ -1,68 +0,0 @@
<% if @operatingsystem == "Fedora" then
# Fedora auto-mounts subsystems under /sys/fs/cgroup/ already, so no
# mount section is needed. %>
<% elsif @operatingsystem == "Suse" then
# SUSE auto-mounts subsystems under /sys/fs/cgroup/ already, so no
# mount section is needed. %>
<% elsif @osfamily == "RedHat" then %>
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
<% elsif ( @operatingsystemrelease < '12.10' ) or ( @operatingsystem != 'Ubuntu' ) then %>
mount {
cpu = /sys/fs/cgroup/cpu;
cpuacct = /sys/fs/cgroup/cpuacct;
devices = /sys/fs/cgroup/devices;
memory = /sys/fs/cgroup/memory;
freezer = /sys/fs/cgroup/freezer;
}
<% end %>
group jenkins {
perm {
task {
uid = jenkins;
gid = jenkins;
}
admin {
uid = root;
gid = root;
}
}
}
group jenkins/children {
perm {
task {
uid = jenkins;
gid = jenkins;
}
admin {
uid = root;
gid = root;
}
}
memory {
memory.soft_limit_in_bytes = <%= (@memorytotalbytes.to_f * 0.75).to_i %>;
memory.limit_in_bytes = <%= (@memorytotalbytes.to_f * 0.9).to_i %>;
<% if (@operatingsystem == "Fedora") and (@operatingsystemrelease == "18") then
# Because of Red Hat bug 918951, swap management doesn't
# work in Fedora 18 but should be fixed in 19. %>
<% elsif (@operatingsystem == "Ubuntu") and (@lsbdistrelease == "14.04") then %>
# memory.memsw.limit_in_bytes is not supported on Trusty, setting this
# raises a 'setting not supported by kernel error'. Checked with upstream,
# they confirmed lack of support in several kernels, so we should skip it.
<% else %>
memory.memsw.limit_in_bytes = <%= (@memorytotalbytes.to_f * 0.9).to_i %>;
<% end %>
}
}

7
templates/gitconfig.erb
View File

@ -1,7 +0,0 @@
[user]
name = <%= scope.lookupvar('jenkins::jenkinsuser::gitfullname') %>
email = <%= scope.lookupvar('jenkins::jenkinsuser::gitemail') %>
signingkey = <%= scope.lookupvar('jenkins::jenkinsuser::gitpgpkey') %>
[gitreview]
rebase = false
username = <%= scope.lookupvar('jenkins::jenkinsuser::gerrituser') %>

66
templates/jenkins.default.erb
View File

@ -1,66 +0,0 @@
# defaults for jenkins continuous integration server
# pulled in from the init script; makes things easier.
NAME=jenkins
# location of java
JAVA=/usr/bin/java
# arguments to pass to java
#JAVA_ARGS="-Xmx256m"
#JAVA_ARGS="-Djava.net.preferIPv4Stack=true" # make jenkins listen on IPv4 address
# Disable compression as zip deflation threads eat CPU time.
# https://issues.jenkins-ci.org/browse/JENKINS-14362
<% if @java_args_override -%>
JAVA_ARGS="<%= @java_args_override %>"
<% else -%>
JAVA_ARGS="-Xloggc:/var/log/jenkins/gc.log -XX:+PrintGCDetails -Xmx12g -Dorg.kohsuke.stapler.compression.CompressionFilter.disabled=true -Djava.util.logging.config.file=/var/lib/jenkins/logger.conf"
<% end -%>
PIDFILE=/var/run/jenkins/jenkins.pid
# user id to be invoked as (otherwise will run as root; not wise!)
JENKINS_USER=jenkins
# location of the jenkins war file
JENKINS_WAR=/usr/share/jenkins/jenkins.war
# jenkins home location
JENKINS_HOME=/var/lib/jenkins
# set this to false if you don't want Hudson to run by itself
# in this set up, you are expected to provide a servlet container
# to host jenkins.
RUN_STANDALONE=<%= @run_standalone %>
# log location. this may be a syslog facility.priority
JENKINS_LOG=/var/log/jenkins/$NAME.log
#HUDSON_LOG=daemon.info
# OS LIMITS SETUP
# comment this out to observe /etc/security/limits.conf
# this is on by default because http://github.com/jenkinsci/jenkins/commit/2fb288474e980d0e7ff9c4a3b768874835a3e92e
# reported that Ubuntu's PAM configuration doesn't include pam_limits.so, and as a result the # of file
# descriptors are forced to 1024 regardless of /etc/security/limits.conf
MAXOPENFILES=<%= @max_open_files %>
# port for HTTP connector (default 8080; disable with -1)
HTTP_PORT=<%= @http_port %>
# port for AJP connector (disabled by default)
AJP_PORT=-1
# servlet context, important if you want to use apache proxying
PREFIX=/jenkins
# arguments to pass to jenkins.
# --javahome=$JAVA_HOME
# --httpPort=$HTTP_PORT (default 8080; disable with -1)
# --httpsPort=$HTTP_PORT
# --ajp13Port=$AJP_PORT
# --argumentsRealm.passwd.$ADMIN_USER=[password]
# --argumentsRealm.$ADMIN_USER=admin
# --webroot=~/.jenkins/war
# --prefix=$PREFIX
JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT"

45
templates/jenkins.vhost.erb
View File

@ -1,45 +0,0 @@
<VirtualHost *:80>
ServerName <%= scope.lookupvar("::jenkins::master::vhost_name") %>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-access.log combined
Redirect / https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/
</VirtualHost>
<VirtualHost <%= scope.lookupvar("::jenkins::master::vhost_name") %>:443>
ServerName <%= scope.lookupvar("::jenkins::master::vhost_name") %>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("::jenkins::master::ssl_key_file") %>
<% if scope.lookupvar("::jenkins::master::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("::jenkins::master::ssl_chain_file") %>
<% end %>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
AllowEncodedSlashes NoDecode
ProxyPass / http://127.0.0.1:8080/ retry=0 nocanon
ProxyPassReverse / http://127.0.0.1:8080/
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
</VirtualHost>

12
templates/jenkins_jobs.ini.erb
View File

@ -1,12 +0,0 @@
[jenkins]
user=<%= @username %>
password=<%= @password %>
url=<%= @url %>
query_plugins_info=<%= @query_plugins_info %>
<% @extensions.each do |extension| -%>
["<%= extension['name'] %>"]
<% extension['parameters'].each do |parameter| -%>
<%= parameter['name'] %> = <%= parameter['value'] %>
<% end -%>
<% end -%>

22
templates/openstack.js.erb
View File

@ -1,22 +0,0 @@
function makeDoubleDelegate(function1, function2) {
return function() {
if (function1)
function1();
if (function2)
function2();
}
}
function chgeLogo() {
var imgs=document.getElementsByTagName("img");
var imgTag = document.createElement("img");
imgTag.setAttribute("src","https://<%= @vhost_name %>/plugin/simple-theme-plugin/title.png");
imgTag.setAttribute("style", "vertical-align: middle;padding-left: 0.75em;");
imgs[0].parentNode.appendChild(imgTag);
var spanTag = document.createElement("span");
spanTag.id="heading_text";
spanTag.innerHTML="Jenkins CI";
imgs[0].parentNode.appendChild(spanTag);
}
window.onload = makeDoubleDelegate(window.onload, chgeLogo);