opendev/system-config
Code Issues Proposed changes
fbfefe6edc
system-config/modules/openstack_project/manifests/single_use_slave.pp
Yolanda Robla 4b213ccb36 Expose jenkins_gitfullname and jenkins_gitemail 
Jenkins is consuming git user and email from jenkinsuser
parameters. But these parameters are not exposed on
OpenStack manifests.
Update all the manifests where it's relevant to send
that git username and email, either to jenkins slaves
or to static servers where jenkinsuser is needed.

Change-Id: I4e2b94b1220f88288401f9106721bc4df7fe9125
2015-04-07 20:21:41 +02:00

61 lines
2.2 KiB
Puppet
Raw Blame History

# == Class: openstack_project::single_use_slave
#
# This class configures single use Jenkins slaves with a few
# toggleable options. Most importantly sudo rights for the Jenkins
# user are by default off but can be enabled. Also, automatic_upgrades
# are off by default as the assumption is the backing image for
# this single use slaves will be refreshed with new packages
# periodically.
class openstack_project::single_use_slave (
$certname = $::fqdn,
$install_users = true,
$install_resolv_conf = true,
$sudo = false,
$thin = true,
$automatic_upgrades = false,
$all_mysql_privs = false,
$enable_unbound = true,
$ssh_key = $openstack_project::jenkins_ssh_key,
$jenkins_gitfullname = 'OpenStack Jenkins',
$jenkins_gitemail = 'jenkins@openstack.org',
$project_config_repo = 'https://git.openstack.org/openstack-infra/project-config',
) inherits openstack_project {
class { 'openstack_project::template':
certname => $certname,
automatic_upgrades => $automatic_upgrades,
install_users => $install_users,
install_resolv_conf => $install_resolv_conf,
enable_unbound => $enable_unbound,
iptables_rules4 =>
[
# Ports 69 and 6385 allow to allow ironic VM nodes to reach tftp and
# the ironic API from the neutron public net
'-p udp --dport 69 -s 172.24.4.0/23 -j ACCEPT',
'-p tcp --dport 6385 -s 172.24.4.0/23 -j ACCEPT',
# Ports 8000, 8003, 8004 from the devstack neutron public net to allow
# nova servers to reach heat-api-cfn, heat-api-cloudwatch, heat-api
'-p tcp --dport 8000 -s 172.24.4.0/23 -j ACCEPT',
'-p tcp --dport 8003 -s 172.24.4.0/23 -j ACCEPT',
'-p tcp --dport 8004 -s 172.24.4.0/23 -j ACCEPT',
'-m limit --limit 2/min -j LOG --log-prefix "iptables dropped: "',
],
}
class { 'jenkins::slave':
ssh_key => $ssh_key,
gitfullname => $jenkins_gitfullname,
gitemail => $jenkins_gitemail,
}
class { 'openstack_project::slave_common':
sudo => $sudo,
project_config_repo => $project_config_repo,
}
if (! $thin) {
class { 'openstack_project::thick_slave':
all_mysql_privs => $all_mysql_privs,
}
}
}
View Git Blame Copy Permalink