opendev/system-config
Code Issues Proposed changes

Split out jenkins module

Browse Source 
Part of an effort to split most of puppet modules out of system-config:
http://specs.openstack.org/openstack-infra/infra-specs/specs/puppet-modules.html

Depends-On: https://review.openstack.org/#/c/131302/

Change-Id: I1f6588c46a53d83249de68be6c2b36ddb3c805cb
This commit is contained in:
Ramy Asselin 2014-10-27 16:14:42 -07:00
parent ee18ccaca0
commit 1bf253f91b
29 changed files with 3 additions and 1145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules.env
View File

@ -58,5 +58,6 @@ SOURCE_MODULES["https://github.com/puppet-community/puppet-module-puppetboard"]=
if [[ "$PUPPET_INTEGRATION_TEST" -ne "1" ]]; then
SOURCE_MODULES["https://git.openstack.org/openstack-infra/puppet-storyboard"]="origin/master"
SOURCE_MODULES["https://git.openstack.org/openstack-infra/puppet-kibana"]="origin/master"
SOURCE_MODULES["https://git.openstack.org/openstack-infra/puppet-jenkins"]="origin/master"
fi

24
modules/jenkins/files/10-ptrace.conf
View File

@ -1,24 +0,0 @@
# This file is managed by puppet.
#
# The PTRACE system is used for debugging. With it, a single user process
# can attach to any other dumpable process owned by the same user. In the
# case of malicious software, it is possible to use PTRACE to access
# credentials that exist in memory (re-using existing SSH connections,
# extracting GPG agent information, etc).
#
# A PTRACE scope of "0" is the more permissive mode. A scope of "1" limits
# PTRACE only to direct child processes (e.g. "gdb name-of-program" and
# "strace -f name-of-program" work, but gdb's "attach" and "strace -fp $PID"
# do not). The PTRACE scope is ignored when a user has CAP_SYS_PTRACE, so
# "sudo strace -fp $PID" will work as before. For more details see:
# https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace
#
# For applications launching crash handlers that need PTRACE, exceptions can
# be registered by the debugee by declaring in the segfault handler
# specifically which process will be using PTRACE on the debugee:
# prctl(PR_SET_PTRACER, debugger_pid, 0, 0, 0);
#
# In general, PTRACE is not needed for the average running Ubuntu system.
# To that end, the default is to set the PTRACE scope to "1". This value
# may not be appropriate for developers or servers with only admin accounts.
kernel.yama.ptrace_scope = 0

3
modules/jenkins/files/cgroups/cgrules.conf
View File

@ -1,3 +0,0 @@
jenkins:java memory /jenkins
jenkins:sshd memory /jenkins
jenkins memory /jenkins/children

6
modules/jenkins/files/cgroups/upstart_cgconfig
View File

@ -1,6 +0,0 @@
description "load legacy cgconfig files"
author "Jeremy Stanley <fungi@yuggoth.org>"
start on started cgroup-lite
pre-start script
/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
end script

6
modules/jenkins/files/cgroups/upstart_cgred
View File

@ -1,6 +0,0 @@
description "launch cgrulesengd"
author "Jeremy Stanley <fungi@yuggoth.org>"
start on started cgconfig
pre-start script
/usr/sbin/cgrulesengd
end script

12
modules/jenkins/files/localrc
View File

@ -1,12 +0,0 @@
# This file is managed by puppet.
MYSQL_PASSWORD=secret
RABBIT_PASSWORD=secret
ADMIN_PASSWORD=secret
SERVICE_TOKEN=111222333444
ROOTSLEEP=0
SYSLOG=True
ACTIVE_TIMEOUT=60
BOOT_TIMEOUT=90
ASSOCIATE_TIMEOUT=60
MULTI_HOST=1

28
modules/jenkins/files/logger.conf
View File

@ -1,28 +0,0 @@
# Properties file which configures the operation of the JDK
# logging facility.
# reference: http://www.javapractices.com/topic/TopicAction.do?Id=143
# The system will look for this config file, first using
# a System property specified at startup:
#
# >java -Djava.util.logging.config.file=myLoggingConfigFilePath
#
# If this property is not specified, then the config file is
# retrieved from its default location at:
#
# JDK_HOME/jre/lib/logging.properties
# Global logging properties.
# ------------------------------------------
# The set of handlers to be loaded upon startup.
# Comma-separated list of class names.
# (? LogManager docs say no comma here, but JDK example has comma.)
handlers=java.util.logging.ConsoleHandler
# Loggers
# ------------------------------------------
# Loggers are usually attached to packages.
# Here, the level for each package is specified.
# The global level is used by default, so levels
# specified here simply act as an override.
org.gearman.session.logger.level=WARNING

BIN
modules/jenkins/files/openstack-page-bkg.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.7 KiB

24
modules/jenkins/files/openstack.css
View File

@ -1,24 +0,0 @@
body {color: #535353 !important; background: url("/plugin/simple-theme-plugin/openstack-page-bkg.jpg") no-repeat scroll 0 0 white !important; position: static}
a,a:visited {color: #264D69 !important; text-decoration: none !important;}
a:hover {color: #000 !important; text-decoration: underline !important}
#breadcrumbs {border-top: 1px solid #D3D7CF; background: #fff}
#header {margin-top: 5px}
#header tr:first-child {height: 60px}
#heading_text {font-size: 26px; padding-left: 10px; color: #CF2F19; font-family: 'PT Sans', sans-serif; font-weight: normal; letter-spacing: -1px}
#top-panel a:hover {text-decoration: none !important}
#top-panel {background: none;}
#top-panel img:first-child {display: none;}
.pane tr:nth-child(even) {background: #EEF3F5; color: #353535}
.pane tr:nth-child(odd) {background: #FFF; color: #353535}
.pane td {border: 1px solid #C5E2EA !important}
div.top-sticker-inner {background: none;}
div[id*='title-dashboard_portlet'] {background-color: #EEEEEE !important; border: 1px solid #D8D8D8 !important}
#statistics th {background-color: #EEEEEE !important; border: 1px solid #D8D8D8 !important}
#viewList td.inactive {border-top: 0; border-right: 0; border-left: 0; border-bottom: 1px solid #C5E2EA;}
#viewList td.inactive a {color: #353535 !important}
#viewList td.inactive:hover {background: none !important}
#viewList td.active {border-top: 0; border-right: 0; border-left: 0; border-bottom: 3px solid #CF2F19; padding-bottom: 0px !important; color: #CF2F19; background: none;}
#viewList td.filler {border: 0}
pre {color: black}
label {color: black}

BIN
modules/jenkins/files/openstack.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.6 KiB

BIN
modules/jenkins/files/pubring.gpg
View File

Binary file not shown.

34
modules/jenkins/files/settings.xml
View File

@ -1,34 +0,0 @@
<settings>
<pluginGroups>
<pluginGroup>org.jenkins-ci.tools</pluginGroup>
</pluginGroups>
<profiles>
<!-- Give access to Jenkins plugins -->
<profile>
<id>jenkins</id>
<activation>
<activeByDefault>true</activeByDefault> <!-- change this to false, if you don't like to have it on per default -->
</activation>
<repositories>
<repository>
<id>repo.jenkins-ci.org</id>
<url>http://repo.jenkins-ci.org/public/</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<id>repo.jenkins-ci.org</id>
<url>http://repo.jenkins-ci.org/public/</url>
</pluginRepository>
</pluginRepositories>
</profile>
</profiles>
<mirrors>
<mirror>
<id>repo.jenkins-ci.org</id>
<url>http://repo.jenkins-ci.org/public/</url>
<mirrorOf>m.g.o-public</mirrorOf>
</mirror>
</mirrors>
</settings>

3
modules/jenkins/files/ssh_config
View File

@ -1,3 +0,0 @@
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
LogLevel=ERROR

BIN
modules/jenkins/files/stackforge.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.6 KiB

8
modules/jenkins/files/versions.conf
View File

@ -1,8 +0,0 @@
description "BZR smart server of tarball versions"
author "Monty Taylor <mordred@inaugust.com>"
start on (local-filesystems and net-device-up)
stop on runlevel [!2345]
exec bzr serve --allow-writes -d /var/lib/jenkins/versions/

7
modules/jenkins/lib/facter/memorytotalbytes.rb
View File

@ -1,7 +0,0 @@
# memorytotalbytes.rb
Facter.add("memorytotalbytes") do
setcode do
Facter::Util::Resolution.exec('free -b | sed -n \'s/^Mem:\W\+\([0-9]\+\).*$/\1/p\'')
end
end

96
modules/jenkins/manifests/cgroups.pp
View File

@ -1,96 +0,0 @@
# == Class: jenkins::cgroups
#
class jenkins::cgroups {
include jenkins::params
if ($::jenkins::params::cgroups_tools_package != '') {
package { 'cgroups-tools':
ensure => present,
name => $::jenkins::params::cgroups_tools_package,
}
}
package { 'cgroups':
ensure => present,
name => $::jenkins::params::cgroups_package,
}
file { '/etc/cgconfig.conf':
ensure => present,
replace => true,
owner => 'root',
group => 'jenkins',
mode => '0644',
content => template('jenkins/cgconfig.erb'),
}
file { '/etc/cgrules.conf':
ensure => present,
replace => true,
owner => 'root',
group => 'jenkins',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/cgrules.conf',
}
# Starting with Ubuntu Quantal (12.10) cgroup-bin dropped its upstart jobs.
if $::osfamily == 'Debian' {
if $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease >= '12.10' {
file { '/etc/init/cgconfig.conf':
ensure => present,
replace => true,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/upstart_cgconfig',
}
file { '/etc/init.d/cgconfig':
ensure => link,
target => '/lib/init/upstart-job',
}
file { '/etc/init/cgred.conf':
ensure => present,
replace => true,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/jenkins/cgroups/upstart_cgred',
}
file { '/etc/init.d/cgred':
ensure => link,
target => '/lib/init/upstart-job',
}
} else {
file { '/etc/init/cgconfig.conf':
ensure => present,
}
file { '/etc/init/cgred.conf':
ensure => present,
}
}
}
service { 'cgconfig':
ensure => running,
enable => true,
require => $::jenkins::params::cgconfig_require,
subscribe => File['/etc/cgconfig.conf'],
}
service { 'cgred':
ensure => running,
enable => true,
require => $::jenkins::params::cgred_require,
subscribe => File['/etc/cgrules.conf'],
}
}

156
modules/jenkins/manifests/jenkinsuser.pp
View File

@ -1,156 +0,0 @@
# == Class: jenkins::jenkinsuser
#
class jenkins::jenkinsuser(
$ssh_key = '',
$ensure = present,
$gitfullname = 'OpenStack Jenkins',
$gitemail = 'jenkins@openstack.org',
$gerrituser = 'jenkins',
) {
group { 'jenkins':
ensure => present,
}
user { 'jenkins':
ensure => present,
comment => 'Jenkins User',
home => '/home/jenkins',
gid => 'jenkins',
shell => '/bin/bash',
membership => 'minimum',
groups => [],
require => Group['jenkins'],
}
file { '/home/jenkins':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0644',
require => User['jenkins'],
}
file { '/home/jenkins/.pip':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => File['/home/jenkins'],
}
file { '/home/jenkins/.gitconfig':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
content => template('jenkins/gitconfig.erb'),
require => File['/home/jenkins'],
}
file { '/home/jenkins/.ssh':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0600',
require => File['/home/jenkins'],
}
ssh_authorized_key { 'jenkins-master-2014-04-24':
ensure => present,
user => 'jenkins',
type => 'ssh-rsa',
key => $ssh_key,
require => File['/home/jenkins/.ssh'],
}
ssh_authorized_key { '/home/jenkins/.ssh/authorized_keys':
ensure => absent,
user => 'jenkins',
}
#NOTE: not all distributions have default bash files in /etc/skel
if ($::osfamily == 'Debian') {
file { '/home/jenkins/.bashrc':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
source => '/etc/skel/.bashrc',
replace => false,
require => File['/home/jenkins'],
}
file { '/home/jenkins/.bash_logout':
ensure => present,
source => '/etc/skel/.bash_logout',
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
replace => false,
require => File['/home/jenkins'],
}
file { '/home/jenkins/.profile':
ensure => present,
source => '/etc/skel/.profile',
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
replace => false,
require => File['/home/jenkins'],
}
}
file { '/home/jenkins/.ssh/config':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0640',
require => File['/home/jenkins/.ssh'],
source => 'puppet:///modules/jenkins/ssh_config',
}
file { '/home/jenkins/.gnupg':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0700',
require => File['/home/jenkins'],
}
file { '/home/jenkins/.gnupg/pubring.gpg':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0600',
require => File['/home/jenkins/.gnupg'],
source => 'puppet:///modules/jenkins/pubring.gpg',
}
file { '/home/jenkins/.config':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0755',
require => File['/home/jenkins'],
}
file { '/home/jenkins/.m2':
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
mode => '0755',
require => File['/home/jenkins'],
}
file { '/home/jenkins/.m2/settings.xml':
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0644',
require => File['/home/jenkins/.m2'],
source => 'puppet:///modules/jenkins/settings.xml',
}
}

77
modules/jenkins/manifests/job_builder.pp
View File

@ -1,77 +0,0 @@
# == Class: jenkins::job_builder
#
class jenkins::job_builder (
$url = '',
$username = '',
$password = '',
$git_revision = 'master',
$git_url = 'https://git.openstack.org/openstack-infra/jenkins-job-builder',
$config_dir = '',
) {
# A lot of things need yaml, be conservative requiring this package to avoid
# conflicts with other modules.
if ! defined(Package['python-yaml']) {
package { 'python-yaml':
ensure => present,
}
}
if ! defined(Package['python-jenkins']) {
package { 'python-jenkins':
ensure => present,
}
}
vcsrepo { '/opt/jenkins_job_builder':
ensure => latest,
provider => git,
revision => $git_revision,
source => $git_url,
}
exec { 'install_jenkins_job_builder':
command => 'pip install /opt/jenkins_job_builder',
path => '/usr/local/bin:/usr/bin:/bin/',
refreshonly => true,
subscribe => Vcsrepo['/opt/jenkins_job_builder'],
}
file { '/etc/jenkins_jobs':
ensure => directory,
}
file { '/etc/jenkins_jobs/config':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
recurse => true,
purge => true,
force => true,
source => $config_dir,
require => File['/etc/jenkins_jobs'],
notify => Exec['jenkins_jobs_update'],
}
exec { 'jenkins_jobs_update':
command => 'jenkins-jobs update --delete-old /etc/jenkins_jobs/config',
timeout => '600',
path => '/bin:/usr/bin:/usr/local/bin',
refreshonly => true,
require => [
File['/etc/jenkins_jobs/jenkins_jobs.ini'],
Package['python-jenkins'],
Package['python-yaml'],
],
}
# TODO: We should put in notify Exec['jenkins_jobs_update']
# at some point, but that still has some problems.
file { '/etc/jenkins_jobs/jenkins_jobs.ini':
ensure => present,
mode => '0400',
content => template('jenkins/jenkins_jobs.ini.erb'),
require => File['/etc/jenkins_jobs'],
}
}

217
modules/jenkins/manifests/master.pp
View File

@ -1,217 +0,0 @@
# == Class: jenkins::master
#
class jenkins::master(
$logo = '',
$vhost_name = $::fqdn,
$serveradmin = "webmaster@${::fqdn}",
$ssl_cert_file = '',
$ssl_key_file = '',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$jenkins_ssh_private_key = '',
$jenkins_ssh_public_key = '',
) {
include pip
include apt
include apache
package { 'openjdk-7-jre-headless':
ensure => present,
}
package { 'openjdk-6-jre-headless':
ensure => purged,
require => Package['openjdk-7-jre-headless'],
}
#This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
apt::key { 'jenkins':
key => 'D50582E6',
key_source => 'http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key',
}
apt::source { 'jenkins':
location => 'http://pkg.jenkins-ci.org/debian-stable',
release => 'binary/',
repos => '',
require => [
Apt::Key['jenkins'],
Package['openjdk-7-jre-headless'],
],
include_src => false,
}
apache::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'jenkins/jenkins.vhost.erb',
ssl => true,
}
if ! defined(A2mod['rewrite']) {
a2mod { 'rewrite':
ensure => present,
}
}
if ! defined(A2mod['proxy']) {
a2mod { 'proxy':
ensure => present,
}
}
if ! defined(A2mod['proxy_http']) {
a2mod { 'proxy_http':
ensure => present,
}
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
require => Package['ssl-cert'],
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
$packages = [
'python-babel',
'python-sqlalchemy', # devstack-gate
'ssl-cert',
'sqlite3', # interact with devstack-gate DB
]
package { $packages:
ensure => present,
}
package { 'jenkins':
ensure => present,
require => Apt::Source['jenkins'],
}
exec { 'update apt cache':
subscribe => File['/etc/apt/sources.list.d/jenkins.list'],
refreshonly => true,
path => '/bin:/usr/bin',
command => 'apt-get update',
}
file { '/var/lib/jenkins':
ensure => directory,
owner => 'jenkins',
group => 'adm',
require => Package['jenkins'],
}
file { '/var/lib/jenkins/.ssh/':
ensure => directory,
owner => 'jenkins',
group => 'nogroup',
mode => '0700',
require => File['/var/lib/jenkins'],
}
file { '/var/lib/jenkins/.ssh/id_rsa':
owner => 'jenkins',
group => 'nogroup',
mode => '0600',
content => $jenkins_ssh_private_key,
replace => true,
require => File['/var/lib/jenkins/.ssh/'],
}
file { '/var/lib/jenkins/.ssh/id_rsa.pub':
owner => 'jenkins',
group => 'nogroup',
mode => '0644',
content => "ssh_rsa ${jenkins_ssh_public_key} jenkins@${::fqdn}",
replace => true,
require => File['/var/lib/jenkins/.ssh/'],
}
file { '/var/lib/jenkins/plugins':
ensure => directory,
owner => 'jenkins',
group => 'nogroup',
mode => '0750',
require => File['/var/lib/jenkins'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin':
ensure => directory,
owner => 'jenkins',
group => 'nogroup',
require => File['/var/lib/jenkins/plugins'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/openstack.css':
ensure => present,
owner => 'jenkins',
group => 'nogroup',
source => 'puppet:///modules/jenkins/openstack.css',
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/openstack.js':
ensure => present,
owner => 'jenkins',
group => 'nogroup',
content => template('jenkins/openstack.js.erb'),
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/openstack-page-bkg.jpg':
ensure => present,
owner => 'jenkins',
group => 'nogroup',
source => 'puppet:///modules/jenkins/openstack-page-bkg.jpg',
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/var/lib/jenkins/logger.conf':
ensure => present,
owner => 'jenkins',
group => 'nogroup',
source => 'puppet:///modules/jenkins/logger.conf',
require => File['/var/lib/jenkins'],
}
file { '/var/lib/jenkins/plugins/simple-theme-plugin/title.png':
ensure => present,
owner => 'jenkins',
group => 'nogroup',
source => "puppet:///modules/jenkins/${logo}",
require => File['/var/lib/jenkins/plugins/simple-theme-plugin'],
}
file { '/usr/local/jenkins':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
}

59
modules/jenkins/manifests/params.pp
View File

@ -1,59 +0,0 @@
# Class: jenkins::params
#
# This class holds parameters that need to be
# accessed by other classes.
class jenkins::params {
case $::osfamily {
'RedHat': {
#yum groupinstall "Development Tools"
# common packages
if ($::operatingsystem == 'Fedora') and ($::operatingsystemrelease >= 21) {
$jdk_package = 'java-1.8.0-openjdk-devel'
} else {
$jdk_package = 'java-1.7.0-openjdk-devel'
}
$ccache_package = 'ccache'
$python_netaddr_package = 'python-netaddr'
# FIXME: No Maven packages on RHEL
#$maven_package = 'maven'
$cgroups_package = 'libcgroup'
if ($::operatingsystem == 'Fedora') and ($::operatingsystemrelease >= 19) {
$cgroups_tools_package = 'libcgroup-tools'
$cgconfig_require = [
Package['cgroups'],
Package['cgroups-tools'],
]
$cgred_require = [
Package['cgroups'],
Package['cgroups-tools'],
]
} else {
$cgroups_tools_package = ''
$cgconfig_require = Package['cgroups']
$cgred_require = Package['cgroups']
}
}
'Debian': {
# common packages
$jdk_package = 'openjdk-7-jdk'
$ccache_package = 'ccache'
$python_netaddr_package = 'python-netaddr'
$maven_package = 'maven2'
$ruby1_9_1_package = 'ruby1.9.1'
$ruby1_9_1_dev_package = 'ruby1.9.1-dev'
$cgroups_package = 'cgroup-bin'
$cgroups_tools_package = ''
$cgconfig_require = [
Package['cgroups'],
File['/etc/init/cgconfig.conf'],
]
$cgred_require = [
Package['cgroups'],
File['/etc/init/cgred.conf'],
]
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'jenkins' module only supports osfamily Debian or RedHat (slaves only).")
}
}
}

70
modules/jenkins/manifests/plugin.pp
View File

@ -1,70 +0,0 @@
# Copyright (C) 2014 R. Tyler Croy <tyler@monkeypox.org>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Defined resource type to install jenkins plugins.
#
# Borrowed from: https://github.com/jenkinsci/puppet-jenkins
#
define jenkins::plugin(
$version=0,
) {
$plugin = "${name}.hpi"
$plugin_dir = '/var/lib/jenkins/plugins'
$plugin_parent_dir = '/var/lib/jenkins'
if ($version != 0) {
$base_url = "http://updates.jenkins-ci.org/download/plugins/${name}/${version}"
}
else {
$base_url = 'http://updates.jenkins-ci.org/latest'
}
if (!defined(File[$plugin_dir])) {
file {
[
$plugin_parent_dir,
$plugin_dir,
]:
ensure => directory,
owner => 'jenkins',
group => 'jenkins',
require => [Group['jenkins'], User['jenkins']],
}
}
if (!defined(Group['jenkins'])) {
group { 'jenkins' :
ensure => present,
}
}
if (!defined(User['jenkins'])) {
user { 'jenkins' :
ensure => present,
}
}
exec { "download-${name}" :
command => "wget --no-check-certificate ${base_url}/${plugin}",
cwd => $plugin_dir,
require => File[$plugin_dir],
path => ['/usr/bin', '/usr/sbin',],
user => 'jenkins',
unless => "test -f ${plugin_dir}/${name}.?pi",
# OpenStack modification: don't auto-restart jenkins so we can control
# outage timing better.
# notify => Service['jenkins'],
}
}

175
modules/jenkins/manifests/slave.pp
View File

@ -1,175 +0,0 @@
# == Class: jenkins::slave
#
class jenkins::slave(
$ssh_key = '',
$user = true,
$python3 = false,
$gitfullname = 'OpenStack Jenkins',
$gitemail = 'jenkins@openstack.org',
$gerrituser = 'jenkins',
) {
include haveged
include pip
include jenkins::params
if ($user == true) {
class { 'jenkins::jenkinsuser':
ensure => present,
ssh_key => $ssh_key,
gitfullname => $gitfullname,
gitemail => $gitemail,
gerrituser => $gerrituser,
}
}
anchor { 'jenkins::slave::update-java-alternatives': }
# Packages that all jenkins slaves need
$packages = [
$::jenkins::params::jdk_package, # jdk for building java jobs
$::jenkins::params::ccache_package,
$::jenkins::params::python_netaddr_package, # Needed for devstack address_in_net()
]
file { '/etc/apt/sources.list.d/cloudarchive.list':
ensure => absent,
}
package { $packages:
ensure => present,
before => Anchor['jenkins::slave::update-java-alternatives']
}
case $::osfamily {
'RedHat': {
exec { 'yum Group Install':
unless => '/usr/bin/yum grouplist "Development tools" | /bin/grep "^Installed [Gg]roups"',
command => '/usr/bin/yum -y groupinstall "Development tools"',
}
if ($::operatingsystem != 'Fedora') {
exec { 'update-java-alternatives':
unless => '/bin/ls -l /etc/alternatives/java | /bin/grep 1.7.0-openjdk',
command => '/usr/sbin/alternatives --set java /usr/lib/jvm/jre-1.7.0-openjdk.x86_64/bin/java && /usr/sbin/alternatives --set javac /usr/lib/jvm/java-1.7.0-openjdk.x86_64/bin/javac',
require => Anchor['jenkins::slave::update-java-alternatives']
}
}
}
'Debian': {
# install build-essential package group
package { 'build-essential':
ensure => present,
}
package { $::jenkins::params::maven_package:
ensure => present,
require => Package[$::jenkins::params::jdk_package],
}
package { $::jenkins::params::ruby1_9_1_package:
ensure => present,
}
package { $::jenkins::params::ruby1_9_1_dev_package:
ensure => present,
}
package { 'openjdk-6-jre-headless':
ensure => purged,
require => Package[$::jenkins::params::jdk_package],
}
exec { 'update-java-alternatives':
unless => '/bin/ls -l /etc/alternatives/java | /bin/grep java-7-openjdk-amd64',
command => '/usr/sbin/update-java-alternatives --set java-1.7.0-openjdk-amd64',
require => Anchor['jenkins::slave::update-java-alternatives']
}
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'jenkins' module only supports osfamily Debian or RedHat (slaves only).")
}
}
if $python3 {
if ($::lsbdistcodename == 'precise') {
apt::ppa { 'ppa:zulcss/py3k':
before => Class[pip::python3],
}
}
include pip::python3
package { 'tox':
ensure => 'latest',
provider => pip3,
require => Class['pip::python3'],
}
} else {
package { 'tox':
ensure => 'latest',
provider => pip,
require => Class['pip'],
}
}
package { 'git-review':
ensure => '1.17',
provider => pip,
require => Class[pip],
}
file { '/usr/local/bin/gcc':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/bin/g++':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/bin/cc':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/bin/c++':
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-gcc":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-g++":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-cc":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { "/usr/local/bin/${::hardwareisa}-linux-gnu-c++":
ensure => link,
target => '/usr/bin/ccache',
require => Package['ccache'],
}
file { '/usr/local/jenkins':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
}

61
modules/jenkins/templates/cgconfig.erb
View File

@ -1,61 +0,0 @@
<% if operatingsystem == "Fedora" then
# Fedora auto-mounts subsystems under /sys/fs/cgroup/ already, so no
# mount section is needed. %>
<% elsif osfamily == "RedHat" then %>
mount {
cpuset = /cgroup/cpuset;
cpu = /cgroup/cpu;
cpuacct = /cgroup/cpuacct;
memory = /cgroup/memory;
devices = /cgroup/devices;
freezer = /cgroup/freezer;
net_cls = /cgroup/net_cls;
blkio = /cgroup/blkio;
}
<% elsif ( operatingsystemrelease < '12.10' ) or ( operatingsystem != 'Ubuntu' ) then %>
mount {
cpu = /sys/fs/cgroup/cpu;
cpuacct = /sys/fs/cgroup/cpuacct;
devices = /sys/fs/cgroup/devices;
memory = /sys/fs/cgroup/memory;
freezer = /sys/fs/cgroup/freezer;
}
<% end %>
group jenkins {
perm {
task {
uid = jenkins;
gid = jenkins;
}
admin {
uid = root;
gid = root;
}
}
}
group jenkins/children {
perm {
task {
uid = jenkins;
gid = jenkins;
}
admin {
uid = root;
gid = root;
}
}
memory {
memory.soft_limit_in_bytes = <%= (memorytotalbytes.to_f * 0.75).to_i %>;
memory.limit_in_bytes = <%= (memorytotalbytes.to_f * 0.9).to_i %>;
<% if (operatingsystem == "Fedora") and (operatingsystemrelease == "18") then
# Because of Red Hat bug 918951, swap management doesn't
# work in Fedora 18 but should be fixed in 19. %>
<% else %>
memory.memsw.limit_in_bytes = <%= (memorytotalbytes.to_f * 0.9).to_i %>;
<% end %>
}
}

6
modules/jenkins/templates/gitconfig.erb
View File

@ -1,6 +0,0 @@
[user]
name = <%= scope.lookupvar('jenkins::jenkinsuser::gitfullname') %>
email = <%= scope.lookupvar('jenkins::jenkinsuser::gitemail') %>
[gitreview]
rebase = false
username = <%= scope.lookupvar('jenkins::jenkinsuser::gerrituser') %>

47
modules/jenkins/templates/jenkins.vhost.erb
View File

@ -1,47 +0,0 @@
<VirtualHost <%= scope.lookupvar("::jenkins::master::vhost_name") %>:80>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-access.log combined
Redirect / https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/
</VirtualHost>
<VirtualHost <%= scope.lookupvar("::jenkins::master::vhost_name") %>:443>
ServerName <%= scope.lookupvar("::jenkins::master::vhost_name") %>
ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("::jenkins::master::ssl_key_file") %>
<% if scope.lookupvar("::jenkins::master::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("::jenkins::master::ssl_chain_file") %>
<% end %>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("::jenkins::master::vhost_name") %>
RewriteRule ^.*$ https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/
RewriteRule /zuul/status http://127.0.0.1:8001/status [P]
ProxyPass / http://127.0.0.1:8080/ retry=0
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>

4
modules/jenkins/templates/jenkins_jobs.ini.erb
View File

@ -1,4 +0,0 @@
[jenkins]
user=<%= username %>
password=<%= password %>
url=<%= url %>

22
modules/jenkins/templates/openstack.js.erb
View File

@ -1,22 +0,0 @@
function makeDoubleDelegate(function1, function2) {
return function() {
if (function1)
function1();
if (function2)
function2();
}
}
function chgeLogo() {
var imgs=document.getElementsByTagName("img");
var imgTag = document.createElement("img");
imgTag.setAttribute("src","https://<%= vhost_name %>/plugin/simple-theme-plugin/title.png");
imgTag.setAttribute("style", "vertical-align: middle;padding-left: 0.75em;");
imgs[0].parentNode.appendChild(imgTag);
var spanTag = document.createElement("span");
spanTag.id="heading_text";
spanTag.innerHTML="Jenkins CI";
imgs[0].parentNode.appendChild(spanTag);
}
window.onload = makeDoubleDelegate(window.onload, chgeLogo);

2
tools/apply-test.sh
View File

@ -32,8 +32,10 @@ sudo -E /usr/zuul-env/bin/zuul-cloner -m clonemap.yaml --cache-dir /opt/git \
git://git.openstack.org \
openstack-infra/puppet-storyboard \
openstack-infra/project-config \
openstack-infra/puppet-jenkins \
openstack-infra/puppet-kibana
if [[ ! -d applytest ]] ; then
mkdir applytest
fi