Run Zuul using Ansible and Containers
Zuul is publishing lovely container images, so we should go ahead and start using them. We can't use containers for zuul-executor because of the docker->bubblewrap->AFS issue, so install from pip there. Don't start any of the containers by default, which should let us safely roll this out and then do a rolling restart. For things (like web or mergers) where it's safe to do so, a followup change will swap the flag. Change-Id: I37dcce3a67477ad3b2c36f2fd3657af18bc25c40
This commit is contained in:
parent
b0ab2f37c5
commit
f0b77485ec
35
.zuul.yaml
35
.zuul.yaml
@ -1397,6 +1397,39 @@
|
||||
- playbooks/roles/zuul-preview/
|
||||
- testinfra/test_zuul_preview.py
|
||||
|
||||
- job:
|
||||
name: system-config-run-zuul
|
||||
parent: system-config-run
|
||||
description: |
|
||||
Run the playbook for the docker registry.
|
||||
nodeset:
|
||||
nodes:
|
||||
- name: bridge.openstack.org
|
||||
label: ubuntu-bionic
|
||||
- name: zk01.opendev.org
|
||||
label: ubuntu-bionic
|
||||
- name: zm01.openstack.org
|
||||
label: ubuntu-xenial
|
||||
- name: zl01.openstack.org
|
||||
label: ubuntu-xenial
|
||||
- name: zuul01.openstack.org
|
||||
label: ubuntu-xenial
|
||||
vars:
|
||||
run_playbooks:
|
||||
- playbooks/service-letsencrypt.yaml
|
||||
- playbooks/service-zookeeper.yaml
|
||||
- playbooks/service-zuul.yaml
|
||||
files:
|
||||
- playbooks/install-ansible.yaml
|
||||
- playbooks/service-zookeeper.yaml
|
||||
- playbooks/service-zuul.yaml
|
||||
- playbooks/group_vars/zuul
|
||||
- playbooks/group_vars/zookeeper.yaml
|
||||
- playbooks/host_vars/zk\d+
|
||||
- playbooks/host_vars/zuul01.openstack.org
|
||||
- playbooks/roles/zookeeper/
|
||||
- playbooks/roles/zuul
|
||||
|
||||
- job:
|
||||
name: system-config-run-review
|
||||
parent: system-config-run-containers
|
||||
@ -2165,6 +2198,7 @@
|
||||
- name: system-config-build-image-gerrit-2.13
|
||||
soft: true
|
||||
- system-config-run-zookeeper
|
||||
- system-config-run-zuul
|
||||
- system-config-run-zuul-preview
|
||||
- system-config-run-letsencrypt
|
||||
- system-config-build-image-jinja-init:
|
||||
@ -2230,6 +2264,7 @@
|
||||
- name: system-config-upload-image-gerrit-2.13
|
||||
soft: true
|
||||
- system-config-run-zookeeper
|
||||
- system-config-run-zuul
|
||||
- system-config-run-zuul-preview
|
||||
- system-config-run-letsencrypt
|
||||
- system-config-upload-image-jinja-init:
|
||||
|
@ -433,56 +433,3 @@ mosquitto_tls_ca_file: |
|
||||
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
|
||||
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
|
||||
-----END CERTIFICATE-----
|
||||
gearman_client_ssl_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBQMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjMw
|
||||
MjQyWhcNMjcwNjE0MjMwMjQyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5j
|
||||
bGllbnQxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
|
||||
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh3qSWIp
|
||||
w6kXS4IIPU7fPP2felHCtmZyfgKolYbq1iVafcc/EUHa1onlaM+w7OEHr68y3Qau
|
||||
SY6ifEsUWCKJlhu+UlHGwVIZliL02+9EAZ1DDs6OtxKa7nOIkWq8P8kRex234QVd
|
||||
y37+vV+/lDeCbLoGo5P0j51fnqy10afg2xRblmXgqeqaiJAvCmEnG9S9q9+gbisZ
|
||||
1D2r+JtoTUMZtPY9NomvgdNuwmF5+VeO+CQepRWlA+0ysCFVgVwm++PNXETadHOj
|
||||
mOSJxiq2u6fysZb7ctHgGuu+Ce3PVwah+kK/PEXADs7SjhJruSmL1ap2izc6kTFW
|
||||
GSU/wkkPXtbWJwIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
|
||||
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFKTyA6hjUY8jNxOEM5zuU7qecogX
|
||||
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQAiLYckNAx7GQGCSXC92R23o181FiCePuNAgCb4QsaQkA/JopaLrn11R33Y
|
||||
XO1C5fvsopKvcmEJKX0BJwNy41tz/rNmKXYy4hsPKYMsNgJQtYe98Mp+VHgAmtZ3
|
||||
U0v49mUJA4YiLs/QmB6bmLknl1XjzJvbLu3gfVSGsquDXN1TcHLZy2fQlD6/D7HF
|
||||
2Zj44Af4b2xFcZc7J/iErIj8LGHx3alkGAgdXw+SQkgzDeXC/DhrXC1jVJQQQzfU
|
||||
/4GjbLiPBLb+QIAaBVv+iVVok22DSvMydjI4Zr89NXDWEOZc8oZ7nBf9Sv1+I0xB
|
||||
6YQoN+t1YSx3G8AxPSZwyGlwhZo0
|
||||
-----END CERTIFICATE-----
|
||||
gearman_ssl_ca: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIERzCCAy+gAwIBAgIJAKkAn3gh0LBOMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
|
||||
MjA3WhcNMjAwNjE1MjA1MjA3WjCBuTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEdMBsGA1UEAwwUenV1bHYzLm9w
|
||||
ZW5zdGFjay5vcmcxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0
|
||||
cy5vcGVuc3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
zTnzmZkB/P+C0eHFmPyU8myEmubRVw2vK1aqx0Y7bFMlXAVH6CodI6r4VpS4vGPL
|
||||
AfBGAmIZJlBuRysZHW3J6GuzhBFyBILHJX9PZkeJyHa3NU4ILDPMXAD/oWQnqlp1
|
||||
3kYJ3xS1QWhPvaohC+Io3LErXOMp32mhrEmm3BGfWiXbV9STcseeLX6BKPdqBzaT
|
||||
d8RFkrvsEJTTjwIJLreyrphrtXu/VS9uEMWaHj4/94lLXn8fn3CuUfs48kPDTlaw
|
||||
vFg2lIGpfOui4s9Vhrafy1nrz1KzKHjhhnF80irrIo3kOkWaKeBuTyy7+MSx7PTi
|
||||
5RgSoKTKyMbMA6nbCj73KQIDAQABo1AwTjAdBgNVHQ4EFgQUU/wl91c+fyaFktpc
|
||||
xrw1AgmWad4wHwYDVR0jBBgwFoAUU/wl91c+fyaFktpcxrw1AgmWad4wDAYDVR0T
|
||||
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAe/6S1DWRtXwzBgwTCW7FR3IrpZzP
|
||||
4eN3TUbJy6tvff+iY6+96WV9vyH62NU8oEn5TUqy8r+EiOchbXJq8pvlPAcwdaeC
|
||||
a9pjJku40oVai0pncqDnF/WOiXNkW71bRs/qQtIuVwKwVm9OyizjWsQtjm4Ycpju
|
||||
92liz5Q/ZZu+7eIufQYRr7lthgmTLCjqeS4qxiY7Y03ZLZpvEL+KVskkjPzHvzTO
|
||||
S1Rq0t3ssb4uH78rvXj1Q/C2gVucUBE86P9AckSZtANGlmiKBnO6Lc1xQbsFyfSn
|
||||
Xbt2g9IiP3nTEapCx/M8/Zl5M+XwK7pbQWdtwGnvGPoeFNV1sVT4iO1dLg==
|
||||
-----END CERTIFICATE-----
|
||||
|
@ -1,50 +0,0 @@
|
||||
---
|
||||
# TODO(pabelanger): This can be deleted once we migration to zuulv3.
|
||||
zuul_sites:
|
||||
- name: 'tarballs.openstack.org'
|
||||
host: 'tarballs.openstack.org'
|
||||
user: 'jenkins'
|
||||
root: '/srv/static'
|
||||
|
||||
- name: 'yaml2ical'
|
||||
host: 'eavesdrop.openstack.org'
|
||||
user: 'jenkins'
|
||||
root: '/srv/yaml2ical'
|
||||
|
||||
- name: 'static.openstack.org'
|
||||
host: 'static.openstack.org'
|
||||
user: 'jenkins'
|
||||
root: '/srv/static'
|
||||
|
||||
- name: 'afs-docs'
|
||||
root: '/afs/.openstack.org/docs'
|
||||
keytab: '/etc/zuul-launcher.keytab'
|
||||
user: 'service/zuul-launcher'
|
||||
|
||||
- name: 'afs-developer-docs'
|
||||
root: '/afs/.openstack.org/developer-docs'
|
||||
keytab: '/etc/zuul-launcher.keytab'
|
||||
user: 'service/zuul-launcher'
|
||||
|
||||
zuul_nodes: []
|
||||
|
||||
# NOTE(pabelanger): zuulv3 settings
|
||||
zuul_connections:
|
||||
- name: 'gerrit'
|
||||
driver: 'gerrit'
|
||||
server: 'review.opendev.org'
|
||||
canonical_hostname: 'opendev.org'
|
||||
user: 'zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
auth_type: 'digest'
|
||||
|
||||
- name: 'github'
|
||||
driver: 'github'
|
||||
|
||||
- name: 'googlesource'
|
||||
driver: 'gerrit'
|
||||
server: 'gerrit-review.googlesource.com'
|
||||
canonical_hostname: 'gerrit.googlesource.com'
|
||||
user: 'git-infra-root.openstack.org'
|
||||
stream_events: 'false'
|
||||
auth_type: 'basic'
|
@ -1,88 +0,0 @@
|
||||
---
|
||||
zuul_connections:
|
||||
- name: 'smtp'
|
||||
driver: 'smtp'
|
||||
server: 'localhost'
|
||||
port: '25'
|
||||
default_from: 'zuul@zuul.openstack.org'
|
||||
default_to: 'zuul.reports@zuul.openstack.org'
|
||||
|
||||
- name: 'gerrit'
|
||||
driver: 'gerrit'
|
||||
server: 'review.opendev.org'
|
||||
canonical_hostname: 'opendev.org'
|
||||
user: 'zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
gitweb_url_template: 'https://opendev.org/{project.name}/commit/{sha}'
|
||||
auth_type: 'digest'
|
||||
|
||||
- name: 'opendaylight'
|
||||
driver: 'gerrit'
|
||||
server: 'git.opendaylight.org'
|
||||
baseurl: 'git.opendaylight.org/gerrit'
|
||||
user: 'openstack-zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
|
||||
- name: 'mysql'
|
||||
driver: 'sql'
|
||||
|
||||
- name: 'github'
|
||||
driver: 'github'
|
||||
app_key: '/etc/zuul/github.key'
|
||||
rate_limit_logging: 'false'
|
||||
|
||||
- name: 'googlesource'
|
||||
driver: 'gerrit'
|
||||
server: 'gerrit-review.googlesource.com'
|
||||
canonical_hostname: 'gerrit.googlesource.com'
|
||||
user: 'git-infra-root.openstack.org'
|
||||
stream_events: 'false'
|
||||
auth_type: 'basic'
|
||||
|
||||
gearman_server_ssl_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBPMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
|
||||
NDAyWhcNMjcwNjE0MjA1NDAyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5z
|
||||
ZXJ2ZXIxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
|
||||
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aMR61f/
|
||||
LZkP/acuqiCEiSFF4GI1ViNkOSPEq0CP4HfNckeW0///x6vI/uaR4MlF8g8qNFGB
|
||||
j2FCYRW1gEzS7TLoP3xYs4SMnvXvZRbdxcozOop506quLmlfPDF1o2GzLSQYDNXe
|
||||
WbpYiNM+EdgBjqLz4G5DdaXMMw2zYP21kbtSxJIvrpqeW/TKBGWDI2bBH81PFb9B
|
||||
gq1P4XxI/Aw7Ez6hApLV2D6DP7JidQUGOzvGw7LUEZjLEscQU7HH8j1qDvrM2gV4
|
||||
FRSRrtw8Yr/erBsaNr84guEZQREqiOjr1HvMZK5o1vGb69ArWSk9b8PW+A2uxvfS
|
||||
ukv7hvNsuCouHQIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
|
||||
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFImAuHnbfxpEEZwiiro9KEa8YA+1
|
||||
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQBTNIVB758W+wBtCMlIRFUPBiR+w+7RRsY8HXME5unvO65PcsfLKQXOr3i/
|
||||
K2SliyyBliwKY+wtbvQZVltpBiloDqslSMD6veb5YsZDzTZ+x8xP1GEhcB3c6CsN
|
||||
0RDJ/xUGv2IXgQW8kw+MINILr9iQA6fn9dBN0OqimlchPHtvA9gO7Rv+IV3zZP+Q
|
||||
yNWoBiZ6H5ANIt6vfcK0BHGDB6GXN9f1gpgsJd3l3vs3t/FgP1qYJiDd5VvcOXxt
|
||||
uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
|
||||
1GRv9pIfENRRHOiC57p0RSQZZ/2V
|
||||
-----END CERTIFICATE-----
|
||||
|
||||
zuul_ssl_cert_file_contents: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICzjCCAbagAwIBAgIJAMV1mxY+iSJpMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
|
||||
BAMMFHp1dWx2My5vcGVuc3RhY2sub3JnMB4XDTE3MDYwMjE5MzUwMloXDTI3MDUz
|
||||
MTE5MzUwMlowHzEdMBsGA1UEAwwUenV1bHYzLm9wZW5zdGFjay5vcmcwggEiMA0G
|
||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgAf85YVjjBTHYJnIx8VA1VvSAidD
|
||||
LHp2Yn+7DgUfHXjNdpftTgvWxnzXMFaglNzrNrixGNlkg1sdGDJ+DB/mvptKJUEH
|
||||
WMfOVI98Eo0dx5w+lcP8XGTg6/SY59+PiqNpCmi+T49axQO2XKNlt+ZJsSVaEhEj
|
||||
E2OrkZY+A8RFj07TUjSMv/pmo3AxgVjFoWszDT8pj30CTT3lg3eXXJwlqrH/P9IQ
|
||||
FnwRSt3sR60ahFFJnvHdL1FJl/I0W5nWD6LNEpX7ryaIUIqMhQpQjGDpvG77ntfW
|
||||
A5zhBVWPC7p2k6OaUD6AjlPMJLZh5YbyGaRN4l2Z4oizBGjoq1Qv9QehAgMBAAGj
|
||||
DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAOFIxTTiw10jWRKQuRKU
|
||||
KskncSNj3ZxSjwPTOQs++hLjYYYlKA4LbWwokp7u5rTpJP/NHYLHXIda6l/Ne3JG
|
||||
+Mby/vu0TKMX2z+0IQx3MZG7b+4NkH4jg40Q+Y879n0jvOfBplHtJB1UmQYk51fs
|
||||
Hbrb6vvxeLRJ74JZX6t756gZnagzAoLj7DtmTfruUVjD/kRJK8gUCyKMNvN6PH3u
|
||||
5Ls4WwOME+bFdFcxBJjj1LSKGlZoE22mSVlRqHvVXVfM9XTolvw5PequFhiPXYyj
|
||||
ESN9QfRuVeKltTl8NdDgwlYjBBUYR5omuX5LLWUSXuvQK/dYM4ahERf3ivbXMjhF
|
||||
M+Q=
|
||||
-----END CERTIFICATE-----
|
@ -156,9 +156,6 @@ groups:
|
||||
- translate[0-9]*.open*.org
|
||||
- wiki-dev[0-9]*.openstack.org
|
||||
- wiki[0-9]*.openstack.org
|
||||
- ze[0-9]*.open*.org
|
||||
- zm[0-9]*.open*.org
|
||||
- zuul[0-9]*.open*.org
|
||||
puppet4:
|
||||
- afs[0-9]*.open*.org
|
||||
- afsdb[0-9]*.open*.org
|
||||
@ -200,9 +197,6 @@ groups:
|
||||
- translate-dev[0-9]*.open*.org
|
||||
- wiki[0-9]*.openstack.org
|
||||
- wiki-dev[0-9]*.openstack.org
|
||||
- ze[0-9]*.open*.org
|
||||
- zm[0-9]*.open*.org
|
||||
- zuul01.open*.org
|
||||
refstack:
|
||||
- refstack*.open*.org
|
||||
registry:
|
||||
@ -261,6 +255,10 @@ groups:
|
||||
- wiki-dev[0-9]*.openstack.org
|
||||
zookeeper:
|
||||
- zk[0-9]*.open*.org
|
||||
zuul:
|
||||
- ze[0-9]*.open*.org
|
||||
- zm[0-9]*.open*.org
|
||||
- zuul[0-9]*.open*.org
|
||||
zuul-executor:
|
||||
- ze[0-9]*.open*.org
|
||||
zuul-merger:
|
||||
@ -269,3 +267,5 @@ groups:
|
||||
- zp[0-9]*.open*.org
|
||||
zuul-scheduler:
|
||||
- zuul[0-9]*.open*.org
|
||||
zuul-web:
|
||||
- zuul[0-9]*.open*.org
|
||||
|
@ -497,327 +497,6 @@ node /^nb\d+\.open.*\.org$/ {
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: xenial
|
||||
node /^ze\d+\.open.*\.org$/ {
|
||||
$group = "zuul-executor"
|
||||
|
||||
$gerrit_server = 'review.opendev.org'
|
||||
$gerrit_user = 'zuul'
|
||||
$gerrit_ssh_host_key = hiera('gerrit_ssh_rsa_pubkey_contents')
|
||||
$gerrit_ssh_private_key = hiera('gerrit_ssh_private_key_contents')
|
||||
$zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')
|
||||
$zuul_static_private_key = hiera('jenkins_ssh_private_key_contents')
|
||||
$git_email = 'zuul@openstack.org'
|
||||
$git_name = 'OpenStack Zuul'
|
||||
$revision = 'master'
|
||||
|
||||
class { 'openstack_project::server':
|
||||
afs => true,
|
||||
}
|
||||
|
||||
class { '::project_config':
|
||||
url => 'https://opendev.org/openstack/project-config',
|
||||
}
|
||||
|
||||
# We use later HWE kernels for better memory managment, requiring an
|
||||
# updated AFS version which we install from our custom ppa.
|
||||
include ::apt
|
||||
apt::ppa { 'ppa:openstack-ci-core/openafs-amd64-hwe': }
|
||||
package { 'linux-generic-hwe-16.04':
|
||||
ensure => present,
|
||||
require => [
|
||||
Apt::Ppa['ppa:openstack-ci-core/openafs-amd64-hwe'],
|
||||
Class['apt::update'],
|
||||
],
|
||||
}
|
||||
|
||||
# Skopeo is required for pushing/pulling from the intermediate
|
||||
# registry, and is available in the projectatomic ppa.
|
||||
|
||||
apt::ppa { 'ppa:projectatomic/ppa': }
|
||||
package { 'skopeo':
|
||||
ensure => present,
|
||||
require => [
|
||||
Apt::Ppa['ppa:projectatomic/ppa'],
|
||||
Class['apt::update'],
|
||||
],
|
||||
}
|
||||
|
||||
# Socat is also required for pushing/pulling images
|
||||
package { 'socat':
|
||||
ensure => present,
|
||||
require => [
|
||||
Class['apt::update'],
|
||||
],
|
||||
}
|
||||
|
||||
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
||||
# settings.
|
||||
class { '::zuul':
|
||||
gearman_server => 'zuul01.openstack.org',
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
zuul_ssh_private_key => $gerrit_ssh_private_key,
|
||||
git_email => $git_email,
|
||||
git_name => $git_name,
|
||||
worker_private_key_file => '/var/lib/zuul/ssh/nodepool_id_rsa',
|
||||
revision => $revision,
|
||||
python_version => 3,
|
||||
zookeeper_hosts => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',
|
||||
zuulv3 => true,
|
||||
connections => hiera('zuul_connections', []),
|
||||
connection_secrets => hiera('zuul_connection_secrets', []),
|
||||
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
|
||||
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
|
||||
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
||||
#TODO(pabelanger): Add openafs role for zuul-jobs to setup /etc/openafs
|
||||
# properly. We need to revisting this post Queens PTG.
|
||||
trusted_ro_paths => ['/etc/openafs', '/etc/ssl/certs', '/var/lib/zuul/ssh'],
|
||||
trusted_rw_paths => ['/afs'],
|
||||
untrusted_ro_paths => ['/etc/ssl/certs'],
|
||||
disk_limit_per_job => 5000, # Megabytes
|
||||
site_variables_yaml_file => $::project_config::zuul_site_variables_yaml,
|
||||
require => $::project_config::config_dir,
|
||||
statsd_host => 'graphite.opendev.org',
|
||||
}
|
||||
|
||||
class { '::zuul::executor': }
|
||||
|
||||
# This is used by the log job submission playbook which runs under
|
||||
# python2
|
||||
package { 'gear':
|
||||
ensure => latest,
|
||||
provider => openstack_pip,
|
||||
require => Class['pip'],
|
||||
}
|
||||
|
||||
file { '/var/lib/zuul/ssh/nodepool_id_rsa':
|
||||
owner => 'zuul',
|
||||
group => 'zuul',
|
||||
mode => '0400',
|
||||
require => File['/var/lib/zuul/ssh'],
|
||||
content => $zuul_ssh_private_key,
|
||||
}
|
||||
|
||||
file { '/var/lib/zuul/ssh/static_id_rsa':
|
||||
owner => 'zuul',
|
||||
group => 'zuul',
|
||||
mode => '0400',
|
||||
require => File['/var/lib/zuul/ssh'],
|
||||
content => $zuul_static_private_key,
|
||||
}
|
||||
|
||||
class { '::zuul::known_hosts':
|
||||
known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: xenial
|
||||
node /^zuul\d+\.open.*\.org$/ {
|
||||
$group = "zuul-scheduler"
|
||||
$gerrit_server = 'review.opendev.org'
|
||||
$gerrit_user = 'zuul'
|
||||
$gerrit_ssh_host_key = hiera('gerrit_zuul_user_ssh_key_contents')
|
||||
$zuul_ssh_private_key = hiera('zuul_ssh_private_key_contents')
|
||||
$zuul_url = "http://zuul.openstack.org/p"
|
||||
$git_email = 'zuul@openstack.org'
|
||||
$git_name = 'OpenStack Zuul'
|
||||
$revision = 'master'
|
||||
|
||||
class { 'openstack_project::server': }
|
||||
|
||||
class { '::project_config':
|
||||
url => 'https://opendev.org/openstack/project-config',
|
||||
}
|
||||
|
||||
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
||||
# settings.
|
||||
class { '::zuul':
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
zuul_ssh_private_key => $zuul_ssh_private_key,
|
||||
git_email => $git_email,
|
||||
git_name => $git_name,
|
||||
revision => $revision,
|
||||
python_version => 3,
|
||||
zookeeper_hosts => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',
|
||||
zookeeper_session_timeout => 40,
|
||||
zuulv3 => true,
|
||||
connections => hiera('zuul_connections', []),
|
||||
connection_secrets => hiera('zuul_connection_secrets', []),
|
||||
vhost_name => 'zuul.openstack.org',
|
||||
zuul_status_url => 'http://127.0.0.1:8001/openstack',
|
||||
zuul_web_url => 'http://127.0.0.1:9000',
|
||||
zuul_tenant_name => 'openstack',
|
||||
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
|
||||
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
|
||||
gearman_server_ssl_cert => hiera('gearman_server_ssl_cert'),
|
||||
gearman_server_ssl_key => hiera('gearman_server_ssl_key'),
|
||||
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
||||
proxy_ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
|
||||
proxy_ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),
|
||||
proxy_ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
|
||||
statsd_host => 'graphite.opendev.org',
|
||||
status_url => 'https://zuul.openstack.org',
|
||||
relative_priority => true,
|
||||
web_root => 'https://zuul.opendev.org',
|
||||
}
|
||||
|
||||
file { "/etc/zuul/github.key":
|
||||
ensure => present,
|
||||
owner => 'zuul',
|
||||
group => 'zuul',
|
||||
mode => '0600',
|
||||
content => hiera('zuul_github_app_key'),
|
||||
require => File['/etc/zuul'],
|
||||
}
|
||||
|
||||
class { '::zuul::scheduler':
|
||||
layout_dir => $::project_config::zuul_layout_dir,
|
||||
require => $::project_config::config_dir,
|
||||
python_version => 3,
|
||||
use_mysql => true,
|
||||
}
|
||||
|
||||
class { '::zuul::web':
|
||||
# We manage backups below
|
||||
enable_status_backups => false,
|
||||
vhosts => {
|
||||
'zuul.openstack.org' => {
|
||||
port => 443,
|
||||
docroot => '/opt/zuul-web/content',
|
||||
priority => '50',
|
||||
ssl => true,
|
||||
template => 'zuul/zuulv3.vhost.erb',
|
||||
vhost_name => 'zuul.openstack.org',
|
||||
},
|
||||
'zuul.opendev.org' => {
|
||||
port => 443,
|
||||
docroot => '/opt/zuul-web/content',
|
||||
priority => '40',
|
||||
ssl => true,
|
||||
template => 'zuul/zuulv3.vhost.erb',
|
||||
vhost_name => 'zuul.opendev.org',
|
||||
},
|
||||
'zuul.openstack.org-http' => {
|
||||
port => 80,
|
||||
docroot => '/opt/zuul-web/content',
|
||||
priority => '50',
|
||||
ssl => false,
|
||||
template => 'zuul/zuulv3.vhost.erb',
|
||||
vhost_name => 'zuul.openstack.org',
|
||||
},
|
||||
'zuul.opendev.org-http' => {
|
||||
port => 80,
|
||||
docroot => '/opt/zuul-web/content',
|
||||
priority => '40',
|
||||
ssl => false,
|
||||
template => 'zuul/zuulv3.vhost.erb',
|
||||
vhost_name => 'zuul.opendev.org',
|
||||
},
|
||||
},
|
||||
vhosts_flags => {
|
||||
'zuul.openstack.org' => {
|
||||
tenant_name => 'openstack',
|
||||
ssl => true,
|
||||
use_le => false,
|
||||
},
|
||||
'zuul.opendev.org' => {
|
||||
tenant_name => '',
|
||||
ssl => true,
|
||||
use_le => true,
|
||||
},
|
||||
'zuul.openstack.org-http' => {
|
||||
tenant_name => 'openstack',
|
||||
ssl => false,
|
||||
use_le => false,
|
||||
},
|
||||
'zuul.opendev.org-http' => {
|
||||
tenant_name => '',
|
||||
ssl => false,
|
||||
use_le => false,
|
||||
},
|
||||
},
|
||||
vhosts_ssl => {
|
||||
'zuul.openstack.org' => {
|
||||
ssl_cert_file_contents => hiera('zuul_ssl_cert_file_contents'),
|
||||
ssl_chain_file_contents => hiera('zuul_ssl_chain_file_contents'),
|
||||
ssl_key_file_contents => hiera('zuul_ssl_key_file_contents'),
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
zuul::status_backups { 'openstack-zuul-tenant':
|
||||
tenant_name => 'openstack',
|
||||
ssl => true,
|
||||
status_uri => 'https://zuul.opendev.org/api/tenant/openstack/status',
|
||||
}
|
||||
|
||||
zuul::status_backups { 'kata-zuul-tenant':
|
||||
tenant_name => 'kata-containers',
|
||||
ssl => true,
|
||||
status_uri => 'https://zuul.opendev.org/api/tenant/kata-containers/status',
|
||||
}
|
||||
|
||||
class { '::zuul::fingergw': }
|
||||
|
||||
class { '::zuul::known_hosts':
|
||||
known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",
|
||||
}
|
||||
|
||||
include bup
|
||||
bup::site { 'rax.ord':
|
||||
backup_user => 'bup-zuulv3',
|
||||
backup_server => 'backup01.ord.rax.ci.openstack.org',
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Node-OS: xenial
|
||||
node /^zm\d+.open.*\.org$/ {
|
||||
$group = "zuul-merger"
|
||||
|
||||
$gerrit_server = 'review.opendev.org'
|
||||
$gerrit_user = 'zuul'
|
||||
$gerrit_ssh_host_key = hiera('gerrit_ssh_rsa_pubkey_contents')
|
||||
$zuul_ssh_private_key = hiera('zuulv3_ssh_private_key_contents')
|
||||
$zuul_url = "http://${::fqdn}/p"
|
||||
$git_email = 'zuul@openstack.org'
|
||||
$git_name = 'OpenStack Zuul'
|
||||
$revision = 'master'
|
||||
|
||||
class { 'openstack_project::server': }
|
||||
|
||||
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
|
||||
# settings.
|
||||
class { '::zuul':
|
||||
gearman_server => 'zuul01.openstack.org',
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
zuul_ssh_private_key => $zuul_ssh_private_key,
|
||||
git_email => $git_email,
|
||||
git_name => $git_name,
|
||||
revision => $revision,
|
||||
python_version => 3,
|
||||
zookeeper_hosts => 'zk01.openstack.org:2181,zk02.openstack.org:2181,zk03.openstack.org:2181',
|
||||
zuulv3 => true,
|
||||
connections => hiera('zuul_connections', []),
|
||||
connection_secrets => hiera('zuul_connection_secrets', []),
|
||||
gearman_client_ssl_cert => hiera('gearman_client_ssl_cert'),
|
||||
gearman_client_ssl_key => hiera('gearman_client_ssl_key'),
|
||||
gearman_ssl_ca => hiera('gearman_ssl_ca'),
|
||||
statsd_host => 'graphite.opendev.org',
|
||||
}
|
||||
|
||||
class { 'openstack_project::zuul_merger':
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
gerrit_ssh_host_key => $gerrit_ssh_host_key,
|
||||
zuul_ssh_private_key => $zuul_ssh_private_key,
|
||||
manage_common_zuul => false,
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: xenial
|
||||
node /^pbx\d*\.open.*\.org$/ {
|
||||
$group = "pbx"
|
||||
|
@ -1,29 +0,0 @@
|
||||
# == Class: openstack_project::zuul_merger
|
||||
#
|
||||
class openstack_project::zuul_merger(
|
||||
$vhost_name = $::fqdn,
|
||||
$gearman_server = '127.0.0.1',
|
||||
$gerrit_server = '',
|
||||
$gerrit_user = '',
|
||||
$gerrit_ssh_host_key = '',
|
||||
$zuul_ssh_private_key = '',
|
||||
$zuul_url = "http://${::fqdn}/p",
|
||||
$git_email = 'jenkins@openstack.org',
|
||||
$git_name = 'OpenStack Jenkins',
|
||||
$revision = 'master',
|
||||
$manage_common_zuul = true,
|
||||
) {
|
||||
class { 'openstackci::zuul_merger':
|
||||
vhost_name => $vhost_name,
|
||||
gearman_server => $gearman_server,
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
known_hosts_content => "[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 ${gerrit_ssh_host_key}\n[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==\n",
|
||||
zuul_ssh_private_key => $zuul_ssh_private_key,
|
||||
zuul_url => $zuul_url,
|
||||
git_email => $git_email,
|
||||
git_name => $git_name,
|
||||
manage_common_zuul => $manage_common_zuul,
|
||||
revision => $revision,
|
||||
}
|
||||
}
|
@ -1,59 +0,0 @@
|
||||
# == Class: openstack_project::zuul_prod
|
||||
#
|
||||
class openstack_project::zuul_prod(
|
||||
$vhost_name = $::fqdn,
|
||||
$gearman_server = '127.0.0.1',
|
||||
$gerrit_server = '',
|
||||
$gerrit_user = '',
|
||||
$gerrit_ssh_host_key = '',
|
||||
$zuul_ssh_private_key = '',
|
||||
$url_pattern = '',
|
||||
$zuul_url = '',
|
||||
$status_url = 'https://zuul.openstack.org/',
|
||||
$swift_authurl = '',
|
||||
$swift_auth_version = '',
|
||||
$swift_user = '',
|
||||
$swift_key = '',
|
||||
$swift_tenant_name = '',
|
||||
$swift_region_name = '',
|
||||
$swift_default_container = '',
|
||||
$swift_default_logserver_prefix = '',
|
||||
$swift_default_expiry = 7200,
|
||||
$proxy_ssl_cert_file_contents = '',
|
||||
$proxy_ssl_key_file_contents = '',
|
||||
$proxy_ssl_chain_file_contents = '',
|
||||
$statsd_host = '',
|
||||
$project_config_repo = '',
|
||||
$git_email = 'jenkins@openstack.org',
|
||||
$git_name = 'OpenStack Jenkins',
|
||||
) {
|
||||
class { 'openstackci::zuul_scheduler':
|
||||
vhost_name => $vhost_name,
|
||||
gearman_server => $gearman_server,
|
||||
gerrit_server => $gerrit_server,
|
||||
gerrit_user => $gerrit_user,
|
||||
gerrit_strip_branch_ref => 1,
|
||||
known_hosts_content => "review.openstack.org,104.130.159.134,2001:4800:7818:102:be76:4eff:fe05:9b12 ${gerrit_ssh_host_key}",
|
||||
zuul_ssh_private_key => $zuul_ssh_private_key,
|
||||
url_pattern => $url_pattern,
|
||||
zuul_url => $zuul_url,
|
||||
job_name_in_report => true,
|
||||
status_url => $status_url,
|
||||
swift_authurl => $swift_authurl,
|
||||
swift_auth_version => $swift_auth_version,
|
||||
swift_user => $swift_user,
|
||||
swift_key => $swift_key,
|
||||
swift_tenant_name => $swift_tenant_name,
|
||||
swift_region_name => $swift_region_name,
|
||||
swift_default_container => $swift_default_container,
|
||||
swift_default_logserver_prefix => $swift_default_logserver_prefix,
|
||||
swift_default_expiry => $swift_default_expiry,
|
||||
proxy_ssl_cert_file_contents => $proxy_ssl_cert_file_contents,
|
||||
proxy_ssl_key_file_contents => $proxy_ssl_key_file_contents,
|
||||
proxy_ssl_chain_file_contents => $proxy_ssl_chain_file_contents,
|
||||
statsd_host => $statsd_host,
|
||||
project_config_repo => $project_config_repo,
|
||||
git_email => $git_email,
|
||||
git_name => $git_name,
|
||||
}
|
||||
}
|
@ -190,3 +190,5 @@ iptables_snmp_v4_hosts:
|
||||
iptables_snmp_v6_hosts:
|
||||
# cacti02.openstack.org
|
||||
- 2001:4800:7821:105:be76:4eff:fe04:b9a5
|
||||
|
||||
gerrit_ssh_rsa_pubkey_contents: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+pCQlTAQYmCrOY6aPbvbyKQDcOCXibPNGIjnPPMuEItCS0vtRnqEBz7znWZS5Drq9yKpROh6uFF01ao2VnNjw6f+NdRNV19RWVe6mYN+qa2VrH2caLwBrKPiH0Xc/eK41D55dZU7IWwKYAw/NpiBaBfHavFwipI+rmEb68MH2hcimDdr/bji+0hkh3X+42dkNvmMdtkuCW6nKdAEhnXaHZc5SJR/EvzgRCfB8vbML13p46O9xhoJgn7ZWvMb3vaR5jxIkQwstUR36raEVhttBDEuWasWnHYbrM1zd3ooudbTEQf5vXISZKFygHyJFFqb4iQ76i+hDlb0VQKZCdaol gerrit-code-review@829f141b0fa5
|
||||
|
@ -1,3 +1,22 @@
|
||||
iptables_extra_public_tcp_ports:
|
||||
- 79
|
||||
- 7900
|
||||
zuul_connections:
|
||||
- name: 'gerrit'
|
||||
driver: 'gerrit'
|
||||
server: 'review.opendev.org'
|
||||
canonical_hostname: 'opendev.org'
|
||||
user: 'zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
auth_type: 'digest'
|
||||
|
||||
- name: 'github'
|
||||
driver: 'github'
|
||||
|
||||
- name: 'googlesource'
|
||||
driver: 'gerrit'
|
||||
server: 'gerrit-review.googlesource.com'
|
||||
canonical_hostname: 'gerrit.googlesource.com'
|
||||
user: 'git-infra-root.openstack.org'
|
||||
stream_events: 'false'
|
||||
auth_type: 'basic'
|
||||
|
@ -1,4 +1,3 @@
|
||||
---
|
||||
zuul_connections:
|
||||
- name: 'gerrit'
|
||||
driver: 'gerrit'
|
@ -63,4 +63,89 @@ iptables_extra_allowed_hosts:
|
||||
- protocol: tcp
|
||||
port: 4730
|
||||
hostname: zm08.openstack.org
|
||||
zuul_connections:
|
||||
- name: 'smtp'
|
||||
driver: 'smtp'
|
||||
server: 'localhost'
|
||||
port: '25'
|
||||
default_from: 'zuul@zuul.openstack.org'
|
||||
default_to: 'zuul.reports@zuul.openstack.org'
|
||||
|
||||
- name: 'gerrit'
|
||||
driver: 'gerrit'
|
||||
server: 'review.opendev.org'
|
||||
canonical_hostname: 'opendev.org'
|
||||
user: 'zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
gitweb_url_template: 'https://opendev.org/{project.name}/commit/{sha}'
|
||||
auth_type: 'digest'
|
||||
|
||||
- name: 'opendaylight'
|
||||
driver: 'gerrit'
|
||||
server: 'git.opendaylight.org'
|
||||
baseurl: 'git.opendaylight.org/gerrit'
|
||||
user: 'openstack-zuul'
|
||||
sshkey: '/var/lib/zuul/ssh/id_rsa'
|
||||
|
||||
- name: 'mysql'
|
||||
driver: 'sql'
|
||||
|
||||
- name: 'github'
|
||||
driver: 'github'
|
||||
app_key: '/etc/zuul/github.key'
|
||||
rate_limit_logging: 'false'
|
||||
|
||||
- name: 'googlesource'
|
||||
driver: 'gerrit'
|
||||
server: 'gerrit-review.googlesource.com'
|
||||
canonical_hostname: 'gerrit.googlesource.com'
|
||||
user: 'git-infra-root.openstack.org'
|
||||
stream_events: 'false'
|
||||
auth_type: 'basic'
|
||||
|
||||
gearman_server_ssl_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBPMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
|
||||
NDAyWhcNMjcwNjE0MjA1NDAyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5z
|
||||
ZXJ2ZXIxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
|
||||
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3aMR61f/
|
||||
LZkP/acuqiCEiSFF4GI1ViNkOSPEq0CP4HfNckeW0///x6vI/uaR4MlF8g8qNFGB
|
||||
j2FCYRW1gEzS7TLoP3xYs4SMnvXvZRbdxcozOop506quLmlfPDF1o2GzLSQYDNXe
|
||||
WbpYiNM+EdgBjqLz4G5DdaXMMw2zYP21kbtSxJIvrpqeW/TKBGWDI2bBH81PFb9B
|
||||
gq1P4XxI/Aw7Ez6hApLV2D6DP7JidQUGOzvGw7LUEZjLEscQU7HH8j1qDvrM2gV4
|
||||
FRSRrtw8Yr/erBsaNr84guEZQREqiOjr1HvMZK5o1vGb69ArWSk9b8PW+A2uxvfS
|
||||
ukv7hvNsuCouHQIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
|
||||
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFImAuHnbfxpEEZwiiro9KEa8YA+1
|
||||
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQBTNIVB758W+wBtCMlIRFUPBiR+w+7RRsY8HXME5unvO65PcsfLKQXOr3i/
|
||||
K2SliyyBliwKY+wtbvQZVltpBiloDqslSMD6veb5YsZDzTZ+x8xP1GEhcB3c6CsN
|
||||
0RDJ/xUGv2IXgQW8kw+MINILr9iQA6fn9dBN0OqimlchPHtvA9gO7Rv+IV3zZP+Q
|
||||
yNWoBiZ6H5ANIt6vfcK0BHGDB6GXN9f1gpgsJd3l3vs3t/FgP1qYJiDd5VvcOXxt
|
||||
uJziOvdg7jte0u609MWj3DOdey4HsxlEU27w13kzGI6RpPquvl/YB8Y6WMAIL8in
|
||||
1GRv9pIfENRRHOiC57p0RSQZZ/2V
|
||||
-----END CERTIFICATE-----
|
||||
zuul_ssl_cert_file_contents: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICzjCCAbagAwIBAgIJAMV1mxY+iSJpMA0GCSqGSIb3DQEBCwUAMB8xHTAbBgNV
|
||||
BAMMFHp1dWx2My5vcGVuc3RhY2sub3JnMB4XDTE3MDYwMjE5MzUwMloXDTI3MDUz
|
||||
MTE5MzUwMlowHzEdMBsGA1UEAwwUenV1bHYzLm9wZW5zdGFjay5vcmcwggEiMA0G
|
||||
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvgAf85YVjjBTHYJnIx8VA1VvSAidD
|
||||
LHp2Yn+7DgUfHXjNdpftTgvWxnzXMFaglNzrNrixGNlkg1sdGDJ+DB/mvptKJUEH
|
||||
WMfOVI98Eo0dx5w+lcP8XGTg6/SY59+PiqNpCmi+T49axQO2XKNlt+ZJsSVaEhEj
|
||||
E2OrkZY+A8RFj07TUjSMv/pmo3AxgVjFoWszDT8pj30CTT3lg3eXXJwlqrH/P9IQ
|
||||
FnwRSt3sR60ahFFJnvHdL1FJl/I0W5nWD6LNEpX7ryaIUIqMhQpQjGDpvG77ntfW
|
||||
A5zhBVWPC7p2k6OaUD6AjlPMJLZh5YbyGaRN4l2Z4oizBGjoq1Qv9QehAgMBAAGj
|
||||
DTALMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggEBAOFIxTTiw10jWRKQuRKU
|
||||
KskncSNj3ZxSjwPTOQs++hLjYYYlKA4LbWwokp7u5rTpJP/NHYLHXIda6l/Ne3JG
|
||||
+Mby/vu0TKMX2z+0IQx3MZG7b+4NkH4jg40Q+Y879n0jvOfBplHtJB1UmQYk51fs
|
||||
Hbrb6vvxeLRJ74JZX6t756gZnagzAoLj7DtmTfruUVjD/kRJK8gUCyKMNvN6PH3u
|
||||
5Ls4WwOME+bFdFcxBJjj1LSKGlZoE22mSVlRqHvVXVfM9XTolvw5PequFhiPXYyj
|
||||
ESN9QfRuVeKltTl8NdDgwlYjBBUYR5omuX5LLWUSXuvQK/dYM4ahERf3ivbXMjhF
|
||||
M+Q=
|
||||
-----END CERTIFICATE-----
|
||||
|
59
playbooks/group_vars/zuul.yaml
Normal file
59
playbooks/group_vars/zuul.yaml
Normal file
@ -0,0 +1,59 @@
|
||||
zuul_user_id: 10001
|
||||
zuul_group_id: 10001
|
||||
zuul_known_hosts: |
|
||||
[review.opendev.org]:29418,[review.openstack.org]:29418,[104.130.246.32]:29418,[2001:4800:7819:103:be76:4eff:fe04:9229]:29418 {{ gerrit_ssh_rsa_pubkey_contents }}
|
||||
[git.opendaylight.org]:29418,[52.35.122.251]:29418,[2600:1f14:421:f500:7b21:2a58:ab0a:2d17]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyRXyHEw/P1iZr/fFFzbodT5orVV/ftnNRW59Zh9rnSY5Rmbc9aygsZHdtiWBERVVv8atrJSdZool75AglPDDYtPICUGWLR91YBSDcZwReh5S9es1dlQ6fyWTnv9QggSZ98KTQEuE3t/b5SfH0T6tXWmrNydv4J2/mejKRRLU2+oumbeVN1yB+8Uau/3w9/K5F5LgsDDzLkW35djLhPV8r0OfmxV/cAnLl7AaZlaqcJMA+2rGKqM3m3Yu+pQw4pxOfCSpejlAwL6c8tA9naOvBkuJk+hYpg5tDEq2QFGRX5y1F9xQpwpdzZROc5hdGYntM79VMMXTj+95dwVv/8yTsw==
|
||||
gearman_server: zuul01.openstack.org
|
||||
gearman_client_ssl_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEYTCCA0mgAwIBAgIJAKkAn3gh0LBQMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjMw
|
||||
MjQyWhcNMjcwNjE0MjMwMjQyWjCBszELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEXMBUGA1UEAwwOZ2Vhcm1hbi5j
|
||||
bGllbnQxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0cy5vcGVu
|
||||
c3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh3qSWIp
|
||||
w6kXS4IIPU7fPP2felHCtmZyfgKolYbq1iVafcc/EUHa1onlaM+w7OEHr68y3Qau
|
||||
SY6ifEsUWCKJlhu+UlHGwVIZliL02+9EAZ1DDs6OtxKa7nOIkWq8P8kRex234QVd
|
||||
y37+vV+/lDeCbLoGo5P0j51fnqy10afg2xRblmXgqeqaiJAvCmEnG9S9q9+gbisZ
|
||||
1D2r+JtoTUMZtPY9NomvgdNuwmF5+VeO+CQepRWlA+0ysCFVgVwm++PNXETadHOj
|
||||
mOSJxiq2u6fysZb7ctHgGuu+Ce3PVwah+kK/PEXADs7SjhJruSmL1ap2izc6kTFW
|
||||
GSU/wkkPXtbWJwIDAQABo3AwbjAJBgNVHRMEAjAAMCEGCWCGSAGG+EIBDQQUFhJj
|
||||
bGllbnQgY2VydGlmaWNhdGUwHQYDVR0OBBYEFKTyA6hjUY8jNxOEM5zuU7qecogX
|
||||
MB8GA1UdIwQYMBaAFFP8JfdXPn8mhZLaXMa8NQIJlmneMA0GCSqGSIb3DQEBCwUA
|
||||
A4IBAQAiLYckNAx7GQGCSXC92R23o181FiCePuNAgCb4QsaQkA/JopaLrn11R33Y
|
||||
XO1C5fvsopKvcmEJKX0BJwNy41tz/rNmKXYy4hsPKYMsNgJQtYe98Mp+VHgAmtZ3
|
||||
U0v49mUJA4YiLs/QmB6bmLknl1XjzJvbLu3gfVSGsquDXN1TcHLZy2fQlD6/D7HF
|
||||
2Zj44Af4b2xFcZc7J/iErIj8LGHx3alkGAgdXw+SQkgzDeXC/DhrXC1jVJQQQzfU
|
||||
/4GjbLiPBLb+QIAaBVv+iVVok22DSvMydjI4Zr89NXDWEOZc8oZ7nBf9Sv1+I0xB
|
||||
6YQoN+t1YSx3G8AxPSZwyGlwhZo0
|
||||
-----END CERTIFICATE-----
|
||||
gearman_ssl_ca: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIERzCCAy+gAwIBAgIJAKkAn3gh0LBOMA0GCSqGSIb3DQEBCwUAMIG5MQswCQYD
|
||||
VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxDzANBgNVBAcMBkF1c3RpbjEdMBsGA1UE
|
||||
CgwUT3BlblN0YWNrIEZvdW5kYXRpb24xFzAVBgNVBAsMDkluZnJhc3RydWN0dXJl
|
||||
MR0wGwYDVQQDDBR6dXVsdjMub3BlbnN0YWNrLm9yZzEyMDAGCSqGSIb3DQEJARYj
|
||||
b3BlbnN0YWNrLWluZnJhQGxpc3RzLm9wZW5zdGFjay5vcmcwHhcNMTcwNjE2MjA1
|
||||
MjA3WhcNMjAwNjE1MjA1MjA3WjCBuTELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRl
|
||||
eGFzMQ8wDQYDVQQHDAZBdXN0aW4xHTAbBgNVBAoMFE9wZW5TdGFjayBGb3VuZGF0
|
||||
aW9uMRcwFQYDVQQLDA5JbmZyYXN0cnVjdHVyZTEdMBsGA1UEAwwUenV1bHYzLm9w
|
||||
ZW5zdGFjay5vcmcxMjAwBgkqhkiG9w0BCQEWI29wZW5zdGFjay1pbmZyYUBsaXN0
|
||||
cy5vcGVuc3RhY2sub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
|
||||
zTnzmZkB/P+C0eHFmPyU8myEmubRVw2vK1aqx0Y7bFMlXAVH6CodI6r4VpS4vGPL
|
||||
AfBGAmIZJlBuRysZHW3J6GuzhBFyBILHJX9PZkeJyHa3NU4ILDPMXAD/oWQnqlp1
|
||||
3kYJ3xS1QWhPvaohC+Io3LErXOMp32mhrEmm3BGfWiXbV9STcseeLX6BKPdqBzaT
|
||||
d8RFkrvsEJTTjwIJLreyrphrtXu/VS9uEMWaHj4/94lLXn8fn3CuUfs48kPDTlaw
|
||||
vFg2lIGpfOui4s9Vhrafy1nrz1KzKHjhhnF80irrIo3kOkWaKeBuTyy7+MSx7PTi
|
||||
5RgSoKTKyMbMA6nbCj73KQIDAQABo1AwTjAdBgNVHQ4EFgQUU/wl91c+fyaFktpc
|
||||
xrw1AgmWad4wHwYDVR0jBBgwFoAUU/wl91c+fyaFktpcxrw1AgmWad4wDAYDVR0T
|
||||
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAe/6S1DWRtXwzBgwTCW7FR3IrpZzP
|
||||
4eN3TUbJy6tvff+iY6+96WV9vyH62NU8oEn5TUqy8r+EiOchbXJq8pvlPAcwdaeC
|
||||
a9pjJku40oVai0pncqDnF/WOiXNkW71bRs/qQtIuVwKwVm9OyizjWsQtjm4Ycpju
|
||||
92liz5Q/ZZu+7eIufQYRr7lthgmTLCjqeS4qxiY7Y03ZLZpvEL+KVskkjPzHvzTO
|
||||
S1Rq0t3ssb4uH78rvXj1Q/C2gVucUBE86P9AckSZtANGlmiKBnO6Lc1xQbsFyfSn
|
||||
Xbt2g9IiP3nTEapCx/M8/Zl5M+XwK7pbQWdtwGnvGPoeFNV1sVT4iO1dLg==
|
||||
-----END CERTIFICATE-----
|
@ -1,3 +1,5 @@
|
||||
gearman_server: 127.0.0.1
|
||||
letsencrypt_certs:
|
||||
zuul-opendev-main:
|
||||
- zuul.opendev.org
|
||||
- zuul.openstack.org
|
||||
|
@ -68,8 +68,7 @@ results:
|
||||
|
||||
ze01.openstack.org:
|
||||
- afs-client
|
||||
- puppet
|
||||
- puppet4
|
||||
- zuul
|
||||
- zuul-executor
|
||||
|
||||
zk01.openstack.org:
|
||||
|
1
playbooks/roles/zuul-executor/README.rst
Normal file
1
playbooks/roles/zuul-executor/README.rst
Normal file
@ -0,0 +1 @@
|
||||
Run Zuul Executor
|
19
playbooks/roles/zuul-executor/files/docker-compose.yaml
Normal file
19
playbooks/roles/zuul-executor/files/docker-compose.yaml
Normal file
@ -0,0 +1,19 @@
|
||||
# Version 2 is the latest that is supported by docker-compose in
|
||||
# Ubuntu Xenial.
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
executor:
|
||||
restart: always
|
||||
image: docker.io/zuul/zuul-executor:latest
|
||||
network_mode: host
|
||||
user: zuul
|
||||
volumes:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /opt/project-config:/opt/project-config
|
||||
- /afs:/afs
|
||||
- /home/zuul:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
||||
- /etc/openafs:/etc/openafs
|
||||
- /etc/ssl/certs:/etc/ssl/certs
|
49
playbooks/roles/zuul-executor/files/logging.conf
Normal file
49
playbooks/roles/zuul-executor/files/logging.conf
Normal file
@ -0,0 +1,49 @@
|
||||
[loggers]
|
||||
keys=root,zuul,gerrit,gear
|
||||
|
||||
[handlers]
|
||||
keys=console,debug,normal
|
||||
|
||||
[formatters]
|
||||
keys=simple
|
||||
|
||||
[logger_root]
|
||||
level=WARNING
|
||||
handlers=console
|
||||
|
||||
[logger_zuul]
|
||||
level=DEBUG
|
||||
handlers=debug,normal
|
||||
qualname=zuul
|
||||
|
||||
[logger_gerrit]
|
||||
level=INFO
|
||||
handlers=debug,normal
|
||||
qualname=gerrit
|
||||
|
||||
[logger_gear]
|
||||
level=WARNING
|
||||
handlers=debug,normal
|
||||
qualname=gear
|
||||
|
||||
[handler_console]
|
||||
level=WARNING
|
||||
class=StreamHandler
|
||||
formatter=simple
|
||||
args=(sys.stdout,)
|
||||
|
||||
[handler_debug]
|
||||
level=DEBUG
|
||||
class=logging.handlers.WatchedFileHandler
|
||||
formatter=simple
|
||||
args=('/var/log/zuul/executor-debug.log',)
|
||||
|
||||
[handler_normal]
|
||||
level=INFO
|
||||
class=logging.handlers.WatchedFileHandler
|
||||
formatter=simple
|
||||
args=('/var/log/zuul/executor.log',)
|
||||
|
||||
[formatter_simple]
|
||||
format=%(asctime)s %(levelname)s %(name)s: %(message)s
|
||||
datefmt=
|
122
playbooks/roles/zuul-executor/files/zuul-executor.init
Normal file
122
playbooks/roles/zuul-executor/files/zuul-executor.init
Normal file
@ -0,0 +1,122 @@
|
||||
#! /bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: zuul-executor
|
||||
# Required-Start: $remote_fs $syslog
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Zuul
|
||||
# Description: Zuul Executor
|
||||
### END INIT INFO
|
||||
|
||||
# Do NOT "set -e"
|
||||
|
||||
# PATH should only include /usr/* if it runs after the mountnfs.sh script
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
|
||||
DESC="Zuul Executor"
|
||||
NAME=zuul-executor
|
||||
DAEMON=/usr/local/bin/zuul-executor
|
||||
PIDFILE=/var/run/$NAME/$NAME.pid
|
||||
SCRIPTNAME=/etc/init.d/$NAME
|
||||
USER=zuul
|
||||
|
||||
# Exit if the package is not installed
|
||||
[ -x "$DAEMON" ] || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
# Load the VERBOSE setting and other rcS variables
|
||||
. /lib/init/vars.sh
|
||||
|
||||
# Define LSB log_* functions.
|
||||
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
PIDFILE_DIR=$(dirname $PIDFILE)
|
||||
|
||||
#
|
||||
# Function that starts the daemon/service
|
||||
#
|
||||
do_start()
|
||||
{
|
||||
# Return
|
||||
# 0 if daemon has been started
|
||||
# 1 if daemon was already running
|
||||
# 2 if daemon could not be started
|
||||
# 3 if pid file already exist
|
||||
|
||||
if [ ! -d "$PIDFILE_DIR" ] ; then
|
||||
mkdir -p $PIDFILE_DIR
|
||||
chown $USER $PIDFILE_DIR
|
||||
fi
|
||||
ulimit -n 8192
|
||||
ulimit -c unlimited
|
||||
if [ -f $PIDFILE ]; then
|
||||
return 3
|
||||
fi
|
||||
start-stop-daemon \
|
||||
--start --quiet --pidfile $PIDFILE -c $USER \
|
||||
--exec $DAEMON --test > /dev/null || return 1
|
||||
start-stop-daemon \
|
||||
--start --quiet --pidfile $PIDFILE -c $USER \
|
||||
--exec $DAEMON -- $DAEMON_ARGS || return 2
|
||||
# Add code here, if necessary, that waits for the process to be ready
|
||||
# to handle requests from services started subsequently which depend
|
||||
# on this one. As a last resort, sleep for some time.
|
||||
}
|
||||
|
||||
#
|
||||
# Function that stops the daemon/service
|
||||
#
|
||||
do_stop()
|
||||
{
|
||||
$DAEMON stop
|
||||
return 0
|
||||
}
|
||||
|
||||
#
|
||||
# Function that sends a SIGHUP to the daemon/service
|
||||
#
|
||||
do_reload() {
|
||||
$DAEMON reconfigure
|
||||
return 0
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
|
||||
do_start
|
||||
case "$?" in
|
||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||
3) echo "Pidfile at $PIDFILE already exists, run service zuul-executor stop to clean up."
|
||||
esac
|
||||
;;
|
||||
stop)
|
||||
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
|
||||
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
status)
|
||||
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
|
||||
;;
|
||||
reload|force-reload)
|
||||
#
|
||||
# If do_reload() is not implemented then leave this commented out
|
||||
# and leave 'force-reload' as an alias for 'restart'.
|
||||
#
|
||||
log_daemon_msg "Reloading $DESC" "$NAME"
|
||||
do_reload
|
||||
log_end_msg $?
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $SCRIPTNAME {start|stop|status|force-reload}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
||||
:
|
122
playbooks/roles/zuul-executor/tasks/main.yaml
Normal file
122
playbooks/roles/zuul-executor/tasks/main.yaml
Normal file
@ -0,0 +1,122 @@
|
||||
- name: Install PPAs
|
||||
apt_repository:
|
||||
repo: '{{ item }}'
|
||||
become: yes
|
||||
loop:
|
||||
# For bubblewrap
|
||||
- ppa:openstack-ci-core/bubblewrap
|
||||
# Temporary PPA needed for bpo-27945 while waiting for SRU to be published
|
||||
- ppa:openstack-ci-core/python-bpo-27945-backport
|
||||
# We use later HWE kernels for better memory managment, requiring an
|
||||
# updated AFS version which we install from our custom ppa.
|
||||
- ppa:openstack-ci-core/openafs-amd64-hwe
|
||||
# For skopeo
|
||||
- ppa:projectatomic/ppa
|
||||
|
||||
- name: Install bindep
|
||||
pip:
|
||||
name: bindep
|
||||
state: present
|
||||
executable: pip3
|
||||
become: yes
|
||||
|
||||
- name: Install extra packages
|
||||
package:
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
loop:
|
||||
- jemalloc1
|
||||
- bubblewrap
|
||||
- skopeo
|
||||
- socat
|
||||
|
||||
- name: Clone zuul repo
|
||||
git:
|
||||
repo: https://opendev.org/zuul/zuul
|
||||
dest: /opt/zuul
|
||||
force: yes
|
||||
register: zuul_repo
|
||||
|
||||
- name: Install zuul bindep packages
|
||||
shell:
|
||||
cmd: apt-get install -y $(bindep -b compile)
|
||||
chdir: /opt/zuul
|
||||
when: zuul_repo is changed
|
||||
|
||||
- name: Install zuul
|
||||
shell:
|
||||
cmd: pip install .
|
||||
chdir: /opt/zuul
|
||||
when: zuul_repo is changed
|
||||
|
||||
- name: Run zuul-manage-ansible
|
||||
shell:
|
||||
cmd: zuul-manage-ansible
|
||||
environment:
|
||||
ANSIBLE_EXTRA_PACKAGES: gear
|
||||
when: zuul_repo is changed
|
||||
|
||||
- name: Install kubectl
|
||||
include_role:
|
||||
name: install-kubectl
|
||||
|
||||
# This checks the current installed ara version with pip list and the
|
||||
# latest version of ara on pypi with pip search and if they are different
|
||||
# then we know we need to upgrade to reconcile the local version with
|
||||
# the upstream version.
|
||||
#
|
||||
# We do this using this check here rather than a pip package resource so
|
||||
# that ara's deps don't inadverdently update zuuls deps (specifically
|
||||
# ansible).
|
||||
- name: Install ARA safely
|
||||
shell: |
|
||||
if test $(pip3 list --format columns | sed -ne 's/^ara\s\+\([.0-9]\+\)\s\+$/\1/p') != $(pip3 search 'ara$' | sed -ne 's/^ara (\(.*\)).*$/\1/p') ; then
|
||||
pip3 install --upgrade --upgrade-strategy=only-if-needed "ara<1.0.0"
|
||||
fi
|
||||
|
||||
- name: Create Zuul Executor directories
|
||||
file:
|
||||
state: directory
|
||||
path: '{{ item }}'
|
||||
owner: zuul
|
||||
group: zuul
|
||||
loop:
|
||||
- /var/lib/zuul/builds
|
||||
- /var/lib/zuul/git
|
||||
|
||||
- name: Set up cron job to pack git refs
|
||||
cron:
|
||||
name: pack-git-refs
|
||||
state: present
|
||||
job: 'find /var/lib/zuul/git/ -maxdepth 3 -type d -name ".git" -exec git --git-dir="{}" pack-refs --all \;'
|
||||
minute: 7
|
||||
hour: 4
|
||||
|
||||
- name: Install logging config
|
||||
copy:
|
||||
src: logging.conf
|
||||
dest: /etc/zuul/executor-logging.conf
|
||||
|
||||
- name: Rotate executor logs
|
||||
include_role:
|
||||
name: logrotate
|
||||
vars:
|
||||
logrotate_file_name: /var/log/zuul/executor.log
|
||||
|
||||
- name: Rotate executor debug logs
|
||||
include_role:
|
||||
name: logrotate
|
||||
vars:
|
||||
logrotate_file_name: /var/log/zuul/executor-debug.log
|
||||
|
||||
- name: Install init script
|
||||
copy:
|
||||
src: zuul-executor.init
|
||||
dest: /etc/init.d/zuul-executor
|
||||
mode: 0555
|
||||
register: install_init_script
|
||||
|
||||
- name: Register script with systemd
|
||||
shell:
|
||||
cmd: /bin/systemctl daemon-reload
|
||||
when: install_init_script is changed
|
1
playbooks/roles/zuul-merger/README.rst
Normal file
1
playbooks/roles/zuul-merger/README.rst
Normal file
@ -0,0 +1 @@
|
||||
Run zuul merger
|
1
playbooks/roles/zuul-merger/defaults/main.yaml
Normal file
1
playbooks/roles/zuul-merger/defaults/main.yaml
Normal file
@ -0,0 +1 @@
|
||||
zuul_merger_start: false
|
16
playbooks/roles/zuul-merger/files/docker-compose.yaml
Normal file
16
playbooks/roles/zuul-merger/files/docker-compose.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
# Version 2 is the latest that is supported by docker-compose in
|
||||
# Ubuntu Xenial.
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
merger:
|
||||
restart: always
|
||||
image: docker.io/zuul/zuul-merger:latest
|
||||
network_mode: host
|
||||
user: zuul
|
||||
volumes:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /opt/project-config:/opt/project-config
|
||||
- /home/zuul:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
49
playbooks/roles/zuul-merger/files/logging.conf
Normal file
49
playbooks/roles/zuul-merger/files/logging.conf
Normal file
@ -0,0 +1,49 @@
|
||||
[loggers]
|
||||
keys=root,zuul,gerrit,gear
|
||||
|
||||
[handlers]
|
||||
keys=console,debug,normal
|
||||
|
||||
[formatters]
|
||||
keys=simple
|
||||
|
||||
[logger_root]
|
||||
level=WARNING
|
||||
handlers=console
|
||||
|
||||
[logger_zuul]
|
||||
level=DEBUG
|
||||
handlers=debug,normal
|
||||
qualname=zuul
|
||||
|
||||
[logger_gerrit]
|
||||
level=INFO
|
||||
handlers=debug,normal
|
||||
qualname=gerrit
|
||||
|
||||
[logger_gear]
|
||||
level=WARNING
|
||||
handlers=debug,normal
|
||||
qualname=gear
|
||||
|
||||
[handler_console]
|
||||
level=WARNING
|
||||
class=StreamHandler
|
||||
formatter=simple
|
||||
args=(sys.stdout,)
|
||||
|
||||
[handler_debug]
|
||||
level=DEBUG
|
||||
class=logging.handlers.WatchedFileHandler
|
||||
formatter=simple
|
||||
args=('/var/log/zuul/merger-debug.log',)
|
||||
|
||||
[handler_normal]
|
||||
level=INFO
|
||||
class=logging.handlers.WatchedFileHandler
|
||||
formatter=simple
|
||||
args=('/var/log/zuul/merger.log',)
|
||||
|
||||
[formatter_simple]
|
||||
format=%(asctime)s %(levelname)s %(name)s: %(message)s
|
||||
datefmt=
|
52
playbooks/roles/zuul-merger/tasks/main.yaml
Normal file
52
playbooks/roles/zuul-merger/tasks/main.yaml
Normal file
@ -0,0 +1,52 @@
|
||||
- name: Create Zuul directories
|
||||
file:
|
||||
state: directory
|
||||
path: '{{ item }}'
|
||||
owner: zuul
|
||||
group: zuul
|
||||
loop:
|
||||
- /var/lib/zuul/git
|
||||
|
||||
- name: Set up cron job to pack git refs
|
||||
cron:
|
||||
name: pack-git-refs
|
||||
state: present
|
||||
job: 'find /var/lib/zuul/git/ -maxdepth 3 -type d -name ".git" -exec git --git-dir="{}" pack-refs --all \;'
|
||||
minute: 7
|
||||
hour: 4
|
||||
|
||||
- name: Install logging config
|
||||
copy:
|
||||
src: logging.conf
|
||||
dest: /etc/zuul/merger-logging.conf
|
||||
|
||||
- name: Rotate merger logs
|
||||
include_role:
|
||||
name: logrotate
|
||||
vars:
|
||||
logrotate_file_name: /var/log/zuul/merger.log
|
||||
|
||||
- name: Rotate merger debug logs
|
||||
include_role:
|
||||
name: logrotate
|
||||
vars:
|
||||
logrotate_file_name: /var/log/zuul/merger-debug.log
|
||||
|
||||
- name: Make docker-compose directory
|
||||
file:
|
||||
state: directory
|
||||
path: /etc/zuul-merger
|
||||
|
||||
- name: Install docker-compose file
|
||||
copy:
|
||||
src: docker-compose.yaml
|
||||
dest: /etc/zuul-merger/docker-compose.yaml
|
||||
|
||||
- name: Run docker-compose pull
|
||||
shell:
|
||||
cmd: docker-compose pull
|
||||
chdir: /etc/zuul-merger
|
||||
|
||||
- name: Start containers
|
||||
include_tasks: start.yaml
|
||||
when: zuul_merger_start | bool
|
8
playbooks/roles/zuul-merger/tasks/start.yaml
Normal file
8
playbooks/roles/zuul-merger/tasks/start.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
- name: Run docker-compose up
|
||||
shell:
|
||||
cmd: docker-compose up -d
|
||||
chdir: /etc/zuul-merger
|
||||
|
||||
- name: Run docker prune to cleanup unneeded images
|
||||
shell:
|
||||
cmd: docker image prune -f
|
1
playbooks/roles/zuul-scheduler/README.rst
Normal file
1
playbooks/roles/zuul-scheduler/README.rst
Normal file
@ -0,0 +1 @@
|
||||
Run Zuul Scheduler
|
16
playbooks/roles/zuul-scheduler/files/docker-compose.yaml
Normal file
16
playbooks/roles/zuul-scheduler/files/docker-compose.yaml
Normal file
@ -0,0 +1,16 @@
|
||||
# Version 2 is the latest that is supported by docker-compose in
|
||||
# Ubuntu Xenial.
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
scheduler:
|
||||
restart: always
|
||||
image: docker.io/zuul/zuul-scheduler:latest
|
||||
network_mode: host
|
||||
user: zuul
|
||||
volumes:
|
||||
- /etc/zuul:/etc/zuul
|
||||
- /opt/project-config:/opt/project-config
|
||||
- /home/zuul:/home/zuul
|
||||
- /var/lib/zuul:/var/lib/zuul
|
||||
- /var/log/zuul:/var/log/zuul
|
33
playbooks/roles/zuul-scheduler/files/gearman-logging.conf
Normal file
33
playbooks/roles/zuul-scheduler/files/gearman-logging.conf
Normal file
@ -0,0 +1,33 @@
|
||||
[loggers]
|
||||
keys=root,gear
|
||||
|
||||
[handlers]
|
||||
keys=console,normal
|
||||
|
||||
[formatters]
|
||||
keys=simple
|
||||
|
||||
[logger_root]
|
||||
level=WARNING
|
||||
handlers=console
|
||||
|
||||
[logger_gear]
|
||||
level=DEBUG
|
||||
handlers=normal
|
||||
qualname=gear
|
||||
|
||||
[handler_console]
|
||||
level=WARNING
|
||||
class=StreamHandler
|
||||
formatter=simple
|
||||
args=(sys.stdout,)
|
||||
|
||||
[handler_normal]
|
||||
level=WARNING
|
||||
class=logging.handlers.WatchedFileHandler
|
||||
formatter=simple
|
||||
args=('/var/log/zuul/gearman-server.log',)
|
||||
|
||||
[formatter_simple]
|
||||
format=%(asctime)s %(levelname)s %(name)s: %(message)s
|
||||
datefmt=
|