We are enabling tcp/8088 specifically for zuul v2.5. This will allow a
user to telnet jenkins.slave.fqdn 8088 to stream the logs on the
remote host.
Change-Id: Iaf0e12ebe6dfcd30a88021a4d313284dae445ee8
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Jenkins is consuming git user and email from jenkinsuser
parameters. But these parameters are not exposed on
OpenStack manifests.
Update all the manifests where it's relevant to send
that git username and email, either to jenkins slaves
or to static servers where jenkinsuser is needed.
Change-Id: I4e2b94b1220f88288401f9106721bc4df7fe9125
Turns out that cloud-init leaves behind init scripts which still try
to do things, because they have lots of logic written in them. That's,
of course, crazy. In any case, purge to get rid of them.
Change-Id: Id32fe2eb0f0af879d69055dc7894acbe507f0513
nova metadata service is too flaky. Instead of using it for anything,
bake the ssh key into the images.
Change-Id: I7c02da1ed6f5c5c3f5a2437f606fc0aab3d3dd3f
The special py3k-precise nodes are no longer needed by any jobs, so
stop building them and clean up any custom Puppet related to them.
Change-Id: I40d5d09f28ef53583d239d2e852e9c50b5962cf8
Depends-On: Ie105674833e0a527f990a7448855a1090f5dc651
We have a small set of iptables rules on our single use slaves that
enable ironic and heat functionality. We are shifting the floating IP
range from 172.24.4.0/24 to 172.24.5.0/24 and placing an overlapping
range of 172.24.4.0/23 to give compute nodes routes to the floating IPs
in multinode situations.
To accmodate these changes expand the existing rules to cover
172.24.4.0/23 instead of just 172.24.4.0/24.
Change-Id: I0b28c3607747c3939912ce4664627910f431dba6
* modules/openstack_project/manifests/single_use_slave.pp: The
--log-prefix option must come after -j LOG to be parsed
successfully.
Change-Id: Ibd706ec267f3d684e8d2ac6141aa839589fe38bd
Adds a rule to the bottom of the openstack-INPUT chain to log any
packets that make it this far and are on their way to being rejected.
This may help us find out why Devstack Ironic VM nodes occasionally cannot
reach the host's TFTP server.
Change-Id: I3980284a93f50ac8db16769f6ad87382aa55e898
Related-bug: #1393099
Pass the project_config_repo variable from single_use_slave.pp
manifest to the nested slave_common.pp to be able to set it's
value from parent scripts (e.g. prepare_node.sh)
Change-Id: I3c765a72fd48624cddc6146feb94331b2c764df3
In some 3rd party ci systems, the installation of unbound
cause node image creation to fail and/or devstack-gate to fail.
Since it is not strictly necessary, allow it to be disabled in
environments that do not support it.
Change-Id: I906ae3ccf946e208e17c7087f89641d645db7111
Partial-Bug: #1307702
diskimage-builder does not run services that it installs, but this
is a problem when we lay down the resolv.conf file in puppet with
the service not running. So, put in a flag which defaults to true
(which is current behavior) that a dib invocation of the puppet
can turn off and then dib can plop the file down at the end of the
process.
Change-Id: I05d89ffacfdaf3563b8cb1460af12f114e1a0340
The jenkins-sudo privileges are specific to the slave_scripts directory,
which has already been moved to the openstack_project. Let's keep these
two things together.
Change-Id: I0ef16850bf97d54f1ac92e41e5bd31e7f6f40ea9
The ::jenkins::slave class contained a lot of openstack-specific
configuration rather than configuration of a generic jenkins slave.
The term "bare slave" is overloaded and confusing: create simple_slave
and thick_slave to differentiate between the two meanings of "bare".
Some portions of ::jenkins::slave will move to simple_slave, some
portions to thick_slave, and some portions to slave_common (all in the
openstack_project module).
Change-Id: I5281a03a7f6da3f98714bcc59ae840ace8435578
The ironic devstack gate boots virtual baremetal 'nodes' on the
Neutron tenant network. These nodes PXE boot and expect TFTP access
and the ability to post a callback via Ironic's API at $HOST_IP:6385.
This adds two new rules to the openstack-INPUT chain to allow these
from the Devstack Neutron public network.
Change-Id: I6aecc0f07641c09f696756b94398d1ccbe082548
The tempest autoscaling scenario needs to push cloudwatch stats to
port 8003. Also there will soon be tempest tests which call the
native Heat API on port 8004 so this too needs to be open.
Change-Id: Ie0f0822d0a9cca08b7c0c09c8c2b130a417553fb
One our single use unittest slaves we want to allow unittests to create
and destroy arbitrary mysql database schemas. The simplest way to do
this is to grant all priveleges to the test user on the mysql server
globally. This is safe because the nodes are thrown away post test.
Change-Id: Ic92ff2f9c752d955e6f82eb4b88330b5448cfa75
* .../files/nodepool/scripts/prepare_node.sh: Add parameters for
Python 3 and PyPy settings for use by the py3k-precise node type.
* .../files/nodepool/scripts/prepare_node_py3k.sh: Wrapper to enable
the Python 3 and PyPy support toggles in prepare_node.sh.
* .../manifests/single_use_slave.pp: Add the Python 3 and PyPy
support variables, passing them through to the Jenkins slave class.
* .../templates/nodepool/nodepool.yaml.erb: Add a new node and image
for py3k-precise in a suitably small quantity for initial testing.
Change-Id: Id2438c17ea59ae9123a841fd0b348728c6467529
Just to be confusing our bare-precise images are not actually bare
jenkins slave images and things will break if they are. Make the
jenkins::slave bare flag selectable in the single_use_slave manifest and
set it to true on the bare precise nodes (keep it set to false on
anything running devstack or similar).
Change-Id: I88d0a7f7b9c188ac3547b9ffab57c5fbce4f7a10
The differences between openstack_project::slave,
openstack_project::slave_template, and openstack_project::bare_slave
were not always clear. Keep openstack_project::slave as the default long
running slave manifest, but replace slave_template with a
single_use_slave.pp to make it clear where single use slave config
begins. Add the ability to toggle automatic upgrades and jenkins sudo
rights to this new manifest. Finally, add a more verbose comment to
bare_slave explaining what it is useful for (having a jenkins like slave
host that doesn't need a firewall or ntp or automatic upgrades).
Change-Id: I3989c9e6ad9469f441ca5d3627f7b3b704d8a8da