Run Zuul using Ansible and Containers

Zuul is publishing lovely container images, so we should
go ahead and start using them.

We can't use containers for zuul-executor because of the
docker->bubblewrap->AFS issue, so install from pip there.

Don't start any of the containers by default, which should
let us safely roll this out and then do a rolling restart.
For things (like web or mergers) where it's safe to do so,
a followup change will swap the flag.

Change-Id: I37dcce3a67477ad3b2c36f2fd3657af18bc25c40
This commit is contained in:
Monty Taylor 2020-04-05 09:25:28 -05:00
parent b0ab2f37c5
commit f0b77485ec
55 changed files with 1698 additions and 610 deletions

View File

@ -1397,6 +1397,39 @@
- playbooks/roles/zuul-preview/
- testinfra/test_zuul_preview.py
- job:
name: system-config-run-zuul
parent: system-config-run
description: |
Run the playbook for the docker registry.
nodeset:
nodes:
- name: bridge.openstack.org
label: ubuntu-bionic
- name: zk01.opendev.org
label: ubuntu-bionic
- name: zm01.openstack.org
label: ubuntu-xenial
- name: zl01.openstack.org
label: ubuntu-xenial
- name: zuul01.openstack.org
label: ubuntu-xenial
vars:
run_playbooks:
- playbooks/service-letsencrypt.yaml
- playbooks/service-zookeeper.yaml
- playbooks/service-zuul.yaml
files:
- playbooks/install-ansible.yaml
- playbooks/service-zookeeper.yaml
- playbooks/service-zuul.yaml
- playbooks/group_vars/zuul
- playbooks/group_vars/zookeeper.yaml
- playbooks/host_vars/zk\d+
- playbooks/host_vars/zuul01.openstack.org
- playbooks/roles/zookeeper/
- playbooks/roles/zuul
- job:
name: system-config-run-review
parent: system-config-run-containers
@ -2165,6 +2198,7 @@
- name: system-config-build-image-gerrit-2.13
soft: true
- system-config-run-zookeeper
- system-config-run-zuul
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-build-image-jinja-init:
@ -2230,6 +2264,7 @@
- name: system-config-upload-image-gerrit-2.13
soft: true
- system-config-run-zookeeper
- system-config-run-zuul
- system-config-run-zuul-preview
- system-config-run-letsencrypt
- system-config-upload-image-jinja-init:

View File

@ -433,56 +433,3 @@ mosquitto_tls_ca_file: |
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
gearman_client_ssl_cert: |
-----BEGIN CERTIFICATE-----
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBQMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjMw
MjQyWhcNMjcwNjE0MjMwMjQyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5j
bGllbnQxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh3qSWIp
w6kXS4IIPU7fPP2felHCtmZyfgKolYbq1iVafcc/EUHa1onlaM+w7OEHr68y3Qau
SY6ifEsUWCKJlhu+UlHGwVIZliL02+9EAZ1DDs6OtxKa7nOIkWq8P8kRex234QVd
y37+vV+/lDeCbLoGo5P0j51fnqy10afg2xRblmXgqeqaiJAvCmEnG9S9q9+gbisZ
1D2r+JtoTUMZtPY9NomvgdNuwmF5+VeO+CQepRWlA+0ysCFVgVwm++PNXETadHOj
mOSJxiq2u6fysZb7ctHgGuu+Ce3PVwah+kK/PEXADs7SjhJruSmL1ap2izc6kTFW
GSU/wkkPXtbWJwIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFKTyA6hjUY8jNxOEM5zuU7qecogX
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
A4IBAQAiLYckNAx7GQGCSXC92R23o181FiCePuNAgCb4QsaQkA/JopaLrn11R33Y
XO1C5fvsopKvcmEJKX0BJwNy41tz/rNmKXYy4hsPKYMsNgJQtYe98Mp+VHgAmtZ3
U0v49mUJA4YiLs/QmB6bmLknl1XjzJvbLu3gfVSGsquDXN1TcHLZy2fQlD6/D7HF
2Zj44Af4b2xFcZc7J/iErIj8LGHx3alkGAgdXw+SQkgzDeXC/DhrXC1jVJQQQzfU
/4GjbLiPBLb+QIAaBVv+iVVok22DSvMydjI4Zr89NXDWEOZc8oZ7nBf9Sv1+I0xB
6YQoN+t1YSx3G8AxPSZwyGlwhZo0
-----END CERTIFICATE-----
gearman_ssl_ca: |
-----BEGIN CERTIFICATE-----
MIIERzCCAy+gAwIBAgIJAKkAn3gh0LBOMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
MjA3WhcNMjAwNjE1MjA1MjA3WjCBuTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEdMBsGA1UEAwwUenV1bHYzLm9w
ZW5zdGFjay5vcmcxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0
cy5vcGVuc3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
zTnzmZkB/P+C0eHFmPyU8myEmubRVw2vK1aqx0Y7bFMlXAVH6CodI6r4VpS4vGPL
AfBGAmIZJlBuRysZHW3J6GuzhBFyBILHJX9PZkeJyHa3NU4ILDPMXAD/oWQnqlp1
3kYJ3xS1QWhPvaohC+Io3LErXOMp32mhrEmm3BGfWiXbV9STcseeLX6BKPdqBzaT
d8RFkrvsEJTTjwIJLreyrphrtXu/VS9uEMWaHj4/94lLXn8fn3CuUfs48kPDTlaw
vFg2lIGpfOui4s9Vhrafy1nrz1KzKHjhhnF80irrIo3kOkWaKeBuTyy7+MSx7PTi
5RgSoKTKyMbMA6nbCj73KQIDAQABo1AwTjAdBgNVHQ4EFgQUU/wl91c+fyaFktpc
xrw1AgmWad4wHwYDVR0jBBgwFoAUU/wl91c+fyaFktpcxrw1AgmWad4wDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAe/6S1DWRtXwzBgwTCW7FR3IrpZzP
4eN3TUbJy6tvff+iY6+96WV9vyH62NU8oEn5TUqy8r+EiOchbXJq8pvlPAcwdaeC
a9pjJku40oVai0pncqDnF/WOiXNkW71bRs/qQtIuVwKwVm9OyizjWsQtjm4Ycpju
92liz5Q/ZZu+7eIufQYRr7lthgmTLCjqeS4qxiY7Y03ZLZpvEL+KVskkjPzHvzTO
S1Rq0t3ssb4uH78rvXj1Q/C2gVucUBE86P9AckSZtANGlmiKBnO6Lc1xQbsFyfSn
Xbt2g9IiP3nTEapCx/M8/Zl5M+XwK7pbQWdtwGnvGPoeFNV1sVT4iO1dLg==
-----END CERTIFICATE-----

View File

@ -1,50 +0,0 @@
---
# TODO(pabelanger): This can be deleted once we migration to zuulv3.
zuul_sites:
- name: 'tarballs.openstack.org'
host: 'tarballs.openstack.org'
user: 'jenkins'
root: '/srv/static'
- name: 'yaml2ical'
host: 'eavesdrop.openstack.org'
user: 'jenkins'
root: '/srv/yaml2ical'
- name: 'static.openstack.org'
host: 'static.openstack.org'
user: 'jenkins'
root: '/srv/static'
- name: 'afs-docs'
root: '/afs/.openstack.org/docs'
keytab: '/etc/zuul-launcher.keytab'
user: 'service/zuul-launcher'
- name: 'afs-developer-docs'
root: '/afs/.openstack.org/developer-docs'
keytab: '/etc/zuul-launcher.keytab'
user: 'service/zuul-launcher'
zuul_nodes: []
# NOTE(pabelanger): zuulv3 settings
zuul_connections:
- name: 'gerrit'
driver: 'gerrit'
server: 'review.opendev.org'
canonical_hostname: 'opendev.org'
user: 'zuul'
sshkey: '/var/lib/zuul/ssh/id_rsa'
auth_type: 'digest'
- name: 'github'
driver: 'github'
- name: 'googlesource'
driver: 'gerrit'
server: 'gerrit-review.googlesource.com'
canonical_hostname: 'gerrit.googlesource.com'
user: 'git-infra-root.openstack.org'
stream_events: 'false'
auth_type: 'basic'

View File

@ -1,88 +0,0 @@
---
zuul_connections:
- name: 'smtp'
driver: 'smtp'
server: 'localhost'
port: '25'
default_from: 'zuul@zuul.openstack.org'
default_to: 'zuul.reports@zuul.openstack.org'
- name: 'gerrit'
driver: 'gerrit'
server: 'review.opendev.org'
canonical_hostname: 'opendev.org'
user: 'zuul'
sshkey: '/var/lib/zuul/ssh/id_rsa'
gitweb_url_template: 'https://opendev.org/{project.name}/commit/{sha}'
auth_type: 'digest'
- name: 'opendaylight'
driver: 'gerrit'
server: 'git.opendaylight.org'
baseurl: 'git.opendaylight.org/gerrit'
user: 'openstack-zuul'
sshkey: '/var/lib/zuul/ssh/id_rsa'
- name: 'mysql'
driver: 'sql'
- name: 'github'
driver: 'github'
app_key: '/etc/zuul/github.key'
rate_limit_logging: 'false'
- name: 'googlesource'
driver: 'gerrit'
server: 'gerrit-review.googlesource.com'
canonical_hostname: 'gerrit.googlesource.com'
user: 'git-infra-root.openstack.org'
stream_events: 'false'
auth_type: 'basic'
gearman_server_ssl_cert: |
-----BEGIN CERTIFICATE-----
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBPMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
NDAyWhcNMjcwNjE0MjA1NDAyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5z
ZXJ2ZXIxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aMR61f/
LZkP/acuqiCEiSFF4GI1ViNkOSPEq0CP4HfNckeW0///x6vI/uaR4MlF8g8qNFGB
j2FCYRW1gEzS7TLoP3xYs4SMnvXvZRbdxcozOop506quLmlfPDF1o2GzLSQYDNXe
WbpYiNM+EdgBjqLz4G5DdaXMMw2zYP21kbtSxJIvrpqeW/TKBGWDI2bBH81PFb9B
gq1P4XxI/Aw7Ez6hApLV2D6DP7JidQUGOzvGw7LUEZjLEscQU7HH8j1qDvrM2gV4
FRSRrtw8Yr/erBsaNr84guEZQREqiOjr1HvMZK5o1vGb69ArWSk9b8PW+A2uxvfS
ukv7hvNsuCouHQIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFImAuHnbfxpEEZwiiro9KEa8YA+1
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
A4IBAQBTNIVB758W+wBtCMlIRFUPBiR+w+7RRsY8HXME5unvO65PcsfLKQXOr3i/
K2SliyyBliwKY+wtbvQZVltpBiloDqslSMD6veb5YsZDzTZ+x8xP1GEhcB3c6CsN
0RDJ/xUGv2IXgQW8kw+MINILr9iQA6fn9dBN0OqimlchPHtvA9gO7Rv+IV3zZP+Q
yNWoBiZ6H5ANIt6vfcK0BHGDB6GXN9f1gpgsJd3l3vs3t/FgP1qYJiDd5VvcOXxt
uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
1GRv9pIfENRRHOiC57p0RSQZZ/2V
-----END CERTIFICATE-----
zuul_ssl_cert_file_contents: |
-----BEGIN CERTIFICATE-----
MIICzjCCAbagAwIBAgIJAMV1mxY+iSJpMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
BAMMFHp1dWx2My5vcGVuc3RhY2sub3JnMB4XDTE3MDYwMjE5MzUwMloXDTI3MDUz
MTE5MzUwMlowHzEdMBsGA1UEAwwUenV1bHYzLm9wZW5zdGFjay5vcmcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgAf85YVjjBTHYJnIx8VA1VvSAidD
LHp2Yn+7DgUfHXjNdpftTgvWxnzXMFaglNzrNrixGNlkg1sdGDJ+DB/mvptKJUEH
WMfOVI98Eo0dx5w+lcP8XGTg6/SY59+PiqNpCmi+T49axQO2XKNlt+ZJsSVaEhEj
E2OrkZY+A8RFj07TUjSMv/pmo3AxgVjFoWszDT8pj30CTT3lg3eXXJwlqrH/P9IQ
FnwRSt3sR60ahFFJnvHdL1FJl/I0W5nWD6LNEpX7ryaIUIqMhQpQjGDpvG77ntfW
A5zhBVWPC7p2k6OaUD6AjlPMJLZh5YbyGaRN4l2Z4oizBGjoq1Qv9QehAgMBAAGj
DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAOFIxTTiw10jWRKQuRKU
KskncSNj3ZxSjwPTOQs++hLjYYYlKA4LbWwokp7u5rTpJP/NHYLHXIda6l/Ne3JG
+Mby/vu0TKMX2z+0IQx3MZG7b+4NkH4jg40Q+Y879n0jvOfBplHtJB1UmQYk51fs
Hbrb6vvxeLRJ74JZX6t756gZnagzAoLj7DtmTfruUVjD/kRJK8gUCyKMNvN6PH3u
5Ls4WwOME+bFdFcxBJjj1LSKGlZoE22mSVlRqHvVXVfM9XTolvw5PequFhiPXYyj
ESN9QfRuVeKltTl8NdDgwlYjBBUYR5omuX5LLWUSXuvQK/dYM4ahERf3ivbXMjhF
M+Q=
-----END CERTIFICATE-----

View File

@ -156,9 +156,6 @@ groups:
- translate[0-9]*.open*.org
- wiki-dev[0-9]*.openstack.org
- wiki[0-9]*.openstack.org
- ze[0-9]*.open*.org
- zm[0-9]*.open*.org
- zuul[0-9]*.open*.org
puppet4:
- afs[0-9]*.open*.org
- afsdb[0-9]*.open*.org
@ -200,9 +197,6 @@ groups:
- translate-dev[0-9]*.open*.org
- wiki[0-9]*.openstack.org
- wiki-dev[0-9]*.openstack.org
- ze[0-9]*.open*.org
- zm[0-9]*.open*.org
- zuul01.open*.org
refstack:
- refstack*.open*.org
registry:
@ -261,6 +255,10 @@ groups:
- wiki-dev[0-9]*.openstack.org
zookeeper:
- zk[0-9]*.open*.org
zuul:
- ze[0-9]*.open*.org
- zm[0-9]*.open*.org
- zuul[0-9]*.open*.org
zuul-executor:
- ze[0-9]*.open*.org
zuul-merger:
@ -269,3 +267,5 @@ groups:
- zp[0-9]*.open*.org
zuul-scheduler:
- zuul[0-9]*.open*.org
zuul-web:
- zuul[0-9]*.open*.org

View File

@ -497,327 +497,6 @@ node /^nb\d+\.open.*\.org$/ {
}
}
# Node-OS: xenial
node /^ze\d+\.open.*\.org$/ {
$group = "zuul-executor"
$gerrit_server = 'review.opendev.org'
$gerrit_user = 'zuul'
$gerrit_ssh_host_key = hiera('gerrit_ssh_rsa_pubkey_contents')
$gerrit_ssh_private_key = hiera('gerrit_ssh_private_key_contents')
$zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')
$zuul_static_private_key = hiera('jenkins_ssh_private_key_contents')
$git_email = 'zuul@openstack.org'
$git_name = 'OpenStack Zuul'
$revision = 'master'
class { 'openstack_project::server':
afs => true,
}
class { '::project_config':
url => 'https://opendev.org/openstack/project-config',
}
# We use later HWE kernels for better memory managment, requiring an
# updated AFS version which we install from our custom ppa.
include ::apt
apt::ppa { 'ppa:openstack-ci-core/openafs-amd64-hwe': }
package { 'linux-generic-hwe-16.04':
ensure => present,
require => [
Apt::Ppa['ppa:openstack-ci-core/openafs-amd64-hwe'],
Class['apt::update'],
],
}
# Skopeo is required for pushing/pulling from the intermediate
# registry, and is available in the projectatomic ppa.
apt::ppa { 'ppa:projectatomic/ppa': }
package { 'skopeo':
ensure => present,
require => [
Apt::Ppa['ppa:projectatomic/ppa'],
Class['apt::update'],
],
}
# Socat is also required for pushing/pulling images
package { 'socat':
ensure => present,
require => [
Class['apt::update'],
],
}
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
# settings.
class { '::zuul':
gearman_server => 'zuul01.openstack.org',
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
zuul_ssh_private_key => $gerrit_ssh_private_key,
git_email => $git_email,
git_name => $git_name,
worker_private_key_file => '/var/lib/zuul/ssh/nodepool_id_rsa',
revision => $revision,
python_version => 3,
zookeeper_hosts => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',
zuulv3 => true,
connections => hiera('zuul_connections', []),
connection_secrets => hiera('zuul_connection_secrets', []),
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
gearman_ssl_ca => hiera('gearman_ssl_ca'),
#TODO(pabelanger): Add openafs role for zuul-jobs to setup /etc/openafs
# properly. We need to revisting this post Queens PTG.
trusted_ro_paths => ['/etc/openafs', '/etc/ssl/certs', '/var/lib/zuul/ssh'],
trusted_rw_paths => ['/afs'],
untrusted_ro_paths => ['/etc/ssl/certs'],
disk_limit_per_job => 5000, # Megabytes
site_variables_yaml_file => $::project_config::zuul_site_variables_yaml,
require => $::project_config::config_dir,
statsd_host => 'graphite.opendev.org',
}
class { '::zuul::executor': }
# This is used by the log job submission playbook which runs under
# python2
package { 'gear':
ensure => latest,
provider => openstack_pip,
require => Class['pip'],
}
file { '/var/lib/zuul/ssh/nodepool_id_rsa':
owner => 'zuul',
group => 'zuul',
mode => '0400',
require => File['/var/lib/zuul/ssh'],
content => $zuul_ssh_private_key,
}
file { '/var/lib/zuul/ssh/static_id_rsa':
owner => 'zuul',
group => 'zuul',
mode => '0400',
require => File['/var/lib/zuul/ssh'],
content => $zuul_static_private_key,
}
class { '::zuul::known_hosts':
known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",
}
}
# Node-OS: xenial
node /^zuul\d+\.open.*\.org$/ {
$group = "zuul-scheduler"
$gerrit_server = 'review.opendev.org'
$gerrit_user = 'zuul'
$gerrit_ssh_host_key = hiera('gerrit_zuul_user_ssh_key_contents')
$zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')
$zuul_url = "http://zuul.openstack.org/p"
$git_email = 'zuul@openstack.org'
$git_name = 'OpenStack Zuul'
$revision = 'master'
class { 'openstack_project::server': }
class { '::project_config':
url => 'https://opendev.org/openstack/project-config',
}
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
# settings.
class { '::zuul':
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
zuul_ssh_private_key => $zuul_ssh_private_key,
git_email => $git_email,
git_name => $git_name,
revision => $revision,
python_version => 3,
zookeeper_hosts => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',
zookeeper_session_timeout => 40,
zuulv3 => true,
connections => hiera('zuul_connections', []),
connection_secrets => hiera('zuul_connection_secrets', []),
vhost_name => 'zuul.openstack.org',
zuul_status_url => 'http://127.0.0.1:8001/openstack',
zuul_web_url => 'http://127.0.0.1:9000',
zuul_tenant_name => 'openstack',
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
gearman_server_ssl_cert => hiera('gearman_server_ssl_cert'),
gearman_server_ssl_key => hiera('gearman_server_ssl_key'),
gearman_ssl_ca => hiera('gearman_ssl_ca'),
proxy_ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
proxy_ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),
proxy_ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
statsd_host => 'graphite.opendev.org',
status_url => 'https://zuul.openstack.org',
relative_priority => true,
web_root => 'https://zuul.opendev.org',
}
file { "/etc/zuul/github.key":
ensure => present,
owner => 'zuul',
group => 'zuul',
mode => '0600',
content => hiera('zuul_github_app_key'),
require => File['/etc/zuul'],
}
class { '::zuul::scheduler':
layout_dir => $::project_config::zuul_layout_dir,
require => $::project_config::config_dir,
python_version => 3,
use_mysql => true,
}
class { '::zuul::web':
# We manage backups below
enable_status_backups => false,
vhosts => {
'zuul.openstack.org' => {
port => 443,
docroot => '/opt/zuul-web/content',
priority => '50',
ssl => true,
template => 'zuul/zuulv3.vhost.erb',
vhost_name => 'zuul.openstack.org',
},
'zuul.opendev.org' => {
port => 443,
docroot => '/opt/zuul-web/content',
priority => '40',
ssl => true,
template => 'zuul/zuulv3.vhost.erb',
vhost_name => 'zuul.opendev.org',
},
'zuul.openstack.org-http' => {
port => 80,
docroot => '/opt/zuul-web/content',
priority => '50',
ssl => false,
template => 'zuul/zuulv3.vhost.erb',
vhost_name => 'zuul.openstack.org',
},
'zuul.opendev.org-http' => {
port => 80,
docroot => '/opt/zuul-web/content',
priority => '40',
ssl => false,
template => 'zuul/zuulv3.vhost.erb',
vhost_name => 'zuul.opendev.org',
},
},
vhosts_flags => {
'zuul.openstack.org' => {
tenant_name => 'openstack',
ssl => true,
use_le => false,
},
'zuul.opendev.org' => {
tenant_name => '',
ssl => true,
use_le => true,
},
'zuul.openstack.org-http' => {
tenant_name => 'openstack',
ssl => false,
use_le => false,
},
'zuul.opendev.org-http' => {
tenant_name => '',
ssl => false,
use_le => false,
},
},
vhosts_ssl => {
'zuul.openstack.org' => {
ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),
ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
},
},
}
zuul::status_backups { 'openstack-zuul-tenant':
tenant_name => 'openstack',
ssl => true,
status_uri => 'https://zuul.opendev.org/api/tenant/openstack/status',
}
zuul::status_backups { 'kata-zuul-tenant':
tenant_name => 'kata-containers',
ssl => true,
status_uri => 'https://zuul.opendev.org/api/tenant/kata-containers/status',
}
class { '::zuul::fingergw': }
class { '::zuul::known_hosts':
known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",
}
include bup
bup::site { 'rax.ord':
backup_user => 'bup-zuulv3',
backup_server => 'backup01.ord.rax.ci.openstack.org',
}
}
# Node-OS: xenial
node /^zm\d+.open.*\.org$/ {
$group = "zuul-merger"
$gerrit_server = 'review.opendev.org'
$gerrit_user = 'zuul'
$gerrit_ssh_host_key = hiera('gerrit_ssh_rsa_pubkey_contents')
$zuul_ssh_private_key = hiera('zuulv3_ssh_private_key_contents')
$zuul_url = "http://${::fqdn}/p"
$git_email = 'zuul@openstack.org'
$git_name = 'OpenStack Zuul'
$revision = 'master'
class { 'openstack_project::server': }
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
# settings.
class { '::zuul':
gearman_server => 'zuul01.openstack.org',
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
zuul_ssh_private_key => $zuul_ssh_private_key,
git_email => $git_email,
git_name => $git_name,
revision => $revision,
python_version => 3,
zookeeper_hosts => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',
zuulv3 => true,
connections => hiera('zuul_connections', []),
connection_secrets => hiera('zuul_connection_secrets', []),
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
gearman_ssl_ca => hiera('gearman_ssl_ca'),
statsd_host => 'graphite.opendev.org',
}
class { 'openstack_project::zuul_merger':
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
gerrit_ssh_host_key => $gerrit_ssh_host_key,
zuul_ssh_private_key => $zuul_ssh_private_key,
manage_common_zuul => false,
}
}
# Node-OS: xenial
node /^pbx\d*\.open.*\.org$/ {
$group = "pbx"

View File

@ -1,29 +0,0 @@
# == Class: openstack_project::zuul_merger
#
class openstack_project::zuul_merger(
$vhost_name = $::fqdn,
$gearman_server = '127.0.0.1',
$gerrit_server = '',
$gerrit_user = '',
$gerrit_ssh_host_key = '',
$zuul_ssh_private_key = '',
$zuul_url = "http://${::fqdn}/p",
$git_email = 'jenkins@openstack.org',
$git_name = 'OpenStack Jenkins',
$revision = 'master',
$manage_common_zuul = true,
) {
class { 'openstackci::zuul_merger':
vhost_name => $vhost_name,
gearman_server => $gearman_server,
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",
zuul_ssh_private_key => $zuul_ssh_private_key,
zuul_url => $zuul_url,
git_email => $git_email,
git_name => $git_name,
manage_common_zuul => $manage_common_zuul,
revision => $revision,
}
}

View File

@ -1,59 +0,0 @@
# == Class: openstack_project::zuul_prod
#
class openstack_project::zuul_prod(
$vhost_name = $::fqdn,
$gearman_server = '127.0.0.1',
$gerrit_server = '',
$gerrit_user = '',
$gerrit_ssh_host_key = '',
$zuul_ssh_private_key = '',
$url_pattern = '',
$zuul_url = '',
$status_url = 'https://zuul.openstack.org/',
$swift_authurl = '',
$swift_auth_version = '',
$swift_user = '',
$swift_key = '',
$swift_tenant_name = '',
$swift_region_name = '',
$swift_default_container = '',
$swift_default_logserver_prefix = '',
$swift_default_expiry = 7200,
$proxy_ssl_cert_file_contents = '',
$proxy_ssl_key_file_contents = '',
$proxy_ssl_chain_file_contents = '',
$statsd_host = '',
$project_config_repo = '',
$git_email = 'jenkins@openstack.org',
$git_name = 'OpenStack Jenkins',
) {
class { 'openstackci::zuul_scheduler':
vhost_name => $vhost_name,
gearman_server => $gearman_server,
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
gerrit_strip_branch_ref => 1,
known_hosts_content => "review.openstack.org,104.130.159.134,2001:4800:7818:102:be76:4eff:fe05:9b12 ${gerrit_ssh_host_key}",
zuul_ssh_private_key => $zuul_ssh_private_key,
url_pattern => $url_pattern,
zuul_url => $zuul_url,
job_name_in_report => true,
status_url => $status_url,
swift_authurl => $swift_authurl,
swift_auth_version => $swift_auth_version,
swift_user => $swift_user,
swift_key => $swift_key,
swift_tenant_name => $swift_tenant_name,
swift_region_name => $swift_region_name,
swift_default_container => $swift_default_container,
swift_default_logserver_prefix => $swift_default_logserver_prefix,
swift_default_expiry => $swift_default_expiry,
proxy_ssl_cert_file_contents => $proxy_ssl_cert_file_contents,
proxy_ssl_key_file_contents => $proxy_ssl_key_file_contents,
proxy_ssl_chain_file_contents => $proxy_ssl_chain_file_contents,
statsd_host => $statsd_host,
project_config_repo => $project_config_repo,
git_email => $git_email,
git_name => $git_name,
}
}

View File

@ -190,3 +190,5 @@ iptables_snmp_v4_hosts:
iptables_snmp_v6_hosts:
# cacti02.openstack.org
- 2001:4800:7821:105:be76:4eff:fe04:b9a5
gerrit_ssh_rsa_pubkey_contents: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+pCQlTAQYmCrOY6aPbvbyKQDcOCXibPNGIjnPPMuEItCS0vtRnqEBz7znWZS5Drq9yKpROh6uFF01ao2VnNjw6f+NdRNV19RWVe6mYN+qa2VrH2caLwBrKPiH0Xc/eK41D55dZU7IWwKYAw/NpiBaBfHavFwipI+rmEb68MH2hcimDdr/bji+0hkh3X+42dkNvmMdtkuCW6nKdAEhnXaHZc5SJR/EvzgRCfB8vbML13p46O9xhoJgn7ZWvMb3vaR5jxIkQwstUR36raEVhttBDEuWasWnHYbrM1zd3ooudbTEQf5vXISZKFygHyJFFqb4iQ76i+hDlb0VQKZCdaol gerrit-code-review@829f141b0fa5

View File

@ -1,3 +1,22 @@
iptables_extra_public_tcp_ports:
- 79
- 7900
zuul_connections:
- name: 'gerrit'
driver: 'gerrit'
server: 'review.opendev.org'
canonical_hostname: 'opendev.org'
user: 'zuul'
sshkey: '/var/lib/zuul/ssh/id_rsa'
auth_type: 'digest'
- name: 'github'
driver: 'github'
- name: 'googlesource'
driver: 'gerrit'
server: 'gerrit-review.googlesource.com'
canonical_hostname: 'gerrit.googlesource.com'
user: 'git-infra-root.openstack.org'
stream_events: 'false'
auth_type: 'basic'

View File

@ -1,4 +1,3 @@
---
zuul_connections:
- name: 'gerrit'
driver: 'gerrit'

View File

@ -63,4 +63,89 @@ iptables_extra_allowed_hosts:
- protocol: tcp
port: 4730
hostname: zm08.openstack.org
zuul_connections:
- name: 'smtp'
driver: 'smtp'
server: 'localhost'
port: '25'
default_from: 'zuul@zuul.openstack.org'
default_to: 'zuul.reports@zuul.openstack.org'
- name: 'gerrit'
driver: 'gerrit'
server: 'review.opendev.org'
canonical_hostname: 'opendev.org'
user: 'zuul'
sshkey: '/var/lib/zuul/ssh/id_rsa'
gitweb_url_template: 'https://opendev.org/{project.name}/commit/{sha}'
auth_type: 'digest'
- name: 'opendaylight'
driver: 'gerrit'
server: 'git.opendaylight.org'
baseurl: 'git.opendaylight.org/gerrit'
user: 'openstack-zuul'
sshkey: '/var/lib/zuul/ssh/id_rsa'
- name: 'mysql'
driver: 'sql'
- name: 'github'
driver: 'github'
app_key: '/etc/zuul/github.key'
rate_limit_logging: 'false'
- name: 'googlesource'
driver: 'gerrit'
server: 'gerrit-review.googlesource.com'
canonical_hostname: 'gerrit.googlesource.com'
user: 'git-infra-root.openstack.org'
stream_events: 'false'
auth_type: 'basic'
gearman_server_ssl_cert: |
-----BEGIN CERTIFICATE-----
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBPMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
NDAyWhcNMjcwNjE0MjA1NDAyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5z
ZXJ2ZXIxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aMR61f/
LZkP/acuqiCEiSFF4GI1ViNkOSPEq0CP4HfNckeW0///x6vI/uaR4MlF8g8qNFGB
j2FCYRW1gEzS7TLoP3xYs4SMnvXvZRbdxcozOop506quLmlfPDF1o2GzLSQYDNXe
WbpYiNM+EdgBjqLz4G5DdaXMMw2zYP21kbtSxJIvrpqeW/TKBGWDI2bBH81PFb9B
gq1P4XxI/Aw7Ez6hApLV2D6DP7JidQUGOzvGw7LUEZjLEscQU7HH8j1qDvrM2gV4
FRSRrtw8Yr/erBsaNr84guEZQREqiOjr1HvMZK5o1vGb69ArWSk9b8PW+A2uxvfS
ukv7hvNsuCouHQIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFImAuHnbfxpEEZwiiro9KEa8YA+1
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
A4IBAQBTNIVB758W+wBtCMlIRFUPBiR+w+7RRsY8HXME5unvO65PcsfLKQXOr3i/
K2SliyyBliwKY+wtbvQZVltpBiloDqslSMD6veb5YsZDzTZ+x8xP1GEhcB3c6CsN
0RDJ/xUGv2IXgQW8kw+MINILr9iQA6fn9dBN0OqimlchPHtvA9gO7Rv+IV3zZP+Q
yNWoBiZ6H5ANIt6vfcK0BHGDB6GXN9f1gpgsJd3l3vs3t/FgP1qYJiDd5VvcOXxt
uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
1GRv9pIfENRRHOiC57p0RSQZZ/2V
-----END CERTIFICATE-----
zuul_ssl_cert_file_contents: |
-----BEGIN CERTIFICATE-----
MIICzjCCAbagAwIBAgIJAMV1mxY+iSJpMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
BAMMFHp1dWx2My5vcGVuc3RhY2sub3JnMB4XDTE3MDYwMjE5MzUwMloXDTI3MDUz
MTE5MzUwMlowHzEdMBsGA1UEAwwUenV1bHYzLm9wZW5zdGFjay5vcmcwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgAf85YVjjBTHYJnIx8VA1VvSAidD
LHp2Yn+7DgUfHXjNdpftTgvWxnzXMFaglNzrNrixGNlkg1sdGDJ+DB/mvptKJUEH
WMfOVI98Eo0dx5w+lcP8XGTg6/SY59+PiqNpCmi+T49axQO2XKNlt+ZJsSVaEhEj
E2OrkZY+A8RFj07TUjSMv/pmo3AxgVjFoWszDT8pj30CTT3lg3eXXJwlqrH/P9IQ
FnwRSt3sR60ahFFJnvHdL1FJl/I0W5nWD6LNEpX7ryaIUIqMhQpQjGDpvG77ntfW
A5zhBVWPC7p2k6OaUD6AjlPMJLZh5YbyGaRN4l2Z4oizBGjoq1Qv9QehAgMBAAGj
DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAOFIxTTiw10jWRKQuRKU
KskncSNj3ZxSjwPTOQs++hLjYYYlKA4LbWwokp7u5rTpJP/NHYLHXIda6l/Ne3JG
+Mby/vu0TKMX2z+0IQx3MZG7b+4NkH4jg40Q+Y879n0jvOfBplHtJB1UmQYk51fs
Hbrb6vvxeLRJ74JZX6t756gZnagzAoLj7DtmTfruUVjD/kRJK8gUCyKMNvN6PH3u
5Ls4WwOME+bFdFcxBJjj1LSKGlZoE22mSVlRqHvVXVfM9XTolvw5PequFhiPXYyj
ESN9QfRuVeKltTl8NdDgwlYjBBUYR5omuX5LLWUSXuvQK/dYM4ahERf3ivbXMjhF
M+Q=
-----END CERTIFICATE-----

View File

@ -0,0 +1,59 @@
zuul_user_id: 10001
zuul_group_id: 10001
zuul_known_hosts: |
[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 {{ gerrit_ssh_rsa_pubkey_contents }}
[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==
gearman_server: zuul01.openstack.org
gearman_client_ssl_cert: |
-----BEGIN CERTIFICATE-----
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBQMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjMw
MjQyWhcNMjcwNjE0MjMwMjQyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5j
bGllbnQxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh3qSWIp
w6kXS4IIPU7fPP2felHCtmZyfgKolYbq1iVafcc/EUHa1onlaM+w7OEHr68y3Qau
SY6ifEsUWCKJlhu+UlHGwVIZliL02+9EAZ1DDs6OtxKa7nOIkWq8P8kRex234QVd
y37+vV+/lDeCbLoGo5P0j51fnqy10afg2xRblmXgqeqaiJAvCmEnG9S9q9+gbisZ
1D2r+JtoTUMZtPY9NomvgdNuwmF5+VeO+CQepRWlA+0ysCFVgVwm++PNXETadHOj
mOSJxiq2u6fysZb7ctHgGuu+Ce3PVwah+kK/PEXADs7SjhJruSmL1ap2izc6kTFW
GSU/wkkPXtbWJwIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFKTyA6hjUY8jNxOEM5zuU7qecogX
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
A4IBAQAiLYckNAx7GQGCSXC92R23o181FiCePuNAgCb4QsaQkA/JopaLrn11R33Y
XO1C5fvsopKvcmEJKX0BJwNy41tz/rNmKXYy4hsPKYMsNgJQtYe98Mp+VHgAmtZ3
U0v49mUJA4YiLs/QmB6bmLknl1XjzJvbLu3gfVSGsquDXN1TcHLZy2fQlD6/D7HF
2Zj44Af4b2xFcZc7J/iErIj8LGHx3alkGAgdXw+SQkgzDeXC/DhrXC1jVJQQQzfU
/4GjbLiPBLb+QIAaBVv+iVVok22DSvMydjI4Zr89NXDWEOZc8oZ7nBf9Sv1+I0xB
6YQoN+t1YSx3G8AxPSZwyGlwhZo0
-----END CERTIFICATE-----
gearman_ssl_ca: |
-----BEGIN CERTIFICATE-----
MIIERzCCAy+gAwIBAgIJAKkAn3gh0LBOMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
MjA3WhcNMjAwNjE1MjA1MjA3WjCBuTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEdMBsGA1UEAwwUenV1bHYzLm9w
ZW5zdGFjay5vcmcxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0
cy5vcGVuc3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
zTnzmZkB/P+C0eHFmPyU8myEmubRVw2vK1aqx0Y7bFMlXAVH6CodI6r4VpS4vGPL
AfBGAmIZJlBuRysZHW3J6GuzhBFyBILHJX9PZkeJyHa3NU4ILDPMXAD/oWQnqlp1
3kYJ3xS1QWhPvaohC+Io3LErXOMp32mhrEmm3BGfWiXbV9STcseeLX6BKPdqBzaT
d8RFkrvsEJTTjwIJLreyrphrtXu/VS9uEMWaHj4/94lLXn8fn3CuUfs48kPDTlaw
vFg2lIGpfOui4s9Vhrafy1nrz1KzKHjhhnF80irrIo3kOkWaKeBuTyy7+MSx7PTi
5RgSoKTKyMbMA6nbCj73KQIDAQABo1AwTjAdBgNVHQ4EFgQUU/wl91c+fyaFktpc
xrw1AgmWad4wHwYDVR0jBBgwFoAUU/wl91c+fyaFktpcxrw1AgmWad4wDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAe/6S1DWRtXwzBgwTCW7FR3IrpZzP
4eN3TUbJy6tvff+iY6+96WV9vyH62NU8oEn5TUqy8r+EiOchbXJq8pvlPAcwdaeC
a9pjJku40oVai0pncqDnF/WOiXNkW71bRs/qQtIuVwKwVm9OyizjWsQtjm4Ycpju
92liz5Q/ZZu+7eIufQYRr7lthgmTLCjqeS4qxiY7Y03ZLZpvEL+KVskkjPzHvzTO
S1Rq0t3ssb4uH78rvXj1Q/C2gVucUBE86P9AckSZtANGlmiKBnO6Lc1xQbsFyfSn
Xbt2g9IiP3nTEapCx/M8/Zl5M+XwK7pbQWdtwGnvGPoeFNV1sVT4iO1dLg==
-----END CERTIFICATE-----

View File

@ -1,3 +1,5 @@
gearman_server: 127.0.0.1
letsencrypt_certs:
zuul-opendev-main:
- zuul.opendev.org
- zuul.openstack.org

View File

@ -68,8 +68,7 @@ results:
ze01.openstack.org:
- afs-client
- puppet
- puppet4
- zuul
- zuul-executor
zk01.openstack.org:

View File

@ -0,0 +1 @@
Run Zuul Executor

View File

@ -0,0 +1,19 @@
# Version 2 is the latest that is supported by docker-compose in
# Ubuntu Xenial.
version: '2'
services:
executor:
restart: always
image: docker.io/zuul/zuul-executor:latest
network_mode: host
user: zuul
volumes:
- /etc/zuul:/etc/zuul
- /opt/project-config:/opt/project-config
- /afs:/afs
- /home/zuul:/home/zuul
- /var/lib/zuul:/var/lib/zuul
- /var/log/zuul:/var/log/zuul
- /etc/openafs:/etc/openafs
- /etc/ssl/certs:/etc/ssl/certs

View File

@ -0,0 +1,49 @@
[loggers]
keys=root,zuul,gerrit,gear
[handlers]
keys=console,debug,normal
[formatters]
keys=simple
[logger_root]
level=WARNING
handlers=console
[logger_zuul]
level=DEBUG
handlers=debug,normal
qualname=zuul
[logger_gerrit]
level=INFO
handlers=debug,normal
qualname=gerrit
[logger_gear]
level=WARNING
handlers=debug,normal
qualname=gear
[handler_console]
level=WARNING
class=StreamHandler
formatter=simple
args=(sys.stdout,)
[handler_debug]
level=DEBUG
class=logging.handlers.WatchedFileHandler
formatter=simple
args=('/var/log/zuul/executor-debug.log',)
[handler_normal]
level=INFO
class=logging.handlers.WatchedFileHandler
formatter=simple
args=('/var/log/zuul/executor.log',)
[formatter_simple]
format=%(asctime)s %(levelname)s %(name)s: %(message)s
datefmt=

View File

@ -0,0 +1,122 @@
#! /bin/sh
### BEGIN INIT INFO
# Provides: zuul-executor
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Zuul
# Description: Zuul Executor
### END INIT INFO
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
DESC="Zuul Executor"
NAME=zuul-executor
DAEMON=/usr/local/bin/zuul-executor
PIDFILE=/var/run/$NAME/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
USER=zuul
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
PIDFILE_DIR=$(dirname $PIDFILE)
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
# 3 if pid file already exist
if [ ! -d "$PIDFILE_DIR" ] ; then
mkdir -p $PIDFILE_DIR
chown $USER $PIDFILE_DIR
fi
ulimit -n 8192
ulimit -c unlimited
if [ -f $PIDFILE ]; then
return 3
fi
start-stop-daemon \
--start --quiet --pidfile $PIDFILE -c $USER \
--exec $DAEMON --test > /dev/null || return 1
start-stop-daemon \
--start --quiet --pidfile $PIDFILE -c $USER \
--exec $DAEMON -- $DAEMON_ARGS || return 2
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
}
#
# Function that stops the daemon/service
#
do_stop()
{
$DAEMON stop
return 0
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
$DAEMON reconfigure
return 0
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
3) echo "Pidfile at $PIDFILE already exists, run service zuul-executor stop to clean up."
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
reload|force-reload)
#
# If do_reload() is not implemented then leave this commented out
# and leave 'force-reload' as an alias for 'restart'.
#
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg $?
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|force-reload}" >&2
exit 3
;;
esac
:

View File

@ -0,0 +1,122 @@
- name: Install PPAs
apt_repository:
repo: '{{ item }}'
become: yes
loop:
# For bubblewrap
- ppa:openstack-ci-core/bubblewrap
# Temporary PPA needed for bpo-27945 while waiting for SRU to be published
- ppa:openstack-ci-core/python-bpo-27945-backport
# We use later HWE kernels for better memory managment, requiring an
# updated AFS version which we install from our custom ppa.
- ppa:openstack-ci-core/openafs-amd64-hwe
# For skopeo
- ppa:projectatomic/ppa
- name: Install bindep
pip:
name: bindep
state: present
executable: pip3
become: yes
- name: Install extra packages
package:
name: '{{ item }}'
state: present
loop:
- jemalloc1
- bubblewrap
- skopeo
- socat
- name: Clone zuul repo
git:
repo: https://opendev.org/zuul/zuul
dest: /opt/zuul
force: yes
register: zuul_repo
- name: Install zuul bindep packages
shell:
cmd: apt-get install -y $(bindep -b compile)
chdir: /opt/zuul
when: zuul_repo is changed
- name: Install zuul
shell:
cmd: pip install .
chdir: /opt/zuul
when: zuul_repo is changed
- name: Run zuul-manage-ansible
shell:
cmd: zuul-manage-ansible
environment:
ANSIBLE_EXTRA_PACKAGES: gear
when: zuul_repo is changed
- name: Install kubectl
include_role:
name: install-kubectl
# This checks the current installed ara version with pip list and the
# latest version of ara on pypi with pip search and if they are different
# then we know we need to upgrade to reconcile the local version with
# the upstream version.
#
# We do this using this check here rather than a pip package resource so
# that ara's deps don't inadverdently update zuuls deps (specifically
# ansible).
- name: Install ARA safely
shell: |
if test $(pip3 list --format columns | sed -ne 's/^ara\s\+\([.0-9]\+\)\s\+$/\1/p') != $(pip3 search 'ara$' | sed -ne 's/^ara (\(.*\)).*$/\1/p') ; then
pip3 install --upgrade --upgrade-strategy=only-if-needed "ara<1.0.0"
fi
- name: Create Zuul Executor directories
file:
state: directory
path: '{{ item }}'
owner: zuul
group: zuul
loop:
- /var/lib/zuul/builds
- /var/lib/zuul/git
- name: Set up cron job to pack git refs
cron:
name: pack-git-refs
state: present
job: 'find /var/lib/zuul/git/ -maxdepth 3 -type d -name ".git" -exec git --git-dir="{}" pack-refs --all \;'
minute: 7
hour: 4
- name: Install logging config
copy:
src: logging.conf
dest: /etc/zuul/executor-logging.conf
- name: Rotate executor logs
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/zuul/executor.log
- name: Rotate executor debug logs
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/zuul/executor-debug.log
- name: Install init script
copy:
src: zuul-executor.init
dest: /etc/init.d/zuul-executor
mode: 0555
register: install_init_script
- name: Register script with systemd
shell:
cmd: /bin/systemctl daemon-reload
when: install_init_script is changed

View File

@ -0,0 +1 @@
Run zuul merger

View File

@ -0,0 +1 @@
zuul_merger_start: false

View File

@ -0,0 +1,16 @@
# Version 2 is the latest that is supported by docker-compose in
# Ubuntu Xenial.
version: '2'
services:
merger:
restart: always
image: docker.io/zuul/zuul-merger:latest
network_mode: host
user: zuul
volumes:
- /etc/zuul:/etc/zuul
- /opt/project-config:/opt/project-config
- /home/zuul:/home/zuul
- /var/lib/zuul:/var/lib/zuul
- /var/log/zuul:/var/log/zuul

View File

@ -0,0 +1,49 @@
[loggers]
keys=root,zuul,gerrit,gear
[handlers]
keys=console,debug,normal
[formatters]
keys=simple
[logger_root]
level=WARNING
handlers=console
[logger_zuul]
level=DEBUG
handlers=debug,normal
qualname=zuul
[logger_gerrit]
level=INFO
handlers=debug,normal
qualname=gerrit
[logger_gear]
level=WARNING
handlers=debug,normal
qualname=gear
[handler_console]
level=WARNING
class=StreamHandler
formatter=simple
args=(sys.stdout,)
[handler_debug]
level=DEBUG
class=logging.handlers.WatchedFileHandler
formatter=simple
args=('/var/log/zuul/merger-debug.log',)
[handler_normal]
level=INFO
class=logging.handlers.WatchedFileHandler
formatter=simple
args=('/var/log/zuul/merger.log',)
[formatter_simple]
format=%(asctime)s %(levelname)s %(name)s: %(message)s
datefmt=

View File

@ -0,0 +1,52 @@
- name: Create Zuul directories
file:
state: directory
path: '{{ item }}'
owner: zuul
group: zuul
loop:
- /var/lib/zuul/git
- name: Set up cron job to pack git refs
cron:
name: pack-git-refs
state: present
job: 'find /var/lib/zuul/git/ -maxdepth 3 -type d -name ".git" -exec git --git-dir="{}" pack-refs --all \;'
minute: 7
hour: 4
- name: Install logging config
copy:
src: logging.conf
dest: /etc/zuul/merger-logging.conf
- name: Rotate merger logs
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/zuul/merger.log
- name: Rotate merger debug logs
include_role:
name: logrotate
vars:
logrotate_file_name: /var/log/zuul/merger-debug.log
- name: Make docker-compose directory
file:
state: directory
path: /etc/zuul-merger
- name: Install docker-compose file
copy:
src: docker-compose.yaml
dest: /etc/zuul-merger/docker-compose.yaml
- name: Run docker-compose pull
shell:
cmd: docker-compose pull
chdir: /etc/zuul-merger
- name: Start containers
include_tasks: start.yaml
when: zuul_merger_start | bool

View File

@ -0,0 +1,8 @@
- name: Run docker-compose up
shell:
cmd: docker-compose up -d
chdir: /etc/zuul-merger
- name: Run docker prune to cleanup unneeded images
shell:
cmd: docker image prune -f

View File

@ -0,0 +1 @@
Run Zuul Scheduler

View File

@ -0,0 +1,16 @@
# Version 2 is the latest that is supported by docker-compose in
# Ubuntu Xenial.
version: '2'
services:
scheduler:
restart: always
image: docker.io/zuul/zuul-scheduler:latest
network_mode: host
user: zuul
volumes:
- /etc/zuul:/etc/zuul
- /opt/project-config:/opt/project-config
- /home/zuul:/home/zuul
- /var/lib/zuul:/var/lib/zuul
- /var/log/zuul:/var/log/zuul

View File

@ -0,0 +1,33 @@
[loggers]
keys=root,gear
[handlers]
keys=console,normal
[formatters]
keys=simple
[logger_root]
level=WARNING
handlers=console
[logger_gear]
level=DEBUG
handlers=normal
qualname=gear
[handler_console]
level=WARNING
class=StreamHandler
formatter=simple
args=(sys.stdout,)
[handler_normal]
level=WARNING
class=logging.handlers.WatchedFileHandler
formatter=simple
args=('/var/log/zuul/gearman-server.log',)
[formatter_simple]
format=%(asctime)s %(levelname)s %(name)s: %(message)s
datefmt=