diff --git a/manifests/site.pp b/manifests/site.pp index e018029f5c..773f4e34d3 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -81,97 +81,13 @@ node 'jenkins.openstack.org' { } } -node 'jenkins01.openstack.org' { +node /^jenkins\d+\.openstack\.org$/ { class { 'openstack_project::jenkins': jenkins_jobs_password => hiera('jenkins_jobs_password'), jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins01_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins01_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins01_ssl_chain_file_contents'), - sysadmins => hiera('sysadmins'), - zmq_event_receivers => ['logstash.openstack.org', - 'nodepool.openstack.org', - ], - } -} - -node 'jenkins02.openstack.org' { - class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins02_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins02_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins02_ssl_chain_file_contents'), - sysadmins => hiera('sysadmins'), - zmq_event_receivers => ['logstash.openstack.org', - 'nodepool.openstack.org', - ], - } -} - -node 'jenkins03.openstack.org' { - class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins03_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins03_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins03_ssl_chain_file_contents'), - sysadmins => hiera('sysadmins'), - zmq_event_receivers => ['logstash.openstack.org', - 'nodepool.openstack.org', - ], - } -} - -node 'jenkins04.openstack.org' { - class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins04_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins04_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins04_ssl_chain_file_contents'), - sysadmins => hiera('sysadmins'), - zmq_event_receivers => ['logstash.openstack.org', - 'nodepool.openstack.org', - ], - } -} - -node 'jenkins05.openstack.org' { - class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins05_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins05_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins05_ssl_chain_file_contents'), - sysadmins => hiera('sysadmins'), - zmq_event_receivers => ['logstash.openstack.org', - 'nodepool.openstack.org', - ], - } -} - -node 'jenkins06.openstack.org' { - class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins06_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins06_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins06_ssl_chain_file_contents'), - sysadmins => hiera('sysadmins'), - zmq_event_receivers => ['logstash.openstack.org', - 'nodepool.openstack.org', - ], - } -} - -node 'jenkins07.openstack.org' { - class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), - ssl_cert_file_contents => hiera('jenkins07_ssl_cert_file_contents'), - ssl_key_file_contents => hiera('jenkins07_ssl_key_file_contents'), - ssl_chain_file_contents => hiera('jenkins07_ssl_chain_file_contents'), + ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', + ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', + ssl_chain_file => '', sysadmins => hiera('sysadmins'), zmq_event_receivers => ['logstash.openstack.org', 'nodepool.openstack.org', diff --git a/modules/openstack_project/manifests/jenkins.pp b/modules/openstack_project/manifests/jenkins.pp index a2b6eea120..f5e18921a5 100644 --- a/modules/openstack_project/manifests/jenkins.pp +++ b/modules/openstack_project/manifests/jenkins.pp @@ -5,6 +5,9 @@ class openstack_project::jenkins ( $jenkins_jobs_password = '', $jenkins_jobs_username = 'gerrig', # This is not a typo, well it isn't anymore. $manage_jenkins_jobs = true, + $ssl_cert_file = '', + $ssl_key_file = '', + $ssl_chain_file = '/etc/ssl/certs/intermediate.pem', $ssl_cert_file_contents = '', $ssl_key_file_contents = '', $ssl_chain_file_contents = '', @@ -22,18 +25,27 @@ class openstack_project::jenkins ( sysadmins => $sysadmins, } - if $ssl_chain_file_contents != '' { - $ssl_chain_file = '/etc/ssl/certs/intermediate.pem' - } else { - $ssl_chain_file = '' + # Set defaults here because they evaluate variables which you cannot + # do in the class parameter list. + if $ssl_cert_file == '' { + $prv_ssl_cert_file = "/etc/ssl/certs/${vhost_name}.pem" + } + else { + $prv_ssl_cert_file = $ssl_cert_file + } + if $ssl_key_file == '' { + $prv_ssl_key_file = "/etc/ssl/private/${vhost_name}.key" + } + else { + $prv_ssl_key_file = $ssl_key_file } class { '::jenkins::master': vhost_name => $vhost_name, serveradmin => 'webmaster@openstack.org', logo => 'openstack.png', - ssl_cert_file => "/etc/ssl/certs/${vhost_name}.pem", - ssl_key_file => "/etc/ssl/private/${vhost_name}.key", + ssl_cert_file => $prv_ssl_cert_file, + ssl_key_file => $prv_ssl_key_file, ssl_chain_file => $ssl_chain_file, ssl_cert_file_contents => $ssl_cert_file_contents, ssl_key_file_contents => $ssl_key_file_contents,