Connectivity from workers to gearmand on zuul.

* manifests/site.pp: Pass both jenkins.openstack.org and jenkins-dev.openstack.org to openstack_project::zuul as the list of gearman workers for use in iptables rules. * modules/openstack_project/manifests/jenkins.pp * modules/openstack_project/manifests/jenkins_dev.pp: Remove unused 4155/tcp from public allowed ports list, previously for a bzr service which is no longer running on these servers. * modules/openstack_project/manifests/zuul.pp: Add iptables rules allowing access from gearman workers to the gearmand, and also configure gearmand to listen on all addresses including IPv6, as opposed to its IPv4-only default. * install_modules.sh: Add puppetlabs-stdlib version 3.2.0 to the list of puppet dependencies. This is required to pull in the "flatten" function used in zuul.pp above. Change-Id: I05d4abc92b3050884a7e9f3c2b6cd9dcc81bfa36 Reviewed-on: https://review.openstack.org/26245 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-28 02:42:05 +00:00 · 2013-03-28 02:42:05 +00:00 · b9b510ba6a
parent d92c5cf90e
commit b9b510ba6a
5 changed files with 18 additions and 6 deletions
--- a/install_modules.sh
+++ b/install_modules.sh
@ -29,6 +29,7 @@ MODULES["puppetlabs-apache"]="0.0.4"
 MODULES["puppetlabs-apt"]="1.1.0"
 MODULES["puppetlabs-mysql"]="0.5.0"
 MODULES["puppetlabs-postgresql"]="2.0.1"
+MODULES["puppetlabs-stdlib"]="3.2.0"
 MODULES["saz-memcached"]="2.0.2"
 MODULES["saz-gearman"]="2.0.1"

--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -229,9 +229,16 @@ node 'zuul.openstack.org' {
    url_pattern          => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
    sysadmins            => hiera('sysadmins'),
    statsd_host          => 'graphite.openstack.org',
+    gearman_workers      => [
+      'jenkins.openstack.org',
+      'jenkins-dev.openstack.org',
+    ],
  }
  # co-host gearman-job-server
  include gearman
+  class { 'gearman':
+    listen => '::',
+  }
 }

 # A bare machine, but with a jenkins user
--- a/modules/openstack_project/manifests/jenkins.pp
+++ b/modules/openstack_project/manifests/jenkins.pp
@ -9,7 +9,7 @@ class openstack_project::jenkins (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 4155],
+    iptables_public_tcp_ports => [80, 443],
    sysadmins                 => $sysadmins,
  }

--- a/modules/openstack_project/manifests/jenkins_dev.pp
+++ b/modules/openstack_project/manifests/jenkins_dev.pp
@ -4,7 +4,7 @@ class openstack_project::jenkins_dev (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 4155],
+    iptables_public_tcp_ports => [80, 443],
    sysadmins                 => $sysadmins,
  }
  include bup
--- a/modules/openstack_project/manifests/zuul.pp
+++ b/modules/openstack_project/manifests/zuul.pp
@ -11,14 +11,18 @@ class openstack_project::zuul(
  $zuul_ssh_private_key = '',
  $url_pattern = '',
  $sysadmins = [],
-  $statsd_host = ''
+  $statsd_host = '',
+  $gearman_workers = []
 ) {
-
-  $rules = [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
+  # Turn a list of hostnames into a list of iptables rules
+  $iptables_rules6 = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
+  $iptables_rules4 = flatten ([$iptables_rules6,
+    [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]])

  class { 'openstack_project::server':
    iptables_public_tcp_ports => [80],
-    iptables_rules4           => $rules,
+    iptables_rules6           => $iptables_rules6,
+    iptables_rules4           => $iptables_rules4,
    sysadmins                 => $sysadmins,
  }