Commit Graph

25 Commits

Author SHA1 Message Date
Paul Belanger
7326faa6e8
Use port 19885 for console streaming for zuul workers
Change-Id: Ia2d3d95e065c21cb39dcbf7a28b24bff9795323c
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-06-16 20:33:38 -04:00
Paul Belanger
33448be976
Enable tcp/8088 on jenkins slaves
We are enabling tcp/8088 specifically for zuul v2.5. This will allow a
user to telnet jenkins.slave.fqdn 8088 to stream the logs on the
remote host.

Change-Id: Iaf0e12ebe6dfcd30a88021a4d313284dae445ee8
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2016-05-17 17:43:37 -04:00
Yolanda Robla
4b213ccb36 Expose jenkins_gitfullname and jenkins_gitemail
Jenkins is consuming git user and email from jenkinsuser
parameters. But these parameters are not exposed on
OpenStack manifests.
Update all the manifests where it's relevant to send
that git username and email, either to jenkins slaves
or to static servers where jenkinsuser is needed.

Change-Id: I4e2b94b1220f88288401f9106721bc4df7fe9125
2015-04-07 20:21:41 +02:00
Monty Taylor
d9d0bc2826 Revert cloud-init removal
This reverts commit 10b504fb95.
This reverts commit e73e2c16c2.
This reverts commit 325ec8d572.

Change-Id: Ia39d1f3a4ecc209623c2cd20be52a9abb887b250
2015-03-20 12:49:26 -04:00
Monty Taylor
10b504fb95 Purge cloud-init
Turns out that cloud-init leaves behind init scripts which still try
to do things, because they have lots of logic written in them. That's,
of course, crazy. In any case, purge to get rid of them.

Change-Id: Id32fe2eb0f0af879d69055dc7894acbe507f0513
2015-03-19 16:09:37 -04:00
Monty Taylor
e73e2c16c2 Just remove cloud-init
It's useless

Change-Id: I4c649aeb0ac7b1a13ec1a50f63b0cb39f12c8966
2015-03-19 13:03:59 -04:00
Monty Taylor
325ec8d572 Get rid of cloud-init on single-use-slaves
nova metadata service is too flaky. Instead of using it for anything,
bake the ssh key into the images.

Change-Id: I7c02da1ed6f5c5c3f5a2437f606fc0aab3d3dd3f
2015-03-19 12:25:56 -04:00
Jenkins
2949ebbe07 Merge "Expand ranges on iptables rules for floating IPs" 2015-02-04 13:07:39 +00:00
Jeremy Stanley
314c56b3d8 Stop building py3k-precise nodes
The special py3k-precise nodes are no longer needed by any jobs, so
stop building them and clean up any custom Puppet related to them.

Change-Id: I40d5d09f28ef53583d239d2e852e9c50b5962cf8
Depends-On: Ie105674833e0a527f990a7448855a1090f5dc651
2015-01-30 17:33:40 +00:00
Clark Boylan
8c24694378 Expand ranges on iptables rules for floating IPs
We have a small set of iptables rules on our single use slaves that
enable ironic and heat functionality. We are shifting the floating IP
range from 172.24.4.0/24 to 172.24.5.0/24 and placing an overlapping
range of 172.24.4.0/23 to give compute nodes routes to the floating IPs
in multinode situations.

To accmodate these changes expand the existing rules to cover
172.24.4.0/23 instead of just 172.24.4.0/24.

Change-Id: I0b28c3607747c3939912ce4664627910f431dba6
2015-01-29 14:00:54 -08:00
Jeremy Stanley
8bb8274841 Correct iptables log option order
* modules/openstack_project/manifests/single_use_slave.pp: The
--log-prefix option must come after -j LOG to be parsed
successfully.

Change-Id: Ibd706ec267f3d684e8d2ac6141aa839589fe38bd
2014-12-17 01:19:45 +00:00
Jenkins
2a69fc8e55 Merge "Add iptables rule to log dropped packets" 2014-12-12 21:41:54 +00:00
Adam Gandelman
6cc7b4fd07 Add iptables rule to log dropped packets
Adds a rule to the bottom of the openstack-INPUT chain to log any
packets that make it this far and are on their way to being rejected.
This may help us find out why Devstack Ironic VM nodes occasionally cannot
reach the host's TFTP server.

Change-Id: I3980284a93f50ac8db16769f6ad87382aa55e898
Related-bug: #1393099
2014-11-21 10:10:11 -08:00
Dmitry Teselkin
aff1df708e Pass project_config_repo from single_use_slave
Pass the project_config_repo variable from single_use_slave.pp
manifest to the nested slave_common.pp to be able to set it's
value from parent scripts (e.g. prepare_node.sh)

Change-Id: I3c765a72fd48624cddc6146feb94331b2c764df3
2014-11-06 18:47:20 +03:00
Ramy Asselin
72975a3c5f Make use of unbound optional
In some 3rd party ci systems, the installation of unbound
cause node image creation to fail and/or devstack-gate to fail.

Since it is not strictly necessary, allow it to be disabled in
environments that do not support it.

Change-Id: I906ae3ccf946e208e17c7087f89641d645db7111
Partial-Bug: #1307702
2014-08-05 17:06:12 -07:00
Jenkins
27a6a9ed31 Merge "Add flag for unbound's resolv.conf" 2014-06-03 12:13:43 +00:00
Monty Taylor
e1eb830560 Add flag for unbound's resolv.conf
diskimage-builder does not run services that it installs, but this
is a problem when we lay down the resolv.conf file in puppet with
the service not running. So, put in a flag which defaults to true
(which is current behavior) that a dib invocation of the puppet
can turn off and then dib can plop the file down at the end of the
process.

Change-Id: I05d89ffacfdaf3563b8cb1460af12f114e1a0340
2014-05-30 22:41:07 -07:00
K Jonathan Harker
541fac117b Move jenkins-sudo bits to openstack_project
The jenkins-sudo privileges are specific to the slave_scripts directory,
which has already been moved to the openstack_project. Let's keep these
two things together.

Change-Id: I0ef16850bf97d54f1ac92e41e5bd31e7f6f40ea9
2014-05-23 11:55:20 -07:00
K Jonathan Harker
8e7f9e3458 Move openstack-specific config out of ::jenkins
The ::jenkins::slave class contained a lot of openstack-specific
configuration rather than configuration of a generic jenkins slave.

The term "bare slave" is overloaded and confusing: create simple_slave
and thick_slave to differentiate between the two meanings of "bare".
Some portions of ::jenkins::slave will move to simple_slave, some
portions to thick_slave, and some portions to slave_common (all in the
openstack_project module).

Change-Id: I5281a03a7f6da3f98714bcc59ae840ace8435578
2014-05-20 14:39:51 -07:00
Adam Gandelman
75a1e34c3c Update slave iptables for Ironic provisioning
The ironic devstack gate boots virtual baremetal 'nodes' on the
Neutron tenant network.  These nodes PXE boot and expect TFTP access
and the ability to post a callback via Ironic's API at $HOST_IP:6385.
This adds two new rules to the openstack-INPUT chain to allow these
from the Devstack Neutron public network.

Change-Id: I6aecc0f07641c09f696756b94398d1ccbe082548
2014-04-14 17:29:38 -07:00
Steve Baker
7745dd1a30 Open ports 8003, 8004 for heat API calls from compute
The tempest autoscaling scenario needs to push cloudwatch stats to
port 8003. Also there will soon be tempest tests which call the
native Heat API on port 8004 so this too needs to be open.

Change-Id: Ie0f0822d0a9cca08b7c0c09c8c2b130a417553fb
2014-03-19 14:47:46 +13:00
Clark Boylan
54ad9496cd Optionally give mysql user all global privs.
One our single use unittest slaves we want to allow unittests to create
and destroy arbitrary mysql database schemas. The simplest way to do
this is to grant all priveleges to the test user on the mysql server
globally. This is safe because the nodes are thrown away post test.

Change-Id: Ic92ff2f9c752d955e6f82eb4b88330b5448cfa75
2014-02-26 11:48:59 -08:00
Jeremy Stanley
f806613c66 Add single-use py3k-precise nodes
* .../files/nodepool/scripts/prepare_node.sh: Add parameters for
Python 3 and PyPy settings for use by the py3k-precise node type.

* .../files/nodepool/scripts/prepare_node_py3k.sh: Wrapper to enable
the Python 3 and PyPy support toggles in prepare_node.sh.

* .../manifests/single_use_slave.pp: Add the Python 3 and PyPy
support variables, passing them through to the Jenkins slave class.

* .../templates/nodepool/nodepool.yaml.erb: Add a new node and image
for py3k-precise in a suitably small quantity for initial testing.

Change-Id: Id2438c17ea59ae9123a841fd0b348728c6467529
2014-02-18 17:52:33 +00:00
Clark Boylan
fc249c341f Handle the slave bare flag properly in nodepool.
Just to be confusing our bare-precise images are not actually bare
jenkins slave images and things will break if they are. Make the
jenkins::slave bare flag selectable in the single_use_slave manifest and
set it to true on the bare precise nodes (keep it set to false on
anything running devstack or similar).

Change-Id: I88d0a7f7b9c188ac3547b9ffab57c5fbce4f7a10
2014-02-05 17:40:13 -08:00
Clark Boylan
0f4b0fae64 Redo slave manifests for clarity and correctness.
The differences between openstack_project::slave,
openstack_project::slave_template, and openstack_project::bare_slave
were not always clear. Keep openstack_project::slave as the default long
running slave manifest, but replace slave_template with a
single_use_slave.pp to make it clear where single use slave config
begins. Add the ability to toggle automatic upgrades and jenkins sudo
rights to this new manifest. Finally, add a more verbose comment to
bare_slave explaining what it is useful for (having a jenkins like slave
host that doesn't need a firewall or ntp or automatic upgrades).

Change-Id: I3989c9e6ad9469f441ca5d3627f7b3b704d8a8da
2014-01-30 10:37:36 -08:00