Puppet module to deploy an OpenStack ci system
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

single_node_ci.pp 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315
  1. # Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
  2. #
  3. # Licensed under the Apache License, Version 2.0 (the "License");
  4. # you may not use this file except in compliance with the License.
  5. # You may obtain a copy of the License at
  6. #
  7. # http://www.apache.org/licenses/LICENSE-2.0
  8. #
  9. # Unless required by applicable law or agreed to in writing, software
  10. # distributed under the License is distributed on an "AS IS" BASIS,
  11. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
  12. # implied.
  13. # See the License for the specific language governing permissions and
  14. # limitations under the License
  15. # == Class: single_node_ci
  16. #
  17. # This class will setup a typical 3rd party CI system using Jenkins
  18. # Zuul, Nodepool, Jenkins Job Builder, onto a single host. It requires
  19. # a 'project-config' data repository to configure these services.
  20. #
  21. # Zuul status page will be available on port 80
  22. # Jenkins UI will be available on port 8080
  23. #
  24. # === Parameters
  25. #
  26. # [*vhost_name*]
  27. # This is the FQDN of the host running the CI system managed by this class.
  28. # If you don't have one that resolves correctly, use the host's IP address.
  29. #
  30. # [*project_config_repo*]
  31. # This is the git URL to the project-config repo that contains all the
  32. # jenkins jobs, nodepool configurations, and zuul configurations.
  33. #
  34. # [*serveradmin*]
  35. # The e-mail address of the owner of the CI system
  36. #
  37. # [*jenkins_vhost_name*]
  38. # This is the alternative hostname or FQDN to use by Jenkins.
  39. # Don't use $vhost_name as it conflicts with zuul
  40. #
  41. # [*jenkins_username*]
  42. # If you have Jenkins secured, this is the username Jenkins Job Builder
  43. # will use to manage all Jenkins jobs. Otherwise the value is ignored.
  44. #
  45. # [*jenkins_password*]
  46. # If you have Jenkins secured, this is the password associated with the
  47. # jenkins_username. Otherwise the value is ignored.
  48. #
  49. # [*jenkins_ssh_private_key*]
  50. # This is the private key the Jenkins master will use to login to
  51. # Jenkins slaves.
  52. #
  53. # [*jenkins_ssh_public_key*]
  54. # This is the public key associated with jenkins_ssh_private_key.
  55. # The public key should not have any white space. Omit the 'ssh-rsa' prefix
  56. # and comment section / e-mail address suffix.
  57. #
  58. # [*java_args_override*]
  59. # These are the arguments to pass to Java:
  60. # "-Xloggc:/var/log/jenkins/gc.log -XX:+PrintGCDetails -Xmx12g -Dorg.kohsuke.stapler.compression.CompressionFilter.disabled=true -Djava.util.logging.config.file=/var/lib/jenkins/logger.conf -Dhudson.model.ParametersAction.keepUndefinedParameters=true"
  61. # Set this parameter through hieradata.
  62. # To work around the security restrictions that result from upgrading to version > 1.651.2
  63. # Add the Java system parameter:
  64. # "-Dhudson.model.ParametersAction.keepUndefinedParameters=true"
  65. # Please note that adding this parameter is not secure and it exposes a potential jenkins security vulnerability.
  66. #
  67. # [*jenkins_version*]
  68. # This is a Jenkins version, such as '1.651', 'present' (to install
  69. # the most recent, and never upgrade), or latest' (to install the most
  70. # recent version, and upgrade if a more recent version is published).
  71. #
  72. # [*gerrit_server*]
  73. # This is the host name of the gerrit server this CI system will be
  74. # listening for events.
  75. #
  76. # [*gerrit_user*]
  77. # This is the username to access the gerrit server's event stream.
  78. # You can look up the gerrit username from the gerrit server, under
  79. # 'settings', in the 'profile' section.
  80. #
  81. # [*gerrit_user_ssh_public_key*]
  82. # This is the public key registered for the gerrit_user's gerrit account.
  83. # The public key should not have any white space. Omit the 'ssh-rsa' prefix
  84. # and comment section / e-mail address suffix.
  85. #
  86. # [*gerrit_user_ssh_private_key*]
  87. # This is the private key associated with the gerrit_user_ssh_public_key.
  88. #
  89. # [*gerrit_ssh_host_key*]
  90. # This is the host key of the gerrit server.
  91. #
  92. # [*git_email*]
  93. # The e-mail address for zuul to use for internal git commits.
  94. #
  95. # [*git_name*]
  96. # The name for zuul to use for internal git commits.
  97. #
  98. # [*log_server*]
  99. # This is the FQDN/IP address of the log server where log files are uploaded
  100. # after a job finishes. Jenkins will use its jenkins_ssh_private_key to scp
  101. # job log files files to it.
  102. #
  103. # [*smtp_host*]
  104. # The smtp hostname to use for zuul to send notification e-mails
  105. # if configured to do so in project-config/zuul/layout/layout.yaml
  106. #
  107. # [*smtp_default_from*]
  108. # The default 'from' e-mail address zuul will use when it sends
  109. # notification e-mails.
  110. #
  111. # [*smtp_default_to*]
  112. # The default 'to' e-mail address zuul will use when it sends
  113. # notification e-mails.
  114. #
  115. # [*zuulv2*]
  116. # Set to true to deploy zuul v2 (incompatible with zuul v3).
  117. #
  118. # [*zuul_revision*]
  119. # The branch name used to install zuul.
  120. #
  121. # [*zuul_git_source_repo*]
  122. # The zuul git source repository to install zuul.
  123. #
  124. # [*oscc_file_contents*]
  125. # The multi-line contents of os-client-config.
  126. # This allows the nodepool.yaml file provided to not contain any sensitive
  127. # provider passwords. See configuration guide for more details:
  128. # https://git.openstack.org/cgit/openstack/os-client-config/tree/README.rst
  129. #
  130. # [*mysql_root_password*]
  131. # This is the root mysql password. If mysql is not yet installed,
  132. # this will be the password. Otherwise, if mysql is already installed,
  133. # this is the root password needed to setup the nodepool mysql user and
  134. # database.
  135. #
  136. # [*mysql_nodepool_password*]
  137. # This is the nodepool user's mysql password.
  138. #
  139. # [*nodepool_jenkins_target*]
  140. # This is the name of the Jenkins target found in the
  141. # project-config/nodepool/nodepool.yaml file.
  142. #
  143. # [*jenkins_api_key*]
  144. # If Jenkins is secured, this the Jenkins API Token need to access the Jenkins API.
  145. # It is provided in Jenkins UI --> Manage Jenkins --> Manage Users --> 'jenkins user'
  146. # --> Configure --> Show API Token. Otherwise it is ignored.
  147. #
  148. # [*jenkins_credentials_id*]
  149. # If Jenkins is secured, this parameter needs to match the id field of this element:
  150. # <com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey plugin="ssh-credentials@1.6">
  151. # inside this file: /var/lib/jenkins/credentials.xml
  152. # and associated with this this key 'jenkins_ssh_private_key'. Otherwise it is ignored.
  153. #
  154. # [*nodepool_revision*]
  155. # The branch name used to install nodepool.
  156. #
  157. # [*nodepool_git_source_repo*]
  158. # The nodepool git source repository to install nodepool.
  159. #
  160. class openstackci::single_node_ci (
  161. $vhost_name = $::fqdn,
  162. $project_config_repo = undef,
  163. # Jenkins Configurations
  164. $jenkins_vhost_name = 'jenkins',
  165. $serveradmin = "webmaster@${vhost_name}",
  166. $jenkins_username = 'jenkins',
  167. $jenkins_password = undef,
  168. $jenkins_ssh_private_key = undef,
  169. $jenkins_ssh_public_key = undef,
  170. $java_args_override = undef,
  171. $jenkins_version = 'present',
  172. $jjb_git_revision = 'master',
  173. $jjb_git_url = 'https://git.openstack.org/openstack-infra/jenkins-job-builder',
  174. # Zuul Configurations
  175. $gerrit_server = 'review.openstack.org',
  176. $gerrit_user = undef,
  177. $gerrit_user_ssh_public_key = undef,
  178. $gerrit_user_ssh_private_key = undef,
  179. $gerrit_ssh_host_key = '[review.openstack.org]:29418,[104.130.246.91]:29418,[2001:4800:7819:103:be76:4eff:fe05:8525]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH',
  180. $git_email = undef,
  181. $git_name = undef,
  182. $log_server = undef,
  183. $smtp_host = 'localhost',
  184. $smtp_default_from = "zuul@${vhost_name}",
  185. $smtp_default_to = "zuul.reports@${vhost_name}",
  186. $zuulv2 = true,
  187. $zuul_revision = undef,
  188. $zuul_git_source_repo = 'https://git.openstack.org/openstack-infra/zuul',
  189. # Nodepool configurations
  190. $oscc_file_contents = undef,
  191. $mysql_root_password = undef,
  192. $mysql_nodepool_password = undef,
  193. $nodepool_jenkins_target = undef,
  194. $jenkins_api_key = undef,
  195. $jenkins_credentials_id = undef,
  196. $nodepool_revision = undef,
  197. $nodepool_git_source_repo = 'https://git.openstack.org/openstack-infra/nodepool',
  198. ) {
  199. if $zuulv2 {
  200. if $nodepool_revision == undef {
  201. $nodepool_revision_ = '0.5.0'
  202. } else {
  203. $nodepool_revision_ = $nodepool_revision
  204. }
  205. if $zuul_revision == undef {
  206. $zuul_revision_ = '2.6.0'
  207. } else {
  208. $zuul_revision_ = $zuul_revision
  209. }
  210. class { '::openstackci::jenkins_master':
  211. vhost_name => $jenkins_vhost_name,
  212. serveradmin => $serveradmin,
  213. jenkins_ssh_private_key => $jenkins_ssh_private_key,
  214. jenkins_ssh_public_key => $jenkins_ssh_public_key,
  215. jenkins_version => $jenkins_version,
  216. manage_jenkins_jobs => true,
  217. jenkins_url => 'http://127.0.0.1:8080/',
  218. jenkins_username => $jenkins_username,
  219. jenkins_password => $jenkins_password,
  220. project_config_repo => $project_config_repo,
  221. log_server => $log_server,
  222. java_args_override => $java_args_override,
  223. jjb_git_revision => $jjb_git_revision,
  224. jjb_git_url => $jjb_git_url,
  225. }
  226. class { '::openstackci::zuul_merger':
  227. vhost_name => $vhost_name,
  228. gearman_server => 'localhost',
  229. gerrit_server => $gerrit_server,
  230. gerrit_user => $gerrit_user,
  231. # known_hosts_content is set by openstackci::zuul_scheduler
  232. known_hosts_content => '',
  233. zuul_ssh_private_key => $gerrit_user_ssh_private_key,
  234. zuul_url => "http://${vhost_name}/p/",
  235. git_email => $git_email,
  236. git_name => $git_name,
  237. manage_common_zuul => false,
  238. revision => $zuul_revision_,
  239. git_source_repo => $zuul_git_source_repo,
  240. }
  241. class { '::openstackci::zuul_scheduler':
  242. vhost_name => $vhost_name,
  243. gearman_server => 'localhost',
  244. gerrit_server => $gerrit_server,
  245. gerrit_user => $gerrit_user,
  246. known_hosts_content => $gerrit_ssh_host_key,
  247. zuul_ssh_private_key => $gerrit_user_ssh_private_key,
  248. url_pattern => "http://${log_server}/{build.parameters[LOG_PATH]}",
  249. zuul_url => "http://${vhost_name}/p/",
  250. job_name_in_report => true,
  251. status_url => "http://${vhost_name}",
  252. project_config_repo => $project_config_repo,
  253. git_email => $git_email,
  254. git_name => $git_name,
  255. smtp_host => $smtp_host,
  256. smtp_default_from => $smtp_default_from,
  257. smtp_default_to => $smtp_default_to,
  258. revision => $zuul_revision_,
  259. }
  260. class { '::openstackci::nodepool':
  261. mysql_root_password => $mysql_root_password,
  262. mysql_password => $mysql_nodepool_password,
  263. nodepool_ssh_private_key => $jenkins_ssh_private_key,
  264. revision => $nodepool_revision_,
  265. git_source_repo => $nodepool_git_source_repo,
  266. oscc_file_contents => $oscc_file_contents,
  267. environment => {
  268. # Set up the key in /etc/default/nodepool, used by the service.
  269. 'NODEPOOL_SSH_KEY' => $jenkins_ssh_public_key
  270. },
  271. project_config_repo => $project_config_repo,
  272. # Disable nodepool image logs as it conflicts with the zuul status page
  273. enable_image_log_via_http => false,
  274. jenkins_masters => [
  275. { name => $nodepool_jenkins_target,
  276. url => 'http://localhost:8080/',
  277. user => $jenkins_username,
  278. apikey => $jenkins_api_key,
  279. credentials => $jenkins_credentials_id,
  280. },
  281. ],
  282. }
  283. } else {
  284. # Zuul V3
  285. if $nodepool_revision == undef {
  286. $nodepool_revision_ = 'master'
  287. } else {
  288. $nodepool_revision_ = $nodepool_revision
  289. }
  290. if $zuul_revision == undef {
  291. $zuul_revision_ = 'master'
  292. } else {
  293. $zuul_revision_ = $zuul_revision
  294. }
  295. # TODO v3 all in one
  296. fail('zuul v3 all in one deployment is not supported')
  297. }
  298. }