From b085abb41b57659b2ca8b4a61b3047560036e5e9 Mon Sep 17 00:00:00 2001 From: David Boucha Date: Mon, 9 Sep 2013 14:42:58 -0600 Subject: [PATCH] Give Jenkins the ability to trigger puppet runs * modules/openstack_project/files/salt-trigger.sudoers: Allow the jenkins user to send messages to the salt master. * modules/openstack_project/manifests/salt_trigger_slave.pp: Add the sudoers inclusion above to the salt-trigger slave. * modules/salt/manifests/master.pp: Change ownership on the existing salt configuration directory on the master to belong to the salt user, and add the file structure for the new reactor components. * modules/salt/templates/master.erb: Add reactor configuration to run tests.sls when receiving a trigger named jenkins. * modules/salt/templates/tests.reactor.erb: Define a puppet command which will be run on all minions. Change-Id: I346bb28e5b4d53618855a28f616f7c5ed0e60dc7 --- .../files/salt-trigger.sudoers | 2 ++ .../manifests/salt_trigger_slave.pp | 9 ++++++ modules/salt/manifests/master.pp | 28 +++++++++++++++++-- modules/salt/templates/master.erb | 7 +++++ modules/salt/templates/tests.reactor.erb | 3 ++ 5 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 modules/openstack_project/files/salt-trigger.sudoers create mode 100644 modules/salt/templates/tests.reactor.erb diff --git a/modules/openstack_project/files/salt-trigger.sudoers b/modules/openstack_project/files/salt-trigger.sudoers new file mode 100644 index 0000000000..4fc848aaba --- /dev/null +++ b/modules/openstack_project/files/salt-trigger.sudoers @@ -0,0 +1,2 @@ +# Allow jenkins user to send Salt messages to the Salt Master +jenkins ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master* diff --git a/modules/openstack_project/manifests/salt_trigger_slave.pp b/modules/openstack_project/manifests/salt_trigger_slave.pp index 63e3e1b718..7ee1787d8f 100644 --- a/modules/openstack_project/manifests/salt_trigger_slave.pp +++ b/modules/openstack_project/manifests/salt_trigger_slave.pp @@ -10,4 +10,13 @@ class openstack_project::salt_trigger_slave ( jenkins_ssh_public_key => $jenkins_ssh_public_key, } + file { '/etc/sudoers.d/salt-trigger': + ensure => present, + owner => 'root', + group => 'root', + mode => '0440', + source => 'puppet:///modules/openstack_project/salt-trigger.sudoers', + replace => true, + } + } diff --git a/modules/salt/manifests/master.pp b/modules/salt/manifests/master.pp index 3a4c6b7af2..c6c55bd1be 100644 --- a/modules/salt/manifests/master.pp +++ b/modules/salt/manifests/master.pp @@ -49,14 +49,38 @@ class salt::master { file { '/etc/salt/master': ensure => present, - owner => 'root', - group => 'root', + owner => 'salt', + group => 'salt', mode => '0644', content => template('salt/master.erb'), replace => true, require => Package['salt-master'], } + file { '/srv/reactor': + ensure => directory, + owner => 'salt', + group => 'salt', + mode => '0755', + require => [ + Package['salt-master'], + User['salt'], + ], + } + + file { '/srv/reactor/tests.sls': + ensure => present, + owner => 'salt', + group => 'salt', + mode => '0644', + content => template('salt/tests.reactor.erb'), + replace => true, + require => [ + Package['salt-master'], + File['/srv/reactor'], + ], + } + file { '/etc/salt/pki': ensure => directory, owner => 'salt', diff --git a/modules/salt/templates/master.erb b/modules/salt/templates/master.erb index 30fbfe2658..0a3feb4e84 100644 --- a/modules/salt/templates/master.erb +++ b/modules/salt/templates/master.erb @@ -344,3 +344,10 @@ user: salt # The range server (and optional port) that # serves your cluster information #range_server: range:80 + +##### Salt Reactor settings ##### +######################################### +# Execute tests.sls when 'jenkins' tag found +reactor: + - 'jenkins': + - /srv/reactor/tests.sls diff --git a/modules/salt/templates/tests.reactor.erb b/modules/salt/templates/tests.reactor.erb new file mode 100644 index 0000000000..06ce4a3f74 --- /dev/null +++ b/modules/salt/templates/tests.reactor.erb @@ -0,0 +1,3 @@ +puppet_run: + cmd.puppet.run: + - tgt: '*'