Merge "Modify puppet repo to work with stackforge"

manifests/site.pp

@@ -68,7 +68,9 @@ class openstack_server {
 
 class openstack_jenkins_slave {
   include openstack_server
-  include jenkins_slave
+  class { 'jenkins_slave':
+    ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson'
+  }
 }
 
 #
@@ -181,13 +183,18 @@ node "gerrit-dev.openstack.org" {
 node "jenkins.openstack.org" {
   $iptables_public_tcp_ports = [80, 443, 4155]
   include openstack_server
-  include jenkins_master
+  class { 'jenkins_master':
+    site => 'jenkins.openstack.org',
+    serveradmin => 'webmaster@openstack.org'
+  }
 }
 
 node "jenkins-dev.openstack.org" {
   $iptables_public_tcp_ports = [80, 443, 4155]
   include openstack_server
-  include jenkins_master
+  class { 'jenkins_master':
+    site => 'openstack'
+  }
 }
 
 node "community.openstack.org" {

manifests/stackforge.pp

@@ -0,0 +1,110 @@
+import "doc_server" # TODO: refactor out of module
+import "users"
+#
+# Abstract classes:
+#
+class openstack_base {
+  include openstack_project::users
+  include ssh
+  include snmpd
+  include exim
+  include sudoers
+
+  class { 'iptables':
+    public_tcp_ports => $iptables_public_tcp_ports,
+  }
+
+  file { '/etc/profile.d/Z98-byobu.sh':
+    ensure => 'absent'
+  }
+
+  package { "ntp":
+    ensure => installed
+    }
+
+  service { 'ntpd':
+    name       => 'ntp',
+    ensure     => running,
+    enable     => true,
+    hasrestart => true,
+    require => Package['ntp'],
+  }
+
+  $packages = ["python-software-properties",
+               "puppet",
+               "bzr",
+               "git",
+               "python-setuptools",
+               "python-virtualenv",
+               "byobu"]
+  package { $packages: ensure => "latest" }
+}
+
+# A template host with no running services
+class openstack_template {
+  include openstack_base
+  realize (
+    User::Virtual::Localuser["mordred"],
+    User::Virtual::Localuser["corvus"],
+    User::Virtual::Localuser["soren"],
+    User::Virtual::Localuser["linuxjedi"],
+  )
+}
+
+# A server that we expect to run for some time
+class openstack_server {
+  include openstack_template
+}
+
+class openstack_jenkins_slave {
+  include openstack_server
+  class { 'jenkins_slave':
+    ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvlHx1TM9y6Y+oWJwPQP1jDejQYLA5MaTgD2oQOgQapSAWWU3f9/xcKKF4I5cC833xrSqFCqpstuWt5FdtO6qL5KMqGeVOwTCgcH0uGHciSF/zxBVpHp2n3rHLb0Fibyz/ys2kI+9J/hD0+GlVNQ/U8h9PZPMLFoJIZz5ep5WBszLM5z4vymBZ3GeytD8hk1BW0GLYi9vYWFrwoCTH6o6xRtdKajNE/9NcRGXjkY+SW7EGvqTAfLdsQ8q23MIO2ZX6YOpnmxAmR3OyNEOMo7Y/XCWjqTGWhQ669YaFxagS65f7EGCGwhhgQPtReDwkW88yTGhU3fZjS6Rc3BymTsnx jenkins@jenkins.stackforge.org'
+  }
+}
+
+#
+# Default: should at least behave like an openstack server
+#
+
+node default {
+  include openstack_server
+}
+
+#
+# Long lived servers:
+#
+node "puppet.stackforge.org" {
+  $iptables_public_tcp_ports = [8140]
+  include openstack_server
+}
+
+node "review.stackforge.org" {
+  $iptables_public_tcp_ports = [80, 443, 29418]
+  include openstack_server
+  class { 'gerrit':
+    canonicalweburl => "https://review.stackforge.org/",
+    email => "review@stackforge.org",
+    github_projects => [ {
+                         name => 'stackforge/MRaaS',
+                         close_pull => 'true'
+                         } ]
+  }
+}
+
+node "jenkins.stackforge.org" {
+  $iptables_public_tcp_ports = [80, 443, 4155]
+  include openstack_server
+  class { 'jenkins_master':
+    serveradmin => 'webmaster@stackforge.org',
+    site => 'jenkins.stackforge.org'
+  }
+}
+
+#
+# Jenkins slaves:
+#
+node /^build.*\.slave\.stackforge\.org$/ {
+  include openstack_jenkins_slave
+}
+

modules/gerrit/lib/facter/gerrit_installed.rb

@@ -1,5 +0,0 @@
-Facter.add("gerrit_installed") do
-  setcode do
-    FileTest.directory?("/home/gerrit2/review_site/")
-  end
-end

modules/gerrit/manifests/init.pp

@@ -17,6 +17,21 @@ $commentlinks = [ { name => 'changeid',
                   ]
   ) {
 
+  user { "gerrit2":
+    ensure => present,
+    comment => "Gerrit",
+    home => "/home/gerrit2",
+    shell => "/bin/bash",
+    gid => "gerrit2",
+    system => true,
+    managehome => true,
+    require => Group["gerrit2"]
+  }
+
+  group { "gerrit2":
+    ensure => present
+  }
+
   package { "gitweb":
     ensure => latest
   }
@@ -33,104 +48,129 @@ $commentlinks = [ { name => 'changeid',
     require => Package[python-pip]
   }
 
-  if $gerrit_installed {
-    #notice('Gerrit is installed')
+  cron { "gerritupdateci":
+    user => gerrit2,
+    minute => "*/15",
+    command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
+  }
 
-    cron { "gerritupdateci":
-      user => gerrit2,
-      minute => "*/15",
-      command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
-    }
+  cron { "gerritsyncusers":
+    user => gerrit2,
+    minute => "*/15",
+    command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
+  }
 
-    cron { "gerritsyncusers":
-      user => gerrit2,
-      minute => "*/15",
-      command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
-    }
+  cron { "gerritclosepull":
+    user => gerrit2,
+    minute => "*/5",
+    command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
+  }
 
-    cron { "gerritclosepull":
-      user => gerrit2,
-      minute => "*/5",
-      command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
-    }
+  cron { "expireoldreviews":
+    user => gerrit2,
+    hour => 6,
+    minute => 3,
+    command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
+  }
 
-    cron { "expireoldreviews":
-      user => gerrit2,
-      hour => 6,
-      minute => 3,
-      command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
-    }
+  cron { "gerrit_repack":
+    user => gerrit2,
+    weekday => 0,
+    hour => 4,
+    minute => 7,
+    command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
+    environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
+  }
 
-    cron { "gerrit_repack":
-      user => gerrit2,
-      weekday => 0,
-      hour => 4,
-      minute => 7,
-      command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
-      environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
-    }
+  file { "/var/log/gerrit":
+    ensure => "directory",
+    owner => 'gerrit2'
+  }
 
-    file { "/var/log/gerrit":
-      ensure => "directory",
-      owner => 'gerrit2'
-    }
+# directory creation hacks until we can automate gerrit installation
 
-    file { '/home/gerrit2/github.config':
-      owner => 'root',
-      group => 'root',
-      mode => 444,
-      ensure => 'present',
-      content => template('gerrit/github.config.erb'),
-      replace => 'true',
-    }
+  file { "/home/gerrit2/review_site":
+    ensure => "directory",
+    owner => "gerrit2",
+    require => User["gerrit2"]
+  }
 
-    file { '/home/gerrit2/review_site/etc/replication.config':
-      owner => 'root',
-      group => 'root',
-      mode => 444,
-      ensure => 'present',
-      source => 'puppet:///modules/gerrit/replication.config',
-      replace => 'true',
-    }
+  file { "/home/gerrit2/review_site/etc":
+    ensure => "directory",
+    owner => "gerrit2",
+    require => File["/home/gerrit2/review_site"]
+  }
 
-    file { '/home/gerrit2/review_site/etc/gerrit.config':
-      owner => 'root',
-      group => 'root',
-      mode => 444,
-      ensure => 'present',
-      content => template('gerrit/gerrit.config.erb'),
-      replace => 'true',
-    }
+  file { "/home/gerrit2/review_site/hooks":
+    ensure => "directory",
+    owner => "gerrit2",
+    require => File["/home/gerrit2/review_site"]
+  }
 
-    file { '/home/gerrit2/review_site/hooks/change-merged':
-      owner => 'root',
-      group => 'root',
-      mode => 555,
-      ensure => 'present',
-      source => 'puppet:///modules/gerrit/change-merged',
-      replace => 'true',
-    }
+  file { "/home/gerrit2/review_site/static":
+    ensure => "directory",
+    owner => "gerrit2",
+    require => File["/home/gerrit2/review_site"]
+  }
 
-    file { '/home/gerrit2/review_site/hooks/patchset-created':
-      owner => 'root',
-      group => 'root',
-      mode => 555,
-      ensure => 'present',
-      source => 'puppet:///modules/gerrit/patchset-created',
-      replace => 'true',
-    }
+  file { '/home/gerrit2/github.config':
+    owner => 'root',
+    group => 'root',
+    mode => 444,
+    ensure => 'present',
+    content => template('gerrit/github.config.erb'),
+    replace => 'true',
+    require => User["gerrit2"]
+  }
 
-    file { '/home/gerrit2/review_site/static/echosign-cla.html':
-      owner => 'root',
-      group => 'root',
-      mode => 444,
-      ensure => 'present',
-      source => 'puppet:///modules/gerrit/echosign-cla.html',
-      replace => 'true',
-    }
+  file { '/home/gerrit2/review_site/etc/replication.config':
+    owner => 'root',
+    group => 'root',
+    mode => 444,
+    ensure => 'present',
+    source => 'puppet:///modules/gerrit/replication.config',
+    replace => 'true',
+    require => File["/home/gerrit2/review_site/etc"]
+  }
 
-  } else {
-    notice('Gerrit is not installed')
+  file { '/home/gerrit2/review_site/etc/gerrit.config':
+    owner => 'root',
+    group => 'root',
+    mode => 444,
+    ensure => 'present',
+    content => template('gerrit/gerrit.config.erb'),
+    replace => 'true',
+    require => File["/home/gerrit2/review_site/etc"]
+  }
+
+  file { '/home/gerrit2/review_site/hooks/change-merged':
+    owner => 'root',
+    group => 'root',
+    mode => 555,
+    ensure => 'present',
+    source => 'puppet:///modules/gerrit/change-merged',
+    replace => 'true',
+    require => File["/home/gerrit2/review_site/hooks"]
+  }
+
+  file { '/home/gerrit2/review_site/hooks/patchset-created':
+    owner => 'root',
+    group => 'root',
+    mode => 555,
+    ensure => 'present',
+    source => 'puppet:///modules/gerrit/patchset-created',
+    replace => 'true',
+    require => File["/home/gerrit2/review_site/hooks"]
+  }
+
+  file { '/home/gerrit2/review_site/static/echosign-cla.html':
+    owner => 'root',
+    group => 'root',
+    mode => 444,
+    ensure => 'present',
+    source => 'puppet:///modules/gerrit/echosign-cla.html',
+    replace => 'true',
+    require => File["/home/gerrit2/review_site/static"]
   }
 
 }

modules/jenkins_master/manifests/init.pp

@@ -1,4 +1,4 @@
-class jenkins_master {
+class jenkins_master($site, $serveradmin) {
 
   #This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
   apt::key { "D50582E6":
@@ -21,7 +21,7 @@ class jenkins_master {
     group => 'root',
     mode => 444,
     ensure => 'present',
-    source => "puppet:///modules/jenkins_master/apache.conf",
+    content => template("jenkins_master/apache.conf.erb"),
     replace => 'true',
     require => Package['apache2'],
   }

modules/jenkins_master/templates/apache.conf.erb

@@ -1,5 +1,5 @@
 <VirtualHost _default_:80>
-             ServerAdmin webmaster@openstack.org
+             ServerAdmin <%= serveradmin %>
 
              ErrorLog ${APACHE_LOG_DIR}/jenkins-error.log
 
@@ -9,12 +9,12 @@
 
              CustomLog ${APACHE_LOG_DIR}/jenkins-access.log combined
 
-             Redirect / https://jenkins.openstack.org/
+             Redirect / https://<%= site %>/
 
 </VirtualHost>
 
 <VirtualHost _default_:443>
-             ServerAdmin webmaster@openstack.org
+             ServerAdmin <%= serveradmin %>
 
              ErrorLog ${APACHE_LOG_DIR}/jenkins-ssl-error.log
 
@@ -28,8 +28,8 @@
              #   Enable/Disable SSL for this virtual host.
              SSLEngine on
 
-             SSLCertificateFile    /etc/ssl/certs/jenkins.openstack.org.pem
-             SSLCertificateKeyFile /etc/ssl/private/jenkins.openstack.org.key
+             SSLCertificateFile    /etc/ssl/certs/<%= site %>.pem
+             SSLCertificateKeyFile /etc/ssl/private/<%= site %>.key
              SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
 
              BrowserMatch "MSIE [2-6]" \
@@ -39,8 +39,8 @@
              BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
              RewriteEngine on
-             RewriteCond %{HTTP_HOST} !jenkins.openstack.org
-             RewriteRule ^.*$ https://jenkins.openstack.org/
+             RewriteCond %{HTTP_HOST} !<%= site %>
+             RewriteRule ^.*$ https://<%= site %>/
 
              ProxyPass / http://127.0.0.1:8080/ retry=0
              ProxyPassReverse / http://127.0.0.1:8080/

modules/jenkins_slave/manifests/init.pp

@@ -1,7 +1,8 @@
-class jenkins_slave {
+class jenkins_slave($ssh_key) {
 
     jenkinsuser { "jenkins":
       ensure => present,
+      ssh_key => "${ssh_key}"
     }
 
     slavecirepo { "openstack-ci":

modules/jenkins_slave/manifests/jenkinsuser.pp

@@ -1,4 +1,4 @@
-define jenkinsuser($ensure = present) {
+define jenkinsuser($ensure = present, $ssh_key) {
 
   group { 'jenkins':
     ensure => 'present'
@@ -36,7 +36,7 @@ define jenkinsuser($ensure = present) {
     owner => 'jenkins',
     group => 'jenkins',
     mode => 640,
-    content => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson",
+    content => "${ssh_key}",
     ensure => 'present',
     require => File['jenkinssshdir'],
   }