bc9c1c8cc8
Since glean only configures the ssh key for the root user on instances, this is needed so that the nodepool generated images can be used by users who don't have their ssh keys baked into the image. Change-Id: Id09c63920b5565e1cc011eb98cfb132a11060bcc Depends-On: I704453c6d3091a24e68509650c61efb638aea601
63 lines
2.3 KiB
Puppet
63 lines
2.3 KiB
Puppet
# == Class: openstack_project::single_use_slave
|
|
#
|
|
# This class configures single use Jenkins slaves with a few
|
|
# toggleable options. Most importantly sudo rights for the Jenkins
|
|
# user are by default off but can be enabled. Also, automatic_upgrades
|
|
# are off by default as the assumption is the backing image for
|
|
# this single use slaves will be refreshed with new packages
|
|
# periodically.
|
|
class openstack_project::single_use_slave (
|
|
$certname = $::fqdn,
|
|
$install_users = true,
|
|
$install_resolv_conf = true,
|
|
$sudo = false,
|
|
$thin = true,
|
|
$automatic_upgrades = false,
|
|
$all_mysql_privs = false,
|
|
$enable_unbound = true,
|
|
$ssh_key = $openstack_project::jenkins_ssh_key,
|
|
$jenkins_gitfullname = 'OpenStack Jenkins',
|
|
$jenkins_gitemail = 'jenkins@openstack.org',
|
|
$project_config_repo = 'https://git.openstack.org/openstack-infra/project-config',
|
|
) inherits openstack_project {
|
|
class { 'openstack_project::template':
|
|
certname => $certname,
|
|
automatic_upgrades => $automatic_upgrades,
|
|
install_users => $install_users,
|
|
install_resolv_conf => $install_resolv_conf,
|
|
enable_unbound => $enable_unbound,
|
|
permit_root_login => 'yes',
|
|
iptables_rules4 =>
|
|
[
|
|
# Ports 69 and 6385 allow to allow ironic VM nodes to reach tftp and
|
|
# the ironic API from the neutron public net
|
|
'-p udp --dport 69 -s 172.24.4.0/23 -j ACCEPT',
|
|
'-p tcp --dport 6385 -s 172.24.4.0/23 -j ACCEPT',
|
|
# Ports 8000, 8003, 8004 from the devstack neutron public net to allow
|
|
# nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
|
|
'-p tcp --dport 8000 -s 172.24.4.0/23 -j ACCEPT',
|
|
'-p tcp --dport 8003 -s 172.24.4.0/23 -j ACCEPT',
|
|
'-p tcp --dport 8004 -s 172.24.4.0/23 -j ACCEPT',
|
|
'-m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "',
|
|
],
|
|
iptables_public_tcp_ports => [8088, 19885],
|
|
}
|
|
class { 'jenkins::slave':
|
|
ssh_key => $ssh_key,
|
|
gitfullname => $jenkins_gitfullname,
|
|
gitemail => $jenkins_gitemail,
|
|
}
|
|
|
|
class { 'openstack_project::slave_common':
|
|
sudo => $sudo,
|
|
project_config_repo => $project_config_repo,
|
|
}
|
|
|
|
if (! $thin) {
|
|
class { 'openstack_project::thick_slave':
|
|
all_mysql_privs => $all_mysql_privs,
|
|
}
|
|
}
|
|
|
|
}
|