Connectivity from workers to gearmand on zuul.

* manifests/site.pp: Pass both jenkins.openstack.org and
jenkins-dev.openstack.org to openstack_project::zuul as the list of
gearman workers for use in iptables rules.

* modules/openstack_project/manifests/jenkins.pp
* modules/openstack_project/manifests/jenkins_dev.pp: Remove unused
4155/tcp from public allowed ports list, previously for a bzr
service which is no longer running on these servers.

* modules/openstack_project/manifests/zuul.pp: Add iptables rules
allowing access from gearman workers to the gearmand, and also
configure gearmand to listen on all addresses including IPv6, as
opposed to its IPv4-only default.

* install_modules.sh: Add puppetlabs-stdlib version 3.2.0 to the list of
puppet dependencies. This is required to pull in the "flatten" function
used in zuul.pp above.

Change-Id: I05d4abc92b3050884a7e9f3c2b6cd9dcc81bfa36
Reviewed-on: https://review.openstack.org/26245
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
This commit is contained in:
Jeremy Stanley 2013-03-28 02:42:05 +00:00 committed by Jenkins
parent d92c5cf90e
commit b9b510ba6a
5 changed files with 18 additions and 6 deletions

View File

@ -29,6 +29,7 @@ MODULES["puppetlabs-apache"]="0.0.4"
MODULES["puppetlabs-apt"]="1.1.0"
MODULES["puppetlabs-mysql"]="0.5.0"
MODULES["puppetlabs-postgresql"]="2.0.1"
MODULES["puppetlabs-stdlib"]="3.2.0"
MODULES["saz-memcached"]="2.0.2"
MODULES["saz-gearman"]="2.0.1"

View File

@ -229,9 +229,16 @@ node 'zuul.openstack.org' {
url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
sysadmins => hiera('sysadmins'),
statsd_host => 'graphite.openstack.org',
gearman_workers => [
'jenkins.openstack.org',
'jenkins-dev.openstack.org',
],
}
# co-host gearman-job-server
include gearman
class { 'gearman':
listen => '::',
}
}
# A bare machine, but with a jenkins user

View File

@ -9,7 +9,7 @@ class openstack_project::jenkins (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155],
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}

View File

@ -4,7 +4,7 @@ class openstack_project::jenkins_dev (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155],
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
include bup

View File

@ -11,14 +11,18 @@ class openstack_project::zuul(
$zuul_ssh_private_key = '',
$url_pattern = '',
$sysadmins = [],
$statsd_host = ''
$statsd_host = '',
$gearman_workers = []
) {
$rules = [ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]
# Turn a list of hostnames into a list of iptables rules
$iptables_rules6 = regsubst ($gearman_workers, '^(.*)$', '-m state --state NEW -m tcp -p tcp --dport 4730 -s \1 -j ACCEPT')
$iptables_rules4 = flatten ([$iptables_rules6,
[ "-m state --state NEW -m tcp -p tcp --dport 8001 -s ${jenkins_host} -j ACCEPT" ]])
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
iptables_rules4 => $rules,
iptables_rules6 => $iptables_rules6,
iptables_rules4 => $iptables_rules4,
sysadmins => $sysadmins,
}