opendev/system-config
Code Issues Proposed changes

Rework all of the slaves for virtualenv.

Browse Source 
Includes:
  Fixing jenkins sudoers from jeblair
  Removing tarmac depend from jeblair
  Remove wheel group from jeblair

Change-Id: I86ec23f7aeafc31cc70b0f3a648739bb7316fc61
This commit is contained in:
Monty Taylor 2011-10-11 15:56:11 -07:00
parent 37ffe84997
commit b47dbcdef0
17 changed files with 63 additions and 700 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
manifests/site.pp
View File

@ -8,6 +8,7 @@ class openstack_base {
include ssh
include snmpd
include exim
include sudoers
class { 'iptables':
public_tcp_ports => $iptables_public_tcp_ports,
@ -30,6 +31,7 @@ class openstack_base {
"bzr",
"git",
"python-setuptools",
"python-virtualenv",
"byobu"]
package { $packages: ensure => "latest" }
@ -47,15 +49,13 @@ class openstack_server {
User::Virtual::Localuser["corvus"],
User::Virtual::Localuser["soren"],
)
}
class openstack_jenkins_slave {
include openstack_base
include openstack_server
include jenkins_slave
apt::ppa { "ppa:nova-core/trunk":
ensure => present
}
}
#
@ -149,160 +149,10 @@ node "docs.openstack.org" {
#
# Jenkins slaves:
#
node /^burrow-java(-\d+)?\.slave\.openstack\.org$/ {
node /^.*\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
package { "maven2":
ensure => latest
}
}
node /^burrow(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
package { "python-eventlet":
ensure => latest
}
}
node /^libburrow(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
$slave_packages = ["build-essential",
"libcurl4-gnutls-dev",
"libtool",
"autoconf",
"automake"]
package { $slave_packages: ensure => "latest" }
}
node /^dashboard(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
package { "python-virtualenv":
ensure => present
}
}
node /^glance(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
apt::ppa { "ppa:glance-core/trunk":
ensure => present
}
apt::builddep { "glance":
ensure => present,
require => Apt::Ppa["ppa:glance-core/trunk"]
}
$slave_packages = ["python-argparse",
"python-decorator",
"python-eventlet",
"python-formencode",
"python-greenlet",
"python-migrate",
"python-mox",
"python-netifaces",
"python-openid",
"python-openssl",
"python-paste",
"python-pastedeploy",
"python-pastescript",
"python-routes",
"python-scgi",
"python-sqlalchemy",
"python-sqlalchemy-ext",
"python-swift",
"python-tempita",
"python-webob",
"python-xattr"]
package { $slave_packages: ensure => "latest" }
}
node /^keystone(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
apt::ppa { "ppa:keystone-core/trunk":
ensure => present
}
apt::ppa { "ppa:swift-core/trunk":
ensure => present
}
apt::builddep { "keystone":
ensure => present,
require => [Apt::Ppa["ppa:keystone-core/trunk"],
Apt::Ppa["ppa:nova-core/trunk"],
Apt::Ppa["ppa:swift-core/trunk"]]
}
}
node /^quantum(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
$slave_packages = ["python-eventlet",
"python-paste",
"python-routes",
"python-sqlalchemy",
"python-gflags",
"python-cheetah",
"python-webtest",
"python-webob"]
package { $slave_packages:
ensure => "latest",
require => Apt::Ppa["ppa:nova-core/trunk"]
}
}
node /^manuals(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
package { "maven2":
ensure => latest
}
}
node /^nova(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
apt::builddep { "nova":
ensure => present,
require => Apt::Ppa["ppa:nova-core/trunk"]
}
}
node /^openstack-ci(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
}
node /^swift(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
apt::ppa { "ppa:swift-core/trunk":
ensure => present
}
apt::builddep { "swift":
ensure => present,
require => Apt::Ppa["ppa:swift-core/trunk"]
}
}
node /^driver(\d+)\.1918\.openstack\.org$/ {
include openstack_jenkins_slave
}
node /^debuild(-\d+)?\.slave\.openstack\.org$/ {
include openstack_jenkins_slave
include cowbuilder
class { "reprepro": }
}
node /^packages\.openstack\.org$/ {
include openstack_jenkins_slave
class { "apt_server": }
}

6
modules/apt_server/files/packages
View File

@ -1,6 +0,0 @@
server {
listen 80;
server_name packages.openstack.org;
root /srv/packages;
autoindex on;
}

45
modules/apt_server/manifests/init.pp
View File

@ -1,45 +0,0 @@
class apt_server {
package { "nginx": ensure => "latest" }
file { "/etc/nginx/sites-available/default":
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => "puppet:///modules/apt_server/packages",
replace => 'true',
require => Package[nginx],
}
file { "/etc/nginx/sites-enabled/default":
ensure => link,
target => "/etc/nginx/sites-available/default",
require => Package[nginx],
}
file { "/srv":
owner => 'root',
group => 'root',
mode => 555,
ensure => directory,
}
file {"/srv/packages":
owner => 'jenkins',
group => 'jenkins',
mode => 755,
ensure => directory,
require => File["/srv"],
}
service { 'nginx':
name => 'nginx',
ensure => running,
enable => true,
hasrestart => true,
require => Package['nginx'],
subscribe => File['/etc/nginx/sites-available/default'],
}
}

36
modules/cowbuilder/files/E01-enable-repos
View File

@ -1,36 +0,0 @@
#!/bin/sh
set -e
apt-get -y install --force-yes lsb-release
release=`lsb_release --codename -s`
if test `lsb_release --id --short` = "Ubuntu"
then
apt-get -y install --force-yes python-software-properties
cat > "/etc/apt/sources.list.d/extras.list" << EOF
deb http://security.ubuntu.com/ubuntu $release-security main universe
deb-src http://security.ubuntu.com/ubuntu $release-security main universe
deb http://us.archive.ubuntu.com/ubuntu/ $release-updates main universe
deb-src http://us.archive.ubuntu.com/ubuntu/ $release-updates main universe
deb http://packages.openstack.org/trunk $release main
deb-src http://packages.openstack.org/trunk $release main
EOF
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 32EE128C
rm -rf /etc/apt/sources.list.d/nova-core*
else
# Have I mentioned our lack of debian is a bit assy? Let's hope Maverick
# works for now
cat > "/etc/apt/sources.list.d/extras.list" << EOF
deb http://packages.openstack.org/trunk $release main
deb-src http://packages.openstack.org/trunk $release main
EOF
rm -rf /etc/apt/sources.list.d/nova.list
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 32EE128C
fi
apt-get update

78
modules/cowbuilder/manifests/cow.pp
View File

@ -1,78 +0,0 @@
define cowbuilder::cow($distro = ubuntu) {
$has_cow = "/usr/bin/test -d /var/cache/pbuilder/base-$name.cow"
$has_cow_32 = "/usr/bin/test -d /var/cache/pbuilder/base-$name-i386.cow"
case $bits {
32: {
$env = ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"]
}
64: {
$env = ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"]
}
}
case $distro {
ubuntu: {
exec { "Add base cow for $name":
environment => ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"],
command => "git-pbuilder create --distribution $name --components 'main universe' --hookdir /var/cache/pbuilder/hook.d/ --mirror='http://us.archive.ubuntu.com/ubuntu/'",
path => "/usr/sbin:/usr/bin:/sbin:/bin",
user => root,
group => root,
timeout => 0,
logoutput => on_failure,
unless => "$has_cow",
}
exec { "Add 32-bit base cow for $name":
environment => ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"],
command => "linux32 git-pbuilder create --distribution $name --components 'main universe' --hookdir /var/cache/pbuilder/hook.d/ --mirror='http://us.archive.ubuntu.com/ubuntu/'",
path => "/usr/sbin:/usr/bin:/sbin:/bin",
user => root,
group => root,
timeout => 0,
logoutput => on_failure,
unless => "$has_cow_32",
}
}
debian: {
exec { "Add base cow for $name":
environment => ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"],
command => "git-pbuilder create --distribution $name --mirror ftp://ftp.us.debian.org/debian/ --debootstrapopts '--keyring=/usr/share/keyrings/debian-archive-keyring.gpg' --hookdir /var/cache/pbuilder/hook.d/",
path => "/usr/sbin:/usr/bin:/sbin:/bin",
user => root,
group => root,
timeout => 0,
logoutput => on_failure,
unless => "$has_cow",
}
exec { "Add 32-bit base cow for $name":
environment => ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"],
command => "linux32 git-pbuilder create --distribution $name --mirror ftp://ftp.us.debian.org/debian/ --debootstrapopts '--keyring=/usr/share/keyrings/debian-archive-keyring.gpg' --hookdir /var/cache/pbuilder/hook.d/",
path => "/usr/sbin:/usr/bin:/sbin:/bin",
user => root,
group => root,
timeout => 0,
logoutput => on_failure,
unless => "$has_cow_32",
}
}
}
exec { "Update base cow for $name":
environment => ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"],
command => "git-pbuilder update --hookdir /var/cache/pbuilder/hook.d/",
path => "/usr/sbin:/usr/bin:/sbin:/bin",
user => root,
group => root,
logoutput => on_failure,
onlyif => "$has_cow",
}
exec { "Update 32-bit base cow for $name":
environment => ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"],
command => "linux32 git-pbuilder update --hookdir /var/cache/pbuilder/hook.d/",
path => "/usr/sbin:/usr/bin:/sbin:/bin",
user => root,
group => root,
logoutput => on_failure,
onlyif => "$has_cow_32",
}
}

11
modules/cowbuilder/manifests/debgpg.pp
View File

@ -1,11 +0,0 @@
define cowbuilder::debgpg {
exec { "Add gpg public key $name":
command => "gpg --keyserver keys.gnupg.net --recv-key $name",
path => "/usr/sbin:/usr/bin:/sbin:/bin",
user => root,
group => root,
logoutput => on_failure,
unless => "/usr/bin/gpg --list-keys $name >/dev/null 2>&1",
}
}

57
modules/cowbuilder/manifests/init.pp
View File

@ -1,57 +0,0 @@
class cowbuilder {
$slave_packages = ["git-buildpackage",
"pbuilder",
"cowbuilder",
"linux32",
"debian-archive-keyring"]
$ubuntu_releases = [ "lucid",
"maverick",
"natty",
"oneiric" ]
$debian_releases = [ "wheezy",
"squeeze" ]
package { $slave_packages:
ensure => "latest"
}
file { 'cowhookdir':
name => '/var/cache/pbuilder/hook.d',
ensure => 'directory',
mode => 755,
require => Package['pbuilder'],
}
file { 'cowhook':
name => '/var/cache/pbuilder/hook.d/E01-enable-repos',
owner => 'root',
group => 'root',
mode => 755,
ensure => 'present',
source => "puppet:///modules/cowbuilder/E01-enable-repos",
replace => 'true',
require => File[cowhookdir]
}
cowbuilder::debgpg { 'AED4B06F473041FA': }
cowbuilder::cow { $ubuntu_releases:
distro => 'ubuntu',
require => [ Package[debian-archive-keyring],
Package[linux32],
File[cowhook]
],
}
cowbuilder::cow { $debian_releases:
distro => 'debian',
require => [ Package[debian-archive-keyring],
Package[linux32],
File[cowhook],
Cowbuilder::Debgpg[AED4B06F473041FA],
],
}
}

32
modules/jenkins_slave/files/tarmac.conf
View File

@ -1,32 +0,0 @@
[Tarmac]
rejected_branch_status = Work in progress
[lp:nova]
verify_command=/home/jenkins/openstack-ci/test_nova.sh
[lp:~hudson-openstack/nova/milestone-proposed]
verify_command=/home/jenkins/openstack-ci/test_nova.sh
[lp:openstack-dashboard]
verify_command=bash run_tests.sh
[lp:glance]
verify_command=python setup.py test
[lp:~hudson-openstack/glance/milestone-proposed]
verify_command=python setup.py test
[lp:swift]
verify_command=python setup.py test
[lp:swift/1.1]
verify_command=python setup.py test
[lp:swift/1.2]
verify_command=python setup.py test
[lp:~hudson-openstack/swift/milestone-proposed]
verify_command=python setup.py test
[lp:burrow]
verify_command=python setup.py test

114
modules/jenkins_slave/manifests/init.pp
View File

@ -1,22 +1,68 @@
class jenkins_slave {
jenkinsuser { "jenkins":
ensure => present
ensure => present,
}
slavecirepo { "openstack-ci":
ensure => present,
require => [ Package[git], Jenkinsuser[jenkins] ]
require => [ Package[git], Jenkinsuser[jenkins] ],
}
apt::ppa { "ppa:tarmac/ppa":
ensure => present,
apt::ppa { "ppa:openstack-ci/build-depends":
ensure => present
}
$packages = ["apache2",
"autoconf",
"automake",
"cdbs",
"curl",
"build-essential",
"devscripts",
"dnsmasq-base",
"ebtables",
"gawk",
"graphviz",
"kpartx",
"kvm",
"iptables",
"libapache2-mod-wsgi",
"libcurl4-gnutls-dev",
"libldap2-dev",
"libsasl2-dev",
"libtool",
"libvirt-bin",
"libxml2-dev",
"libxslt1-dev",
"maven2",
"openjdk-6-jre",
"pep8",
"psmisc",
"pylint",
"python-libvirt",
"python-pip",
"python-all-dev",
"python-sphinx",
"python-unittest2",
"python3-all-dev",
"screen",
"socat",
"sqlite3",
"swig",
"unzip",
"vlan",
"wget"]
package { $packages:
ensure => "latest",
require => Apt::Ppa["ppa:openstack-ci/build-depends"],
}
cron { "updateci":
user => jenkins,
minute => "*/15",
command => "cd /home/jenkins/openstack-ci && /usr/bin/git pull -q origin master"
command => "cd /home/jenkins/openstack-ci && /usr/bin/git pull -q origin master",
require => [ Jenkinsuser[jenkins] ],
}
file { 'aptsources':
@ -41,62 +87,4 @@ class jenkins_slave {
],
}
package { "openjdk-6-jre":
ensure => latest
}
package { "cdbs":
ensure => latest
}
package { "devscripts":
ensure => latest
}
package { "python-sphinx":
ensure => latest
}
package { "graphviz":
ensure => latest
}
package { "pep8":
ensure => latest
}
package { "pylint":
ensure => latest
}
package { "python-dev":
ensure => latest
}
package { "tarmac":
ensure => latest,
require => Apt::Ppa["ppa:tarmac/ppa"]
}
package { "python-pip":
ensure => latest,
require => Package[python-dev]
}
package { "python-coverage":
ensure => latest,
require => [Apt::Ppa["ppa:nova-core/trunk"],
Package[python-nose]]
}
package { "python-nose":
ensure => latest,
require => Apt::Ppa["ppa:nova-core/trunk"],
}
package { "python-nosexcover":
ensure => latest,
require => [Apt::Ppa["ppa:nova-core/trunk"],
Package[python-coverage]]
}
}

34
modules/jenkins_slave/manifests/jenkinsuser.pp
View File

@ -10,7 +10,6 @@ define jenkinsuser($ensure = present) {
home => '/home/jenkins',
gid => 'jenkins',
shell => '/bin/bash',
groups => ['wheel','sudo'],
membership => 'minimum',
}
@ -171,37 +170,4 @@ define jenkinsuser($ensure = present) {
require => File['jenkinshome'],
}
file { 'jenkinsconftarmacdir':
name => '/home/jenkins/.config/tarmac',
owner => 'jenkins',
group => 'jenkins',
mode => 755,
ensure => 'directory',
require => File['jenkinsconfigdir'],
}
file { 'jenkinstarmacconf':
name => '/home/jenkins/.config/tarmac/tarmac.conf',
owner => 'jenkins',
group => 'jenkins',
mode => 644,
ensure => 'present',
require => File['jenkinsconftarmacdir'],
source => [
"puppet:///modules/jenkins_slave/tarmac.conf",
],
}
file { 'jenkinstarmaccredentials':
name => '/home/jenkins/.config/tarmac/credentials',
owner => 'jenkins',
group => 'jenkins',
mode => 640,
ensure => 'present',
require => File['jenkinsconftarmacdir'],
source => [
"puppet:///modules/jenkins_slave/slave_tarmac_key",
],
}
}

48
modules/reprepro/files/distributions
View File

@ -1,48 +0,0 @@
Origin: OpenStack
Label: OpenStack
Codename: lucid
Architectures: i386 amd64 source
Components: main
Description: OpenStack APT Repository
SignWith: yes
Origin: OpenStack
Label: OpenStack
Codename: maverick
Architectures: i386 amd64 source
Components: main
Description: OpenStack APT Repository
SignWith: yes
Origin: OpenStack
Label: OpenStack
Codename: natty
Architectures: i386 amd64 source
Components: main
Description: OpenStack APT Repository
SignWith: yes
Origin: OpenStack
Label: OpenStack
Codename: oneiric
Architectures: i386 amd64 source
Components: main
Description: OpenStack APT Repository
SignWith: yes
Origin: OpenStack
Label: OpenStack
Codename: wheezy
Architectures: i386 amd64 source
Components: main
Description: OpenStack APT Repository
SignWith: yes
Origin: OpenStack
Label: OpenStack
Codename: squeeze
Architectures: i386 amd64 source
Components: main
Description: OpenStack APT Repository
SignWith: yes

68
modules/reprepro/manifests/init.pp
View File

@ -1,68 +0,0 @@
class reprepro {
package { "reprepro": ensure => "latest" }
file { "/srv":
owner => 'root',
group => 'root',
mode => 555,
ensure => directory,
}
file {"/srv/packages":
owner => 'root',
group => 'root',
mode => 555,
ensure => directory,
require => File["/srv"],
}
file {"/srv/packages/trunk":
owner => 'jenkins',
group => 'jenkins',
mode => 755,
ensure => directory,
require => [File["/srv/packages"], User[jenkins]]
}
file {"/srv/packages/trunk/conf":
owner => 'root',
group => 'root',
mode => 555,
ensure => directory,
require => File["/srv/packages/trunk"],
}
file {"/srv/packages/trunk/conf/distributions":
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => "puppet:///modules/reprepro/distributions",
}
file {"/srv/packages/diablo":
owner => 'jenkins',
group => 'jenkins',
mode => 755,
ensure => directory,
require => [File["/srv/packages"], User[jenkins]]
}
file {"/srv/packages/diablo/conf":
owner => 'root',
group => 'root',
mode => 555,
ensure => directory,
require => File["/srv/packages/diablo"],
}
file {"/srv/packages/diablo/conf/distributions":
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => "puppet:///modules/reprepro/distributions",
}
}

9
modules/sudoers/files/sudoers
View File

@ -12,13 +12,14 @@ Defaults env_reset
# User alias specification
# Cmnd alias specification
#drizzle ALL = NOPASSWD: /usr/bin/pbuilder
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow members of group sudo to not need a password
# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%wheel ALL=NOPASSWD: ALL
%sudo ALL=(ALL) NOPASSWD: ALL
#
#includedir /etc/sudoers.d

25
modules/sudoers/files/sudoers.Darwin
View File

@ -1,25 +0,0 @@
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%admin ALL=(ALL) NOPASSWD: ALL
#
#includedir /etc/sudoers.d

25
modules/sudoers/files/sudoers.Ubuntu
View File

@ -1,25 +0,0 @@
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) NOPASSWD: ALL
#
#includedir /etc/sudoers.d

13
modules/sudoers/manifests/init.pp
View File

@ -1,7 +1,4 @@
class sudoers {
group { 'wheel':
ensure => 'present'
}
group { 'sudo':
ensure => 'present'
}
@ -14,15 +11,7 @@ class sudoers {
group => 'root',
mode => 440,
ensure => 'present',
source => [
"puppet:///modules/sudoers/sudoers.$operatingsystem",
"puppet:///modules/sudoers/sudoers"
],
source => "puppet:///modules/sudoers/sudoers",
replace => 'true',
}
file { '/etc/alternatives/editor':
ensure => link,
target => "/usr/bin/vim.basic",
}
}

2
modules/user/manifests/virtual.pp
View File

@ -10,7 +10,7 @@ class user::virtual {
home => "/home/$title",
shell => $shell,
gid => $title,
groups => ['wheel','sudo','admin'],
groups => ['sudo','admin'],
membership => 'minimum',
managehome => true, # creates the home directory (does not actually manage it)
require => Group[$title],