Give Jenkins the ability to trigger puppet runs

* modules/openstack_project/files/salt-trigger.sudoers: Allow the jenkins user to send messages to the salt master. * modules/openstack_project/manifests/salt_trigger_slave.pp: Add the sudoers inclusion above to the salt-trigger slave. * modules/salt/manifests/master.pp: Change ownership on the existing salt configuration directory on the master to belong to the salt user, and add the file structure for the new reactor components. * modules/salt/templates/master.erb: Add reactor configuration to run tests.sls when receiving a trigger named jenkins. * modules/salt/templates/tests.reactor.erb: Define a puppet command which will be run on all minions. Change-Id: I346bb28e5b4d53618855a28f616f7c5ed0e60dc7
2013-09-09 14:42:58 -06:00 · 2013-09-09 14:42:58 -06:00 · b085abb41b
parent 5945fb747b
commit b085abb41b
5 changed files with 47 additions and 2 deletions
--- a/modules/openstack_project/files/salt-trigger.sudoers
+++ b/modules/openstack_project/files/salt-trigger.sudoers
@ -0,0 +1,2 @@
+# Allow jenkins user to send Salt messages to the Salt Master
+jenkins  ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master*
--- a/modules/openstack_project/manifests/salt_trigger_slave.pp
+++ b/modules/openstack_project/manifests/salt_trigger_slave.pp
@ -10,4 +10,13 @@ class openstack_project::salt_trigger_slave (
    jenkins_ssh_public_key => $jenkins_ssh_public_key,
  }

+  file { '/etc/sudoers.d/salt-trigger':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0440',
+    source  => 'puppet:///modules/openstack_project/salt-trigger.sudoers',
+    replace => true,
+  }
+
 }
--- a/modules/salt/manifests/master.pp
+++ b/modules/salt/manifests/master.pp
@ -49,14 +49,38 @@ class salt::master {

  file { '/etc/salt/master':
    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
+    owner   => 'salt',
+    group   => 'salt',
    mode    => '0644',
    content => template('salt/master.erb'),
    replace => true,
    require => Package['salt-master'],
  }

+  file { '/srv/reactor':
+    ensure  => directory,
+    owner   => 'salt',
+    group   => 'salt',
+    mode    => '0755',
+    require => [
+      Package['salt-master'],
+      User['salt'],
+    ],
+  }
+
+  file { '/srv/reactor/tests.sls':
+    ensure  => present,
+    owner   => 'salt',
+    group   => 'salt',
+    mode    => '0644',
+    content => template('salt/tests.reactor.erb'),
+    replace => true,
+    require => [
+      Package['salt-master'],
+      File['/srv/reactor'],
+    ],
+  }
+
  file { '/etc/salt/pki':
    ensure  => directory,
    owner   => 'salt',
--- a/modules/salt/templates/master.erb
+++ b/modules/salt/templates/master.erb
@ -344,3 +344,10 @@ user: salt
 # The range server (and optional port) that
 # serves your cluster information
 #range_server: range:80
+
+#####     Salt Reactor settings     #####
+#########################################
+# Execute tests.sls when 'jenkins' tag found
+reactor:
+  - 'jenkins':
+    - /srv/reactor/tests.sls
--- a/modules/salt/templates/tests.reactor.erb
+++ b/modules/salt/templates/tests.reactor.erb
@ -0,0 +1,3 @@
+puppet_run:
+  cmd.puppet.run:
+    - tgt: '*'