diff --git a/manifests/site.pp b/manifests/site.pp
index 0c60820ac9..abc2ce4c58 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -68,7 +68,9 @@ class openstack_server {
class openstack_jenkins_slave {
include openstack_server
- include jenkins_slave
+ class { 'jenkins_slave':
+ ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson'
+ }
}
#
@@ -181,13 +183,18 @@ node "gerrit-dev.openstack.org" {
node "jenkins.openstack.org" {
$iptables_public_tcp_ports = [80, 443, 4155]
include openstack_server
- include jenkins_master
+ class { 'jenkins_master':
+ site => 'jenkins.openstack.org',
+ serveradmin => 'webmaster@openstack.org'
+ }
}
node "jenkins-dev.openstack.org" {
$iptables_public_tcp_ports = [80, 443, 4155]
include openstack_server
- include jenkins_master
+ class { 'jenkins_master':
+ site => 'openstack'
+ }
}
node "community.openstack.org" {
diff --git a/manifests/stackforge.pp b/manifests/stackforge.pp
new file mode 100644
index 0000000000..2ca2ec3686
--- /dev/null
+++ b/manifests/stackforge.pp
@@ -0,0 +1,110 @@
+import "doc_server" # TODO: refactor out of module
+import "users"
+#
+# Abstract classes:
+#
+class openstack_base {
+ include openstack_project::users
+ include ssh
+ include snmpd
+ include exim
+ include sudoers
+
+ class { 'iptables':
+ public_tcp_ports => $iptables_public_tcp_ports,
+ }
+
+ file { '/etc/profile.d/Z98-byobu.sh':
+ ensure => 'absent'
+ }
+
+ package { "ntp":
+ ensure => installed
+ }
+
+ service { 'ntpd':
+ name => 'ntp',
+ ensure => running,
+ enable => true,
+ hasrestart => true,
+ require => Package['ntp'],
+ }
+
+ $packages = ["python-software-properties",
+ "puppet",
+ "bzr",
+ "git",
+ "python-setuptools",
+ "python-virtualenv",
+ "byobu"]
+ package { $packages: ensure => "latest" }
+}
+
+# A template host with no running services
+class openstack_template {
+ include openstack_base
+ realize (
+ User::Virtual::Localuser["mordred"],
+ User::Virtual::Localuser["corvus"],
+ User::Virtual::Localuser["soren"],
+ User::Virtual::Localuser["linuxjedi"],
+ )
+}
+
+# A server that we expect to run for some time
+class openstack_server {
+ include openstack_template
+}
+
+class openstack_jenkins_slave {
+ include openstack_server
+ class { 'jenkins_slave':
+ ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvlHx1TM9y6Y+oWJwPQP1jDejQYLA5MaTgD2oQOgQapSAWWU3f9/xcKKF4I5cC833xrSqFCqpstuWt5FdtO6qL5KMqGeVOwTCgcH0uGHciSF/zxBVpHp2n3rHLb0Fibyz/ys2kI+9J/hD0+GlVNQ/U8h9PZPMLFoJIZz5ep5WBszLM5z4vymBZ3GeytD8hk1BW0GLYi9vYWFrwoCTH6o6xRtdKajNE/9NcRGXjkY+SW7EGvqTAfLdsQ8q23MIO2ZX6YOpnmxAmR3OyNEOMo7Y/XCWjqTGWhQ669YaFxagS65f7EGCGwhhgQPtReDwkW88yTGhU3fZjS6Rc3BymTsnx jenkins@jenkins.stackforge.org'
+ }
+}
+
+#
+# Default: should at least behave like an openstack server
+#
+
+node default {
+ include openstack_server
+}
+
+#
+# Long lived servers:
+#
+node "puppet.stackforge.org" {
+ $iptables_public_tcp_ports = [8140]
+ include openstack_server
+}
+
+node "review.stackforge.org" {
+ $iptables_public_tcp_ports = [80, 443, 29418]
+ include openstack_server
+ class { 'gerrit':
+ canonicalweburl => "https://review.stackforge.org/",
+ email => "review@stackforge.org",
+ github_projects => [ {
+ name => 'stackforge/MRaaS',
+ close_pull => 'true'
+ } ]
+ }
+}
+
+node "jenkins.stackforge.org" {
+ $iptables_public_tcp_ports = [80, 443, 4155]
+ include openstack_server
+ class { 'jenkins_master':
+ serveradmin => 'webmaster@stackforge.org',
+ site => 'jenkins.stackforge.org'
+ }
+}
+
+#
+# Jenkins slaves:
+#
+node /^build.*\.slave\.stackforge\.org$/ {
+ include openstack_jenkins_slave
+}
+
diff --git a/modules/gerrit/lib/facter/gerrit_installed.rb b/modules/gerrit/lib/facter/gerrit_installed.rb
deleted file mode 100644
index b3ec1019bc..0000000000
--- a/modules/gerrit/lib/facter/gerrit_installed.rb
+++ /dev/null
@@ -1,5 +0,0 @@
-Facter.add("gerrit_installed") do
- setcode do
- FileTest.directory?("/home/gerrit2/review_site/")
- end
-end
diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index 2a5851535d..b86aba2598 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -17,6 +17,21 @@ $commentlinks = [ { name => 'changeid',
]
) {
+ user { "gerrit2":
+ ensure => present,
+ comment => "Gerrit",
+ home => "/home/gerrit2",
+ shell => "/bin/bash",
+ gid => "gerrit2",
+ system => true,
+ managehome => true,
+ require => Group["gerrit2"]
+ }
+
+ group { "gerrit2":
+ ensure => present
+ }
+
package { "gitweb":
ensure => latest
}
@@ -33,104 +48,129 @@ $commentlinks = [ { name => 'changeid',
require => Package[python-pip]
}
- if $gerrit_installed {
- #notice('Gerrit is installed')
+ cron { "gerritupdateci":
+ user => gerrit2,
+ minute => "*/15",
+ command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
+ }
- cron { "gerritupdateci":
- user => gerrit2,
- minute => "*/15",
- command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
- }
+ cron { "gerritsyncusers":
+ user => gerrit2,
+ minute => "*/15",
+ command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
+ }
- cron { "gerritsyncusers":
- user => gerrit2,
- minute => "*/15",
- command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
- }
+ cron { "gerritclosepull":
+ user => gerrit2,
+ minute => "*/5",
+ command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
+ }
- cron { "gerritclosepull":
- user => gerrit2,
- minute => "*/5",
- command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
- }
+ cron { "expireoldreviews":
+ user => gerrit2,
+ hour => 6,
+ minute => 3,
+ command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
+ }
- cron { "expireoldreviews":
- user => gerrit2,
- hour => 6,
- minute => 3,
- command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
- }
+ cron { "gerrit_repack":
+ user => gerrit2,
+ weekday => 0,
+ hour => 4,
+ minute => 7,
+ command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
+ environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
+ }
- cron { "gerrit_repack":
- user => gerrit2,
- weekday => 0,
- hour => 4,
- minute => 7,
- command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
- environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
- }
+ file { "/var/log/gerrit":
+ ensure => "directory",
+ owner => 'gerrit2'
+ }
- file { "/var/log/gerrit":
- ensure => "directory",
- owner => 'gerrit2'
- }
+# directory creation hacks until we can automate gerrit installation
- file { '/home/gerrit2/github.config':
- owner => 'root',
- group => 'root',
- mode => 444,
- ensure => 'present',
- content => template('gerrit/github.config.erb'),
- replace => 'true',
- }
+ file { "/home/gerrit2/review_site":
+ ensure => "directory",
+ owner => "gerrit2",
+ require => User["gerrit2"]
+ }
- file { '/home/gerrit2/review_site/etc/replication.config':
- owner => 'root',
- group => 'root',
- mode => 444,
- ensure => 'present',
- source => 'puppet:///modules/gerrit/replication.config',
- replace => 'true',
- }
+ file { "/home/gerrit2/review_site/etc":
+ ensure => "directory",
+ owner => "gerrit2",
+ require => File["/home/gerrit2/review_site"]
+ }
- file { '/home/gerrit2/review_site/etc/gerrit.config':
- owner => 'root',
- group => 'root',
- mode => 444,
- ensure => 'present',
- content => template('gerrit/gerrit.config.erb'),
- replace => 'true',
- }
+ file { "/home/gerrit2/review_site/hooks":
+ ensure => "directory",
+ owner => "gerrit2",
+ require => File["/home/gerrit2/review_site"]
+ }
- file { '/home/gerrit2/review_site/hooks/change-merged':
- owner => 'root',
- group => 'root',
- mode => 555,
- ensure => 'present',
- source => 'puppet:///modules/gerrit/change-merged',
- replace => 'true',
- }
+ file { "/home/gerrit2/review_site/static":
+ ensure => "directory",
+ owner => "gerrit2",
+ require => File["/home/gerrit2/review_site"]
+ }
- file { '/home/gerrit2/review_site/hooks/patchset-created':
- owner => 'root',
- group => 'root',
- mode => 555,
- ensure => 'present',
- source => 'puppet:///modules/gerrit/patchset-created',
- replace => 'true',
- }
+ file { '/home/gerrit2/github.config':
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ ensure => 'present',
+ content => template('gerrit/github.config.erb'),
+ replace => 'true',
+ require => User["gerrit2"]
+ }
- file { '/home/gerrit2/review_site/static/echosign-cla.html':
- owner => 'root',
- group => 'root',
- mode => 444,
- ensure => 'present',
- source => 'puppet:///modules/gerrit/echosign-cla.html',
- replace => 'true',
- }
+ file { '/home/gerrit2/review_site/etc/replication.config':
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ ensure => 'present',
+ source => 'puppet:///modules/gerrit/replication.config',
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/etc"]
+ }
- } else {
- notice('Gerrit is not installed')
+ file { '/home/gerrit2/review_site/etc/gerrit.config':
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ ensure => 'present',
+ content => template('gerrit/gerrit.config.erb'),
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/etc"]
+ }
+
+ file { '/home/gerrit2/review_site/hooks/change-merged':
+ owner => 'root',
+ group => 'root',
+ mode => 555,
+ ensure => 'present',
+ source => 'puppet:///modules/gerrit/change-merged',
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/hooks"]
+ }
+
+ file { '/home/gerrit2/review_site/hooks/patchset-created':
+ owner => 'root',
+ group => 'root',
+ mode => 555,
+ ensure => 'present',
+ source => 'puppet:///modules/gerrit/patchset-created',
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/hooks"]
+ }
+
+ file { '/home/gerrit2/review_site/static/echosign-cla.html':
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ ensure => 'present',
+ source => 'puppet:///modules/gerrit/echosign-cla.html',
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/static"]
}
}
diff --git a/modules/jenkins_master/manifests/init.pp b/modules/jenkins_master/manifests/init.pp
index c32b1ded14..cdff408daa 100644
--- a/modules/jenkins_master/manifests/init.pp
+++ b/modules/jenkins_master/manifests/init.pp
@@ -1,4 +1,4 @@
-class jenkins_master {
+class jenkins_master($site, $serveradmin) {
#This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
apt::key { "D50582E6":
@@ -21,7 +21,7 @@ class jenkins_master {
group => 'root',
mode => 444,
ensure => 'present',
- source => "puppet:///modules/jenkins_master/apache.conf",
+ content => template("jenkins_master/apache.conf.erb"),
replace => 'true',
require => Package['apache2'],
}
diff --git a/modules/jenkins_master/files/apache.conf b/modules/jenkins_master/templates/apache.conf.erb
similarity index 74%
rename from modules/jenkins_master/files/apache.conf
rename to modules/jenkins_master/templates/apache.conf.erb
index d2b6c32de9..1638942d68 100644
--- a/modules/jenkins_master/files/apache.conf
+++ b/modules/jenkins_master/templates/apache.conf.erb
@@ -1,5 +1,5 @@
- ServerAdmin webmaster@openstack.org
+ ServerAdmin <%= serveradmin %>
ErrorLog ${APACHE_LOG_DIR}/jenkins-error.log
@@ -9,12 +9,12 @@
CustomLog ${APACHE_LOG_DIR}/jenkins-access.log combined
- Redirect / https://jenkins.openstack.org/
+ Redirect / https://<%= site %>/
- ServerAdmin webmaster@openstack.org
+ ServerAdmin <%= serveradmin %>
ErrorLog ${APACHE_LOG_DIR}/jenkins-ssl-error.log
@@ -28,8 +28,8 @@
# Enable/Disable SSL for this virtual host.
SSLEngine on
- SSLCertificateFile /etc/ssl/certs/jenkins.openstack.org.pem
- SSLCertificateKeyFile /etc/ssl/private/jenkins.openstack.org.key
+ SSLCertificateFile /etc/ssl/certs/<%= site %>.pem
+ SSLCertificateKeyFile /etc/ssl/private/<%= site %>.key
SSLCertificateChainFile /etc/ssl/certs/intermediate.pem
BrowserMatch "MSIE [2-6]" \
@@ -39,8 +39,8 @@
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
- RewriteCond %{HTTP_HOST} !jenkins.openstack.org
- RewriteRule ^.*$ https://jenkins.openstack.org/
+ RewriteCond %{HTTP_HOST} !<%= site %>
+ RewriteRule ^.*$ https://<%= site %>/
ProxyPass / http://127.0.0.1:8080/ retry=0
ProxyPassReverse / http://127.0.0.1:8080/
diff --git a/modules/jenkins_slave/manifests/init.pp b/modules/jenkins_slave/manifests/init.pp
index 03c228c2e4..b4d02a715c 100644
--- a/modules/jenkins_slave/manifests/init.pp
+++ b/modules/jenkins_slave/manifests/init.pp
@@ -1,7 +1,8 @@
-class jenkins_slave {
+class jenkins_slave($ssh_key) {
jenkinsuser { "jenkins":
ensure => present,
+ ssh_key => "${ssh_key}"
}
slavecirepo { "openstack-ci":
diff --git a/modules/jenkins_slave/manifests/jenkinsuser.pp b/modules/jenkins_slave/manifests/jenkinsuser.pp
index fd599db8eb..6004de9d86 100644
--- a/modules/jenkins_slave/manifests/jenkinsuser.pp
+++ b/modules/jenkins_slave/manifests/jenkinsuser.pp
@@ -1,4 +1,4 @@
-define jenkinsuser($ensure = present) {
+define jenkinsuser($ensure = present, $ssh_key) {
group { 'jenkins':
ensure => 'present'
@@ -36,7 +36,7 @@ define jenkinsuser($ensure = present) {
owner => 'jenkins',
group => 'jenkins',
mode => 640,
- content => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson",
+ content => "${ssh_key}",
ensure => 'present',
require => File['jenkinssshdir'],
}