opendev/system-config
Code Issues Proposed changes
5a9b670003
system-config/manifests/site.pp

490 lines
17 KiB
ObjectPascal
Raw Normal View History

Add default puppet node. Change-Id: I1e1e723a9847b55dbb825a078a4dd5d9c08ce37b
2011-09-08 13:20:21 -07:00
#
# Default: should at least behave like an openstack server
#
node default {
Move OpenStack classes to openstack_project module Change-Id: Iafcd2e06c5b62e4cde5eccaab3173a20bb08a78d
2012-07-20 18:56:35 -07:00
include openstack_project::puppet_cron
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::server':
sysadmins => hiera('sysadmins'),
}
Add default puppet node. Change-Id: I1e1e723a9847b55dbb825a078a4dd5d9c08ce37b
2011-09-08 13:20:21 -07:00
}
Move all node configuration into site.pp, with node identifiers based on hostnames so that puppet self-identifies which node config to use. Refactor class hierarchy for OpenStack slaves and servers. Add NTP to all systems. Change-Id: Ie7695768fcdebb744a86b3dc88bc0ea71297f978
2011-08-02 12:58:08 -07:00
#
# Long lived servers:
#
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'review.openstack.org' {
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
class { 'openstack_project::review':
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
github_oauth_token => hiera('gerrit_github_token'),
github_project_username => hiera('github_project_username'),
github_project_password => hiera('github_project_password'),
mysql_password => hiera('gerrit_mysql_password'),
mysql_root_password => hiera('gerrit_mysql_root_password'),
email_private_key => hiera('gerrit_email_private_key'),
gerritbot_password => hiera('gerrit_gerritbot_password'),
ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'),
ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'),
ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents'),
ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents'),
lp_sync_key => hiera('gerrit_lp_sync_key'),
lp_sync_pubkey => hiera('gerrit_lp_sync_pubkey'),
lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'),
lp_sync_token => hiera('gerrit_lp_access_token'),
lp_sync_secret => hiera('gerrit_lp_access_secret'),
Implement Gerrit CLA and Contact Store. This change fixes bug 1082754 and builds on the following prior work, which set up the underlying mechanisms and implemented them on review-dev: - https://review.openstack.org/12716 - https://review.openstack.org/13058 - https://review.openstack.org/13378 - https://review.openstack.org/13392 - https://review.openstack.org/13402 - https://review.openstack.org/13592 - https://review.openstack.org/14319 - https://review.openstack.org/14493 - https://review.openstack.org/16468 * manifests/site.pp(review.openstack.org): Add gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables similar to those used for review-dev.openstack.org. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Move the cla_description, cla_file, cla_id and cla_name variables here, since they'll be used by both review and review-dev servers. Same goes for the set_agreements.sh file block and set_contributor_agreements exec block. Also stop loading the launchpad_sync module and make sure the sync_launchpad_users cron job is removed from the server. * modules/openstack_project/manifests/review.pp (openstack_project::review): Add the contactstore_appsec and contactstore_pubkey variables being from from hiera. Update the .war file to one with "Hack out some CLA bits" reverted. Turn on contactstore, pass the contactstore_appsec and contactstore_pubkey variables through, and set the production contactstore_url. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Remove the definitions for cla_description, cla_file, cla_id and cla_name, along with the set_agreements.sh file block and set_contributor_agreements exec block since they're all in gerrit.pp now. Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6 Reviewed-on: https://review.openstack.org/14099 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-10-05 15:44:11 +00:00
contactstore_appsec => hiera('gerrit_contactstore_appsec'),
contactstore_pubkey => hiera('gerrit_contactstore_pubkey'),
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
sysadmins => hiera('sysadmins'),
Added swift store credentials to openstackwatch. Openstackwatch is configured to store feed data in a swift object store. This patch adds credentials to access that swift store. Change-Id: I61d9032150ae40fb7d207b5861cf0cf448f6feda Reviewed-on: https://review.openstack.org/24784 Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-19 12:18:17 -04:00
swift_username => hiera('swift_store_user'),
swift_password => hiera('swift_store_key'),
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
}
Add Gerrit configuration to puppet. Change-Id: I26ebd80adb00ac5bf676533d5dd9359cbbe08075
2011-08-05 23:00:46 +00:00
}
Add review2 node. To bootstrap a new gerrit server. Also, make the consumer_key field in the lp creds file templated and use a value from hiera so that dev/prod can share the template. Change-Id: Ie14e560beae4f4c270e558c24a67096a1c4a7d32 Reviewed-on: https://review.openstack.org/14369 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-11 16:55:07 -07:00
node 'review-dev.openstack.org' {
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
class { 'openstack_project::review_dev':
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
github_oauth_token => hiera('gerrit_dev_github_token'),
github_project_username => hiera('github_dev_project_username'),
github_project_password => hiera('github_dev_project_password'),
mysql_password => hiera('gerrit_dev_mysql_password'),
mysql_root_password => hiera('gerrit_dev_mysql_root_password'),
email_private_key => hiera('gerrit_dev_email_private_key'),
contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'),
contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'),
ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'),
ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents'),
ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents'),
lp_sync_key => hiera('gerrit_dev_lp_sync_key'),
lp_sync_pubkey => hiera('gerrit_dev_lp_sync_pubkey'),
lp_sync_consumer_key => hiera('gerrit_dev_lp_consumer_key'),
lp_sync_token => hiera('gerrit_dev_lp_access_token'),
lp_sync_secret => hiera('gerrit_dev_lp_access_secret'),
sysadmins => hiera('sysadmins'),
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
}
Move all node configuration into site.pp, with node identifiers based on hostnames so that puppet self-identifies which node config to use. Refactor class hierarchy for OpenStack slaves and servers. Add NTP to all systems. Change-Id: Ie7695768fcdebb744a86b3dc88bc0ea71297f978
2011-08-02 12:58:08 -07:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'jenkins.openstack.org' {
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
class { 'openstack_project::jenkins':
Pass jenkins.o.o cert contents in from hiera. Use hiera to store the jenkins.o.o cert contents and populate the cert files from the values in hiera. Change-Id: Iffd724b7fabf9403506f08f76fa927c3b461ba19 Reviewed-on: https://review.openstack.org/13933 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-01 18:53:58 -07:00
jenkins_jobs_password => hiera('jenkins_jobs_password'),
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
Pass jenkins.o.o cert contents in from hiera. Use hiera to store the jenkins.o.o cert contents and populate the cert files from the values in hiera. Change-Id: Iffd724b7fabf9403506f08f76fa927c3b461ba19 Reviewed-on: https://review.openstack.org/13933 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-01 18:53:58 -07:00
ssl_cert_file_contents => hiera('jenkins_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
Use gearman to distribute logstash log pushing. This change reorgs the logstash log pushing so that there is a central gearman server that listens to Jenkins ZMQ events which are then converted to per log file gearman jobs which are processed by gearman workers. The central gearman server will live on logstash.o.o and the existing logstash-worker hosts will be converted to gearman log pusher workers. This commit includes relavent documentation changes. Change-Id: I45f7185c2479c54b090d223408dff268e1e8d7db Reviewed-on: https://review.openstack.org/32455 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-10 12:06:58 -07:00
zmq_event_receivers => ['logstash.openstack.org'],
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
}
Add jenkins master support. Change-Id: Idd43b8e4b3dbe2a3781669f51943efa041b7b863
2012-01-05 10:55:29 -08:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'jenkins-dev.openstack.org' {
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::jenkins_dev':
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
jenkins_ssh_private_key => hiera('jenkins_dev_ssh_private_key_contents'),
sysadmins => hiera('sysadmins'),
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
}
Update jenkins master config. Add the required apache modules. Add the jenkins archive key. Make sure the jenkins repo is set up and apt-get update is run before installing jenkins. Change-Id: I503705d893246300e50f3b54da6114863dc8de93
2012-02-28 11:37:20 -08:00
}
Add cacti host. Change-Id: I67cc116ad8a2b2586856965ae1e341d735d69fd3 Reviewed-on: https://review.openstack.org/14582 Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-20 23:53:20 +00:00
node 'cacti.openstack.org' {
Add ssl-cert-check to cacti server Add monitoring of SSL certificates for openstack websites Change-Id: I50b6a8aced7ae563381eb948ce4e8f854a6d85a9 Reviewed-on: https://review.openstack.org/30490 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-24 12:43:54 -07:00
include openstack_project::ssl_cert_check
Add cacti host. Change-Id: I67cc116ad8a2b2586856965ae1e341d735d69fd3 Reviewed-on: https://review.openstack.org/14582 Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-20 23:53:20 +00:00
class { 'openstack_project::cacti':
sysadmins => hiera('sysadmins'),
}
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'community.openstack.org' {
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::community':
sysadmins => hiera('sysadmins'),
}
Add community.openstack.org. Change-Id: I0fac07af1f64c82df68338c009c1fb9e8565d339
2011-09-08 13:17:57 -07:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'ci-puppetmaster.openstack.org' {
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::puppetmaster':
sysadmins => hiera('sysadmins'),
}
Add puppet master Opens up the required port for a puppet master server Adds a git pull to update the master Update the docs for the improved way of configuring puppet master Change-Id: I12a4c2820f78df723ede922ca8e0b9d33ed42a33
2012-06-06 20:54:34 +01:00
}
Add graphite. Change-Id: I276641d55e966cd76013cae847061c3ac7996864 Reviewed-on: https://review.openstack.org/17094 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-28 23:12:07 +00:00
node 'graphite.openstack.org' {
class { 'openstack_project::graphite':
sysadmins => hiera('sysadmins'),
graphite_admin_user => hiera('graphite_admin_user'),
graphite_admin_email => hiera('graphite_admin_email'),
graphite_admin_password => hiera('graphite_admin_password'),
Add statsd configuration to zuul. And allow zuul to send to statsd. Change-Id: Ie9f78268a673523c4ea4025bdbbe40d8d3819398 Reviewed-on: https://review.openstack.org/18658 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-12-26 10:48:15 -08:00
statsd_hosts => ['jenkins.openstack.org',
Allow stats from devstack-launch. Change-Id: I6f661c448358e94a3611a02d9e62a0a0b42dc5cd Reviewed-on: https://review.openstack.org/24496 Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-14 17:42:27 -07:00
'devstack-launch.slave.openstack.org',
Add statsd configuration to zuul. And allow zuul to send to statsd. Change-Id: Ie9f78268a673523c4ea4025bdbbe40d8d3819398 Reviewed-on: https://review.openstack.org/18658 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-12-26 10:48:15 -08:00
'zuul.openstack.org'],
Add graphite. Change-Id: I276641d55e966cd76013cae847061c3ac7996864 Reviewed-on: https://review.openstack.org/17094 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-28 23:12:07 +00:00
}
}
Add groups.openstack.org. Change-Id: Ie143fe2477372c0c1a7fe6675b538b2b40146626 Reviewed-on: https://review.openstack.org/15624 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-11-08 10:52:37 +01:00
node 'groups.openstack.org' {
class { 'openstack_project::groups':
sysadmins => hiera('sysadmins'),
}
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'lists.openstack.org' {
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
class { 'openstack_project::lists':
Puppetizing mailing lists Allow for mailing lists to be created with a request for review. Change-Id: I8b3b0965119418cfc9286cd20221fe38ffd06b24 Reviewed-on: https://review.openstack.org/29833 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-05-20 13:47:24 -07:00
listadmins => hiera('listadmins'),
listpassword => hiera('listpassword'),
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
}
Move all node configuration into site.pp, with node identifiers based on hostnames so that puppet self-identifies which node config to use. Refactor class hierarchy for OpenStack slaves and servers. Add NTP to all systems. Change-Id: Ie7695768fcdebb744a86b3dc88bc0ea71297f978
2011-08-02 12:58:08 -07:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'paste.openstack.org' {
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::paste':
sysadmins => hiera('sysadmins'),
}
Add lodgeit to puppet Will automatically install paste.drizzle.org and paste.openstack.org onto a server Change-Id: Ia2c1e37892f3ae8e3d4034e38ddfaa01c6a92a54
2012-01-30 13:57:37 +00:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'planet.openstack.org' {
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::planet':
sysadmins => hiera('sysadmins'),
}
Add planet support Adds planet module and planet.openstack.org site. Change-Id: Id4d495889346e0a0d85d0fd05e40d451b04d21b1 Note: will not work with current openstack-planet git branch. Update for that comming
2012-02-03 14:37:54 +00:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'eavesdrop.openstack.org' {
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
class { 'openstack_project::eavesdrop':
Add statusbot to eavesdrop.o.o. Change-Id: I3ae19a6321827b82ebf864182a1e5a90253b9c39 Reviewed-on: https://review.openstack.org/25755 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-29 13:47:38 -07:00
nickpass => hiera('openstack_meetbot_password'),
sysadmins => hiera('sysadmins'),
statusbot_nick => hiera('statusbot_nick'),
statusbot_password => hiera('statusbot_nick_password'),
statusbot_server => 'chat.freenode.net',
Add openstack, openstack-dev to statusbot. Change-Id: Ie011dfb049989aff3dfaffb10f8e2782af1073b1 Reviewed-on: https://review.openstack.org/25769 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-29 16:06:03 -07:00
statusbot_channels => 'openstack-infra, openstack-dev, openstack',
Add nicks parameter to statusbot. Change-Id: I293f4b5dd76de562cec39b4c995a2c255d383263 Reviewed-on: https://review.openstack.org/25765 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-29 15:43:31 -07:00
statusbot_auth_nicks => 'jeblair, ttx, fungi, mordred, clarkb, sdague',
Add statusbot to eavesdrop.o.o. Change-Id: I3ae19a6321827b82ebf864182a1e5a90253b9c39 Reviewed-on: https://review.openstack.org/25755 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-29 13:47:38 -07:00
statusbot_wiki_user => hiera('statusbot_wiki_username'),
statusbot_wiki_password => hiera('statusbot_wiki_password'),
statusbot_wiki_url => 'https://wiki.openstack.org/w/api.php',
statusbot_wiki_pageid => '1781',
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
}
Puts meetbot under control of puppet Adds meetbot and an nginx setup to puppet. See manifests/site.pp for usage Change-Id: I47dcf2884a06441b482585bf5dae9f7d0bd7e543
2012-04-15 16:06:41 +01:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
node 'pypi.openstack.org' {
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::pypi':
sysadmins => hiera('sysadmins'),
}
Add PyPi mirror site. Change-Id: Id2cd5c08a4c56f4d4fda34c09bbf06e7e8e06674
2012-05-14 09:22:21 -04:00
}
Add clarkb to etherpad.openstack.org. Add clarkb user and key and apply it to the new etherpad.openstack.org host. Also, send email to clarkb. Change-Id: I37c852ff39872e0fd5fd588145129028a8e80e3b
2012-06-06 20:27:31 +00:00
node 'etherpad.openstack.org' {
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
class { 'openstack_project::etherpad':
Align etherpad vhost ssl section with standard. As copied from jenkins. Both old and new names for the cert contents are in hiera. Change-Id: Ic6d8258479c260ac37346c49c1ecde8339c96a37 Reviewed-on: https://review.openstack.org/14432 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-13 08:55:30 -07:00
ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'),
database_password => hiera('etherpad_db_password'),
sysadmins => hiera('sysadmins'),
Move hiera calls into site.pp. Secret info should be parameters to modules. It makes for easier testing. Change-Id: I66034387094b2a24c6fae57fec3af1dae3dd1d3a
2012-07-26 18:58:35 -05:00
}
Update eplite module for new version of eplite. Etherpad lite has changed their source tree slightly. This has required a few updates to the etherpad lite puppet module. The custom pad.js needs to go in a different directory and the upstart conf file needs a couple updated paths. In addition to the fixes a couple things have been cleaned up. Now define an etherpadlite.openstack.org node in site.pp and copy SSL certs from /root/secret-files. Change-Id: I312b419aa98212b6db68232c672bc4d75f23777f
2012-05-31 23:16:57 +00:00
}
Add etherpad-dev node and host class. We now host etherpad.openstack.org. To properly test upgrades and things add a proper etherpad-dev host to puppet. Currently the configuration is set to mimic that which is on etherpad.o.o. Once the -dev host is up and running it will be used to test upgrades to more modern etherpad lite and node.js version. Also at some point we will probably want to use the puppetlabs-mysql module to manage the mysql instances for etherpad. This dev host makes that easier. Change-Id: I63500026a1a38d7c4dd5b00cc869586eb2483497 Reviewed-on: https://review.openstack.org/14861 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-25 16:09:13 -07:00
node 'etherpad-dev.openstack.org' {
class { 'openstack_project::etherpad_dev':
database_password => hiera('etherpad-dev_db_password'),
sysadmins => hiera('sysadmins'),
}
}
Add wiki.openstack.org. Add Ryan Lane's ssh key, and add him to wiki.o.o. Change-Id: I6b81107b3b1c84c6e730caf77842e80e81d80a76
2012-07-16 15:29:28 -07:00
node 'wiki.openstack.org' {
Initial commit of MediaWiki module Change-Id: I6181e0d4a717d0a11ea2d741034db99435d5e180 Reviewed-on: https://review.openstack.org/10521 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-07-30 00:23:41 -07:00
class { 'openstack_project::wiki':
Add ssl cert to wiki.o.o. Change-Id: I6c6ad0ddd000e3f140cb08faef7dce2cb9ae7079 Reviewed-on: https://review.openstack.org/18349 Reviewed-by: Ryan Lane Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2012-12-18 14:11:43 -08:00
mysql_root_password => hiera('wiki_db_password'),
sysadmins => hiera('sysadmins'),
ssl_cert_file_contents => hiera('wiki_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('wiki_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('wiki_ssl_chain_file_contents'),
Initial commit of MediaWiki module Change-Id: I6181e0d4a717d0a11ea2d741034db99435d5e180 Reviewed-on: https://review.openstack.org/10521 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-07-30 00:23:41 -07:00
}
Add wiki.openstack.org. Add Ryan Lane's ssh key, and add him to wiki.o.o. Change-Id: I6b81107b3b1c84c6e730caf77842e80e81d80a76
2012-07-16 15:29:28 -07:00
}
Add support for puppet dashboard. Change-Id: Ia63c0af6724f95417910215a82abaadd53ba0b49
2012-07-27 09:47:03 -05:00
node 'puppet-dashboard.openstack.org' {
class { 'openstack_project::dashboard':
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
password => hiera('dashboard_password'),
mysql_password => hiera('dashboard_mysql_password'),
sysadmins => hiera('sysadmins'),
Add support for puppet dashboard. Change-Id: Ia63c0af6724f95417910215a82abaadd53ba0b49
2012-07-27 09:47:03 -05:00
}
}
Add skeleton logstash module. This new logstash module adds classes to install logstash agents and indexers as well as redis and elasticsearch. The configuration for each of these services is rudimentary but it shouldn't be difficult to expand the configs and make them useful. Also, add a logstash.openstack.org node that will have an agent, indexer, web frontend, redis, and elasticsearch installed on it. Change-Id: I25b635f088f99d45cfaa70ed122c6433d3784937 Reviewed-on: https://review.openstack.org/19871 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-01-16 15:01:25 -08:00
node 'logstash.openstack.org' {
class { 'openstack_project::logstash':
Add support for elasticsearch cluster. We need to expand our elasticsearch install base. Update puppet to make this possible. Change-Id: Id0dae839b12ebf47715cf40a363832e0f661a94f Reviewed-on: https://review.openstack.org/33910 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-20 18:37:41 -07:00
sysadmins => hiera('sysadmins'),
elasticsearch_nodes => [
'elasticsearch.openstack.org',
'elasticsearch2.openstack.org',
'elasticsearch3.openstack.org',
Add two more elasticsearch nodes. * manifests/site.pp: List the two new elasticsearch nodes in the appropriate lists. * modules/logstash/manifests/elasticsearch.pp: Do not restart elasticsearch when config files change. Service restarts are costly and should be manually performed when necessary. Otherwise puppet should simply update the config files. * modules/logstash/templates/elasticsearch.yml.erb: Update elasticsearch config with new cluster topology. Increase memory available for indexing. * modules/openstack_project/manifests/cacti.pp: Add new nodes to cacti monitoring list. Adding two more elasticsearch nodes to relieve memory pressure (more nodes means fewer indexes per nodes which requires less memory to manage). And two more nodes gives us more disk to retain older indexes in. These new nodes should allow us to retain at least 3 weeks of indexed logs. Change-Id: I3a5a02311e939c8147e401110c7b96d085eb8274 Reviewed-on: https://review.openstack.org/36305 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-07-09 10:40:54 -07:00
'elasticsearch4.openstack.org',
'elasticsearch5.openstack.org',
Add support for elasticsearch cluster. We need to expand our elasticsearch install base. Update puppet to make this possible. Change-Id: Id0dae839b12ebf47715cf40a363832e0f661a94f Reviewed-on: https://review.openstack.org/33910 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-20 18:37:41 -07:00
],
gearman_workers => [
Use gearman to distribute logstash log pushing. This change reorgs the logstash log pushing so that there is a central gearman server that listens to Jenkins ZMQ events which are then converted to per log file gearman jobs which are processed by gearman workers. The central gearman server will live on logstash.o.o and the existing logstash-worker hosts will be converted to gearman log pusher workers. This commit includes relavent documentation changes. Change-Id: I45f7185c2479c54b090d223408dff268e1e8d7db Reviewed-on: https://review.openstack.org/32455 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-10 12:06:58 -07:00
'logstash-worker1.openstack.org',
'logstash-worker2.openstack.org',
'logstash-worker3.openstack.org',
Add two more logstash gearman workers. Add logstash-worker4 and logstash-worker5. Change-Id: Ibd1a618c4283b1d87904794d35963f69d1945b4e Reviewed-on: https://review.openstack.org/33998 Reviewed-by: matthew wagoner <zxkuqyb@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-21 08:17:03 -07:00
'logstash-worker4.openstack.org',
'logstash-worker5.openstack.org',
Use gearman to distribute logstash log pushing. This change reorgs the logstash log pushing so that there is a central gearman server that listens to Jenkins ZMQ events which are then converted to per log file gearman jobs which are processed by gearman workers. The central gearman server will live on logstash.o.o and the existing logstash-worker hosts will be converted to gearman log pusher workers. This commit includes relavent documentation changes. Change-Id: I45f7185c2479c54b090d223408dff268e1e8d7db Reviewed-on: https://review.openstack.org/32455 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-10 12:06:58 -07:00
],
Better elasticsearch cluster settings. Use mutliple discover nodes to determine elasticsearch cluster membership. Put a timeout on recovery starting instead of the default to recovery immediately. Describe cluster topology in elasticsearch yaml config so that it can make smarter decisions. Round robin kibana requests across each discover node. Change-Id: I08ef9dd158ddf6a6ce01dfb2050626f543d45b10 Reviewed-on: https://review.openstack.org/34106 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-06-22 10:39:04 -07:00
discover_nodes => [
'elasticsearch.openstack.org:9200',
'elasticsearch2.openstack.org:9200',
'elasticsearch3.openstack.org:9200',
Add two more elasticsearch nodes. * manifests/site.pp: List the two new elasticsearch nodes in the appropriate lists. * modules/logstash/manifests/elasticsearch.pp: Do not restart elasticsearch when config files change. Service restarts are costly and should be manually performed when necessary. Otherwise puppet should simply update the config files. * modules/logstash/templates/elasticsearch.yml.erb: Update elasticsearch config with new cluster topology. Increase memory available for indexing. * modules/openstack_project/manifests/cacti.pp: Add new nodes to cacti monitoring list. Adding two more elasticsearch nodes to relieve memory pressure (more nodes means fewer indexes per nodes which requires less memory to manage). And two more nodes gives us more disk to retain older indexes in. These new nodes should allow us to retain at least 3 weeks of indexed logs. Change-Id: I3a5a02311e939c8147e401110c7b96d085eb8274 Reviewed-on: https://review.openstack.org/36305 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-07-09 10:40:54 -07:00
'elasticsearch4.openstack.org:9200',
'elasticsearch5.openstack.org:9200',
Better elasticsearch cluster settings. Use mutliple discover nodes to determine elasticsearch cluster membership. Put a timeout on recovery starting instead of the default to recovery immediately. Describe cluster topology in elasticsearch yaml config so that it can make smarter decisions. Round robin kibana requests across each discover node. Change-Id: I08ef9dd158ddf6a6ce01dfb2050626f543d45b10 Reviewed-on: https://review.openstack.org/34106 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-06-22 10:39:04 -07:00
],
Scale out logstash indexing to multiple hosts. Logstash performs filtering in a single thread so it does not scale up very well. Work around this by scaling Logstash out to multiple indexer hosts. Current plan is to have a small (2GB) kibana web front end host that does nothing but talk to elasticsearch, three 4GB logstash indexers that will run a single log-pusher.py + logstash indexer with some partition of the logfiles assigned to each indexer, and finally the existing large elasticsearch node. Eventually properly load balancing log processing across the worker nodes would be great, but the current partition method should work well enough with little additional effort. Change-Id: Ifc6396560934314ffd6a7c47eb2acff9e9c2a7af Reviewed-on: https://review.openstack.org/30573 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-26 16:08:46 -07:00
}
}
node /^logstash-worker\d+\.openstack\.org$/ {
class { 'openstack_project::logstash_worker':
Add support for elasticsearch cluster. We need to expand our elasticsearch install base. Update puppet to make this possible. Change-Id: Id0dae839b12ebf47715cf40a363832e0f661a94f Reviewed-on: https://review.openstack.org/33910 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-20 18:37:41 -07:00
sysadmins => hiera('sysadmins'),
elasticsearch_nodes => [
'elasticsearch.openstack.org',
'elasticsearch2.openstack.org',
'elasticsearch3.openstack.org',
Add two more elasticsearch nodes. * manifests/site.pp: List the two new elasticsearch nodes in the appropriate lists. * modules/logstash/manifests/elasticsearch.pp: Do not restart elasticsearch when config files change. Service restarts are costly and should be manually performed when necessary. Otherwise puppet should simply update the config files. * modules/logstash/templates/elasticsearch.yml.erb: Update elasticsearch config with new cluster topology. Increase memory available for indexing. * modules/openstack_project/manifests/cacti.pp: Add new nodes to cacti monitoring list. Adding two more elasticsearch nodes to relieve memory pressure (more nodes means fewer indexes per nodes which requires less memory to manage). And two more nodes gives us more disk to retain older indexes in. These new nodes should allow us to retain at least 3 weeks of indexed logs. Change-Id: I3a5a02311e939c8147e401110c7b96d085eb8274 Reviewed-on: https://review.openstack.org/36305 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-07-09 10:40:54 -07:00
'elasticsearch4.openstack.org',
'elasticsearch5.openstack.org',
Add support for elasticsearch cluster. We need to expand our elasticsearch install base. Update puppet to make this possible. Change-Id: Id0dae839b12ebf47715cf40a363832e0f661a94f Reviewed-on: https://review.openstack.org/33910 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-20 18:37:41 -07:00
],
discover_node => 'elasticsearch.openstack.org',
Add skeleton logstash module. This new logstash module adds classes to install logstash agents and indexers as well as redis and elasticsearch. The configuration for each of these services is rudimentary but it shouldn't be difficult to expand the configs and make them useful. Also, add a logstash.openstack.org node that will have an agent, indexer, web frontend, redis, and elasticsearch installed on it. Change-Id: I25b635f088f99d45cfaa70ed122c6433d3784937 Reviewed-on: https://review.openstack.org/19871 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-01-16 15:01:25 -08:00
}
}
Add support for elasticsearch cluster. We need to expand our elasticsearch install base. Update puppet to make this possible. Change-Id: Id0dae839b12ebf47715cf40a363832e0f661a94f Reviewed-on: https://review.openstack.org/33910 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-20 18:37:41 -07:00
node /^elasticsearch\d*\.openstack\.org$/ {
Switch to dedicated elasticsearch node. Switch to a large dedicated elasticsearch node as sharing resources between logstash, kibana, jenkins-log-pusher, and elasticsearch results in a constrained environment. Change-Id: I39e6210f2c577429be2cb38aca09111a0f56f9be Reviewed-on: https://review.openstack.org/30344 Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-23 14:08:58 -07:00
class { 'openstack_project::elasticsearch':
Add support for elasticsearch cluster. We need to expand our elasticsearch install base. Update puppet to make this possible. Change-Id: Id0dae839b12ebf47715cf40a363832e0f661a94f Reviewed-on: https://review.openstack.org/33910 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-20 18:37:41 -07:00
sysadmins => hiera('sysadmins'),
elasticsearch_nodes => [
'elasticsearch.openstack.org',
'elasticsearch2.openstack.org',
'elasticsearch3.openstack.org',
Add two more elasticsearch nodes. * manifests/site.pp: List the two new elasticsearch nodes in the appropriate lists. * modules/logstash/manifests/elasticsearch.pp: Do not restart elasticsearch when config files change. Service restarts are costly and should be manually performed when necessary. Otherwise puppet should simply update the config files. * modules/logstash/templates/elasticsearch.yml.erb: Update elasticsearch config with new cluster topology. Increase memory available for indexing. * modules/openstack_project/manifests/cacti.pp: Add new nodes to cacti monitoring list. Adding two more elasticsearch nodes to relieve memory pressure (more nodes means fewer indexes per nodes which requires less memory to manage). And two more nodes gives us more disk to retain older indexes in. These new nodes should allow us to retain at least 3 weeks of indexed logs. Change-Id: I3a5a02311e939c8147e401110c7b96d085eb8274 Reviewed-on: https://review.openstack.org/36305 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-07-09 10:40:54 -07:00
'elasticsearch4.openstack.org',
'elasticsearch5.openstack.org',
Add support for elasticsearch cluster. We need to expand our elasticsearch install base. Update puppet to make this possible. Change-Id: Id0dae839b12ebf47715cf40a363832e0f661a94f Reviewed-on: https://review.openstack.org/33910 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-20 18:37:41 -07:00
],
elasticsearch_clients => [
Scale out logstash indexing to multiple hosts. Logstash performs filtering in a single thread so it does not scale up very well. Work around this by scaling Logstash out to multiple indexer hosts. Current plan is to have a small (2GB) kibana web front end host that does nothing but talk to elasticsearch, three 4GB logstash indexers that will run a single log-pusher.py + logstash indexer with some partition of the logfiles assigned to each indexer, and finally the existing large elasticsearch node. Eventually properly load balancing log processing across the worker nodes would be great, but the current partition method should work well enough with little additional effort. Change-Id: Ifc6396560934314ffd6a7c47eb2acff9e9c2a7af Reviewed-on: https://review.openstack.org/30573 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-26 16:08:46 -07:00
'logstash.openstack.org',
'logstash-worker1.openstack.org',
'logstash-worker2.openstack.org',
'logstash-worker3.openstack.org',
Add two more logstash gearman workers. Add logstash-worker4 and logstash-worker5. Change-Id: Ibd1a618c4283b1d87904794d35963f69d1945b4e Reviewed-on: https://review.openstack.org/33998 Reviewed-by: matthew wagoner <zxkuqyb@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-21 08:17:03 -07:00
'logstash-worker4.openstack.org',
'logstash-worker5.openstack.org',
Scale out logstash indexing to multiple hosts. Logstash performs filtering in a single thread so it does not scale up very well. Work around this by scaling Logstash out to multiple indexer hosts. Current plan is to have a small (2GB) kibana web front end host that does nothing but talk to elasticsearch, three 4GB logstash indexers that will run a single log-pusher.py + logstash indexer with some partition of the logfiles assigned to each indexer, and finally the existing large elasticsearch node. Eventually properly load balancing log processing across the worker nodes would be great, but the current partition method should work well enough with little additional effort. Change-Id: Ifc6396560934314ffd6a7c47eb2acff9e9c2a7af Reviewed-on: https://review.openstack.org/30573 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-26 16:08:46 -07:00
],
Better elasticsearch cluster settings. Use mutliple discover nodes to determine elasticsearch cluster membership. Put a timeout on recovery starting instead of the default to recovery immediately. Describe cluster topology in elasticsearch yaml config so that it can make smarter decisions. Round robin kibana requests across each discover node. Change-Id: I08ef9dd158ddf6a6ce01dfb2050626f543d45b10 Reviewed-on: https://review.openstack.org/34106 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-06-22 10:39:04 -07:00
discover_nodes => [
'elasticsearch.openstack.org',
'elasticsearch2.openstack.org',
'elasticsearch3.openstack.org',
Add two more elasticsearch nodes. * manifests/site.pp: List the two new elasticsearch nodes in the appropriate lists. * modules/logstash/manifests/elasticsearch.pp: Do not restart elasticsearch when config files change. Service restarts are costly and should be manually performed when necessary. Otherwise puppet should simply update the config files. * modules/logstash/templates/elasticsearch.yml.erb: Update elasticsearch config with new cluster topology. Increase memory available for indexing. * modules/openstack_project/manifests/cacti.pp: Add new nodes to cacti monitoring list. Adding two more elasticsearch nodes to relieve memory pressure (more nodes means fewer indexes per nodes which requires less memory to manage). And two more nodes gives us more disk to retain older indexes in. These new nodes should allow us to retain at least 3 weeks of indexed logs. Change-Id: I3a5a02311e939c8147e401110c7b96d085eb8274 Reviewed-on: https://review.openstack.org/36305 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-07-09 10:40:54 -07:00
'elasticsearch4.openstack.org',
'elasticsearch5.openstack.org',
Better elasticsearch cluster settings. Use mutliple discover nodes to determine elasticsearch cluster membership. Put a timeout on recovery starting instead of the default to recovery immediately. Describe cluster topology in elasticsearch yaml config so that it can make smarter decisions. Round robin kibana requests across each discover node. Change-Id: I08ef9dd158ddf6a6ce01dfb2050626f543d45b10 Reviewed-on: https://review.openstack.org/34106 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-06-22 10:39:04 -07:00
],
Switch to dedicated elasticsearch node. Switch to a large dedicated elasticsearch node as sharing resources between logstash, kibana, jenkins-log-pusher, and elasticsearch results in a constrained environment. Change-Id: I39e6210f2c577429be2cb38aca09111a0f56f9be Reviewed-on: https://review.openstack.org/30344 Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-23 14:08:58 -07:00
}
}
Add cgit web service and git server Define git.openstack.org server and deploy cgit web service with Apache on CentOS. Change-Id: Id3c7c870e25e4202915bc081454896895084f9af
2013-07-11 11:21:02 -07:00
# A CentOS machine to run cgit and git daemon.
node 'git.openstack.org' {
class { 'openstack_project::git':
sysadmins => hiera('sysadmins'),
git_gerrit_ssh_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
}
}
Add summit.openstack.org to OpenStack infra Add summit.openstack.org to OpenStack infrastructure. The current host used is an old forgotten 11.04 cloudserver from pre-Foundation days. We'll need to move summit.openstack.org A/CNAME to this new instance. This host will be fully automated with its own Puppet module sometimes during Havana, but for the urgent Portland summit setup it will be set up manually. Change-Id: I80a46e5969c27e540278a51d176a536e7777f005 Reviewed-on: https://review.openstack.org/21302 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-02-06 15:10:13 +01:00
# A machine to run ODSREG in preparation for summits.
node 'summit.openstack.org' {
Open port 80 on summit.o.o and add ttx. * manifests/site.pp: Change the summit node to be an instance of the new summit class rather than the more generic server class. * modules/openstack_project/manifests/summit.pp: Add a new summit class based on server, but open 80/tcp and realize an account for ttx. Also explicitly list 22/tcp even though it's already included by the server class. * modules/openstack_project/manifests/users.pp: Add an entry for ttx with his name and SSH public key. Change-Id: Idc4f0f30a89da12eeb8ee770e0ba0f0a2978bf5f Reviewed-on: https://review.openstack.org/21430 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-02-07 13:56:07 +00:00
class { 'openstack_project::summit':
Add summit.openstack.org to OpenStack infra Add summit.openstack.org to OpenStack infrastructure. The current host used is an old forgotten 11.04 cloudserver from pre-Foundation days. We'll need to move summit.openstack.org A/CNAME to this new instance. This host will be fully automated with its own Puppet module sometimes during Havana, but for the urgent Portland summit setup it will be set up manually. Change-Id: I80a46e5969c27e540278a51d176a536e7777f005 Reviewed-on: https://review.openstack.org/21302 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-02-06 15:10:13 +01:00
sysadmins => hiera('sysadmins'),
}
}
Add node definition for static.openstack.org. Add node definition for static.openstack.org and create first simple implementation of what the static.openstack.org host would look like. Change-Id: I04952154246c4985e7ff44909e892918a1336fba Reviewed-on: https://review.openstack.org/11193 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-10 15:38:08 -07:00
# A machine to serve static content.
node 'static.openstack.org' {
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
class { 'openstack_project::static':
Add puppet files for reviewday Initial add of puppet files so reviewday can be deployed on the static webserver. Fixes: bug #1082785 Change-Id: Ie5516e82bfc9dfea95b53285c46aa881d5c05f32 Reviewed-on: https://review.openstack.org/21158 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-02-04 14:25:02 -08:00
sysadmins => hiera('sysadmins'),
reviewday_rsa_key_contents => hiera('reviewday_rsa_key_contents'),
reviewday_rsa_pubkey_contents => hiera('reviewday_rsa_pubkey_contents'),
reviewday_gerrit_ssh_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
Add releasestatus SSH key Add an SSH keypair for releasestatus so that it can connect to review.openstack.org to grab review data. Also add review.o.o public key to known_hosts. The data in hiera was already added. Change-Id: I193dfad5b229a0c193ce35d5a8917b0b3b86c117 Reviewed-on: https://review.openstack.org/30881 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-05-29 15:36:42 +02:00
releasestatus_prvkey_contents => hiera('releasestatus_rsa_key_contents'),
releasestatus_pubkey_contents => hiera('releasestatus_rsa_pubkey_contents'),
releasestatus_gerrit_ssh_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
}
Add node definition for static.openstack.org. Add node definition for static.openstack.org and create first simple implementation of what the static.openstack.org host would look like. Change-Id: I04952154246c4985e7ff44909e892918a1336fba Reviewed-on: https://review.openstack.org/11193 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-10 15:38:08 -07:00
}
Add a dedicated zuul server. Just bootstrapping the server; a follow-on change will switch hostnames in configurations. Change-Id: Ie453a3d046014137c66f2bc25e0a5916d09b9267 Reviewed-on: https://review.openstack.org/17167 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-11-29 13:43:20 -08:00
node 'zuul.openstack.org' {
Rename zuul manifest to zuul_prod. Because puppet scoping is ridiculous. Change-Id: I5a62a272353a88fe996e946ef3611a8320ba9c30 Reviewed-on: https://review.openstack.org/29011 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-05-13 14:59:15 -07:00
class { 'openstack_project::zuul_prod':
Move Zuul to its own server. Remove zuul from jenkins server. Remove transitional zuul config. Add an extra argument to gerrit-git-prep for the git site name, so that it doesn't have to be the same as the review site. Serve zuul git repos via apache. Change-Id: I342032bcedf317c0f48ff89b773546eb2ccd08f8 Reviewed-on: https://review.openstack.org/17949 Tested-by: Jenkins Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: James E. Blair <corvus@inaugust.com>
2012-12-02 16:32:10 +00:00
jenkins_host => 'jenkins.openstack.org',
jenkins_url => 'https://jenkins.openstack.org',
Add devstack-gate-secure.conf. This file exists on the jenkins master but is not managed by puppet. Put it on the new devstack-launch slave, under puppet control. Rename the apikey hieradata variable that zuul uses to be more generic since the same key is used by multiple projects. Add the username portion of that to hiera as well to make the hieradata file more self-documenting and easier to maintain, even though it's not strictly secret. The new values have been added to hiera. Change-Id: I0af634d091577236a81feefddada63feacf3e2bc Reviewed-on: https://review.openstack.org/23740 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-06 13:12:20 -08:00
jenkins_user => hiera('jenkins_api_user'),
jenkins_apikey => hiera('jenkins_api_key'),
Move Zuul to its own server. Remove zuul from jenkins server. Remove transitional zuul config. Add an extra argument to gerrit-git-prep for the git site name, so that it doesn't have to be the same as the review site. Serve zuul git repos via apache. Change-Id: I342032bcedf317c0f48ff89b773546eb2ccd08f8 Reviewed-on: https://review.openstack.org/17949 Tested-by: Jenkins Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: James E. Blair <corvus@inaugust.com>
2012-12-02 16:32:10 +00:00
gerrit_server => 'review.openstack.org',
gerrit_user => 'jenkins',
zuul_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
Set the Zuul/Jenkins base log URL in a function And use that when constructing log paths and URLs. Use a substr of the change id or commit sha when constructing URLs so the log directories are deeper. Make copying the test results a macro (it's used in several places). Update the gearman log client to take advantage of the new parameter. Requires https://review.openstack.org/#/c/36304/ Change-Id: I64faa35eddc4105271efa3de4f83b608b77655c2
2013-07-09 10:53:27 -07:00
url_pattern => 'http://logs.openstack.org/{build.parameters[BASE_LOG_PATH]}/{job.name}/{build.number}',
Move Zuul to its own server. Remove zuul from jenkins server. Remove transitional zuul config. Add an extra argument to gerrit-git-prep for the git site name, so that it doesn't have to be the same as the review site. Serve zuul git repos via apache. Change-Id: I342032bcedf317c0f48ff89b773546eb2ccd08f8 Reviewed-on: https://review.openstack.org/17949 Tested-by: Jenkins Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: James E. Blair <corvus@inaugust.com>
2012-12-02 16:32:10 +00:00
sysadmins => hiera('sysadmins'),
Add statsd configuration to zuul. And allow zuul to send to statsd. Change-Id: Ie9f78268a673523c4ea4025bdbbe40d8d3819398 Reviewed-on: https://review.openstack.org/18658 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-12-26 10:48:15 -08:00
statsd_host => 'graphite.openstack.org',
Connectivity from workers to gearmand on zuul. * manifests/site.pp: Pass both jenkins.openstack.org and jenkins-dev.openstack.org to openstack_project::zuul as the list of gearman workers for use in iptables rules. * modules/openstack_project/manifests/jenkins.pp * modules/openstack_project/manifests/jenkins_dev.pp: Remove unused 4155/tcp from public allowed ports list, previously for a bzr service which is no longer running on these servers. * modules/openstack_project/manifests/zuul.pp: Add iptables rules allowing access from gearman workers to the gearmand, and also configure gearmand to listen on all addresses including IPv6, as opposed to its IPv4-only default. * install_modules.sh: Add puppetlabs-stdlib version 3.2.0 to the list of puppet dependencies. This is required to pull in the "flatten" function used in zuul.pp above. Change-Id: I05d4abc92b3050884a7e9f3c2b6cd9dcc81bfa36 Reviewed-on: https://review.openstack.org/26245 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-28 02:42:05 +00:00
gearman_workers => [
'jenkins.openstack.org',
'jenkins-dev.openstack.org',
Add zuul-dev.openstack.org. And connect it to the firehose. Change-Id: Id860ff329e33a588d669608e5402bdb3765001dd Reviewed-on: https://review.openstack.org/28742 Reviewed-by: Khai Do <zaro0508@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-05-09 16:06:21 -07:00
],
}
}
node 'zuul-dev.openstack.org' {
class { 'openstack_project::zuul_dev':
gerrit_server => 'review.openstack.org',
gerrit_user => 'zuul-dev',
zuul_ssh_private_key => hiera('zuul_dev_ssh_private_key_contents'),
Set the Zuul/Jenkins base log URL in a function And use that when constructing log paths and URLs. Use a substr of the change id or commit sha when constructing URLs so the log directories are deeper. Make copying the test results a macro (it's used in several places). Update the gearman log client to take advantage of the new parameter. Requires https://review.openstack.org/#/c/36304/ Change-Id: I64faa35eddc4105271efa3de4f83b608b77655c2
2013-07-09 10:53:27 -07:00
url_pattern => 'http://logs.openstack.org/{build.parameters[BASE_LOG_PATH]}/{job.name}/{build.number}',
Add zuul-dev.openstack.org. And connect it to the firehose. Change-Id: Id860ff329e33a588d669608e5402bdb3765001dd Reviewed-on: https://review.openstack.org/28742 Reviewed-by: Khai Do <zaro0508@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-05-09 16:06:21 -07:00
sysadmins => hiera('sysadmins'),
statsd_host => 'graphite.openstack.org',
gearman_workers => [
'jenkins.openstack.org',
'jenkins-dev.openstack.org',
Connectivity from workers to gearmand on zuul. * manifests/site.pp: Pass both jenkins.openstack.org and jenkins-dev.openstack.org to openstack_project::zuul as the list of gearman workers for use in iptables rules. * modules/openstack_project/manifests/jenkins.pp * modules/openstack_project/manifests/jenkins_dev.pp: Remove unused 4155/tcp from public allowed ports list, previously for a bzr service which is no longer running on these servers. * modules/openstack_project/manifests/zuul.pp: Add iptables rules allowing access from gearman workers to the gearmand, and also configure gearmand to listen on all addresses including IPv6, as opposed to its IPv4-only default. * install_modules.sh: Add puppetlabs-stdlib version 3.2.0 to the list of puppet dependencies. This is required to pull in the "flatten" function used in zuul.pp above. Change-Id: I05d4abc92b3050884a7e9f3c2b6cd9dcc81bfa36 Reviewed-on: https://review.openstack.org/26245 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-28 02:42:05 +00:00
],
Add a dedicated zuul server. Just bootstrapping the server; a follow-on change will switch hostnames in configurations. Change-Id: Ie453a3d046014137c66f2bc25e0a5916d09b9267 Reviewed-on: https://review.openstack.org/17167 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-11-29 13:43:20 -08:00
}
}
Add a skeleton asterisk server. This commit adds a bare server that will be updated to become an Asterisk server. Change-Id: If54badab3269d8c8ce504f8bfcb0e5f79eeaeb69
2013-07-16 17:03:58 -04:00
node 'pbx.openstack.org' {
class { 'openstack_project::pbx':
sysadmins => hiera('sysadmins'),
}
}
Add jenkins user to template hosts Change-Id: I3d284f149576c7b21d7e215b14eb1b28e3fa602b
2012-03-15 19:17:39 -07:00
# A bare machine, but with a jenkins user
Don't do anything special for template hosts. Remove cruft. Change-Id: Id37056317f4002968fcb2ee912512b0526bac9bd
2012-03-15 10:30:38 -07:00
node /^.*\.template\.openstack\.org$/ {
Make a class for each type of server. Change-Id: I520b77a4d83958a6a1c2472e87b28f6b8822d890
2012-07-20 19:38:57 -07:00
include openstack_project::slave_template
Add module to prime a devstack template host. Change-Id: I92790b1adad5ad9c04f6acb548d869c78e56ceb4
2011-11-16 08:36:14 -08:00
}
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
# A bare machine, but with a jenkins user
node /^.*dev-.*\.template\.openstack\.org$/ {
include openstack_project::dev_slave_template
}
Add backups. Change-Id: If328f94174a6b9dff5006a63fdff3983e89aee24
2012-06-15 22:40:12 +00:00
# A backup machine. Don't run cron or puppet agent on it.
node /^ci-backup-.*\.openstack\.org$/ {
Make a class for each type of server. Change-Id: I520b77a4d83958a6a1c2472e87b28f6b8822d890
2012-07-20 19:38:57 -07:00
include openstack_project::backup_server
Add backups. Change-Id: If328f94174a6b9dff5006a63fdff3983e89aee24
2012-06-15 22:40:12 +00:00
}
Move all node configuration into site.pp, with node identifiers based on hostnames so that puppet self-identifies which node config to use. Refactor class hierarchy for OpenStack slaves and servers. Add NTP to all systems. Change-Id: Ie7695768fcdebb744a86b3dc88bc0ea71297f978
2011-08-02 12:58:08 -07:00
#
# Jenkins slaves:
#
Apply cgroups and ulimit to precise8. To test the cgroup and ulimit changes in a controlled manner apply the two limiting tools to precise8. One this host the jenkins user will only be able to start 256 processes and will be limited to using 90% of the hosts physical memory. Change-Id: Id57c2ca9bbb40366b2827c4b07236aa33cc10bd7
2012-07-03 14:28:41 -07:00
Add pypi mirror building slaves. Change-Id: I9c5ea870d365f65ff19d91ca579ee127f67d9ea8 Reviewed-on: https://review.openstack.org/25314 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-25 11:30:37 -07:00
node 'mirror26.slave.openstack.org' {
Include openstack_project for Jenkins' SSH key. The openstack_project class needs to be included to make the jenkins_ssh_key variable available to nodes. Change-Id: I57fb6f24755bf123cf9f6f9b724035d0ababf8f3 Reviewed-on: https://review.openstack.org/31581 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-06-03 16:05:57 -07:00
include openstack_project
Add pypi mirror building slaves. Change-Id: I9c5ea870d365f65ff19d91ca579ee127f67d9ea8 Reviewed-on: https://review.openstack.org/25314 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-25 11:30:37 -07:00
class { 'openstack_project::mirror26_slave':
Pass Jenkins' SSH pub key to special slaves. The openstack_project::slave refactor defaulted the Jenkins' SSH pub key to an empty string. This erased the authorized keys file for the Jenkins user on our specialized slaves. Restore that file's contents. Change-Id: I28067017ec2dc36feef9df076099813abf820ee9 Reviewed-on: https://review.openstack.org/31419 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-01 19:40:07 -07:00
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
Add pypi mirror building slaves. Change-Id: I9c5ea870d365f65ff19d91ca579ee127f67d9ea8 Reviewed-on: https://review.openstack.org/25314 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-25 11:30:37 -07:00
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents')
}
}
node 'mirror27.slave.openstack.org' {
Include openstack_project for Jenkins' SSH key. The openstack_project class needs to be included to make the jenkins_ssh_key variable available to nodes. Change-Id: I57fb6f24755bf123cf9f6f9b724035d0ababf8f3 Reviewed-on: https://review.openstack.org/31581 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-06-03 16:05:57 -07:00
include openstack_project
Add pypi mirror building slaves. Change-Id: I9c5ea870d365f65ff19d91ca579ee127f67d9ea8 Reviewed-on: https://review.openstack.org/25314 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-25 11:30:37 -07:00
class { 'openstack_project::mirror27_slave':
Pass Jenkins' SSH pub key to special slaves. The openstack_project::slave refactor defaulted the Jenkins' SSH pub key to an empty string. This erased the authorized keys file for the Jenkins user on our specialized slaves. Restore that file's contents. Change-Id: I28067017ec2dc36feef9df076099813abf820ee9 Reviewed-on: https://review.openstack.org/31419 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-01 19:40:07 -07:00
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
Add pypi mirror building slaves. Change-Id: I9c5ea870d365f65ff19d91ca579ee127f67d9ea8 Reviewed-on: https://review.openstack.org/25314 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-25 11:30:37 -07:00
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents')
}
}
Add a dedicated slave to launch devstack nodes. So that we can take this load off of the jenkins master. Change-Id: Id66efede75fab9977013e69f3415a53dc239b0ce Reviewed-on: https://review.openstack.org/22379 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-02-19 15:56:22 -08:00
node 'devstack-launch.slave.openstack.org' {
Include openstack_project for Jenkins' SSH key. The openstack_project class needs to be included to make the jenkins_ssh_key variable available to nodes. Change-Id: I57fb6f24755bf123cf9f6f9b724035d0ababf8f3 Reviewed-on: https://review.openstack.org/31581 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-06-03 16:05:57 -07:00
include openstack_project
Add a dedicated slave to launch devstack nodes. So that we can take this load off of the jenkins master. Change-Id: Id66efede75fab9977013e69f3415a53dc239b0ce Reviewed-on: https://review.openstack.org/22379 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-02-19 15:56:22 -08:00
class { 'openstack_project::devstack_launch_slave':
Add jenkins ssh private key to devstack-launch. It's needed to perform the test-logins to the new servers. Change-Id: I8fd5cea8dd1b807b42acf508fcd4853bb735150e Reviewed-on: https://review.openstack.org/24497 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-14 17:51:57 -07:00
jenkins_api_user => hiera('jenkins_api_user'),
jenkins_api_key => hiera('jenkins_api_key'),
Pass Jenkins' SSH pub key to special slaves. The openstack_project::slave refactor defaulted the Jenkins' SSH pub key to an empty string. This erased the authorized keys file for the Jenkins user on our specialized slaves. Restore that file's contents. Change-Id: I28067017ec2dc36feef9df076099813abf820ee9 Reviewed-on: https://review.openstack.org/31419 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-01 19:40:07 -07:00
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
Add a dedicated slave to launch devstack nodes. So that we can take this load off of the jenkins master. Change-Id: Id66efede75fab9977013e69f3415a53dc239b0ce Reviewed-on: https://review.openstack.org/22379 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-02-19 15:56:22 -08:00
}
}
New job template for translation management. Add a new job template for translation management. Add two jobs for translation management. The first will will update transifex with the new .pot and .po files after every merge to a project. The second will commit the new .pot and .po files and submit for review once a day. Add puppet manifest for the slave that these jobs will be running on. Apply the template to nova. Change-Id: I5242f81bd6ff13d1ed8610ef9e3b39fd3dbd7301 Reviewed-on: https://review.openstack.org/11369 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-14 12:47:01 -07:00
node 'tx.slave.openstack.org' {
Include openstack_project for Jenkins' SSH key. The openstack_project class needs to be included to make the jenkins_ssh_key variable available to nodes. Change-Id: I57fb6f24755bf123cf9f6f9b724035d0ababf8f3 Reviewed-on: https://review.openstack.org/31581 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-06-03 16:05:57 -07:00
include openstack_project
New job template for translation management. Add a new job template for translation management. Add two jobs for translation management. The first will will update transifex with the new .pot and .po files after every merge to a project. The second will commit the new .pot and .po files and submit for review once a day. Add puppet manifest for the slave that these jobs will be running on. Apply the template to nova. Change-Id: I5242f81bd6ff13d1ed8610ef9e3b39fd3dbd7301 Reviewed-on: https://review.openstack.org/11369 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-14 12:47:01 -07:00
class { 'openstack_project::translation_slave':
Pass Jenkins' SSH pub key to special slaves. The openstack_project::slave refactor defaulted the Jenkins' SSH pub key to an empty string. This erased the authorized keys file for the Jenkins user on our specialized slaves. Restore that file's contents. Change-Id: I28067017ec2dc36feef9df076099813abf820ee9 Reviewed-on: https://review.openstack.org/31419 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-01 19:40:07 -07:00
transifex_username => 'openstackjenkins',
transifex_password => hiera('transifex_password'),
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
New job template for translation management. Add a new job template for translation management. Add two jobs for translation management. The first will will update transifex with the new .pot and .po files after every merge to a project. The second will commit the new .pot and .po files and submit for review once a day. Add puppet manifest for the slave that these jobs will be running on. Apply the template to nova. Change-Id: I5242f81bd6ff13d1ed8610ef9e3b39fd3dbd7301 Reviewed-on: https://review.openstack.org/11369 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-14 12:47:01 -07:00
}
}
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2012-11-16 13:16:26 -08:00
node 'pypi.slave.openstack.org' {
Include openstack_project for Jenkins' SSH key. The openstack_project class needs to be included to make the jenkins_ssh_key variable available to nodes. Change-Id: I57fb6f24755bf123cf9f6f9b724035d0ababf8f3 Reviewed-on: https://review.openstack.org/31581 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-06-03 16:05:57 -07:00
include openstack_project
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2012-11-16 13:16:26 -08:00
class { 'openstack_project::pypi_slave':
Pass Jenkins' SSH pub key to special slaves. The openstack_project::slave refactor defaulted the Jenkins' SSH pub key to an empty string. This erased the authorized keys file for the Jenkins user on our specialized slaves. Restore that file's contents. Change-Id: I28067017ec2dc36feef9df076099813abf820ee9 Reviewed-on: https://review.openstack.org/31419 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-01 19:40:07 -07:00
pypi_username => 'openstackci',
pypi_password => hiera('pypi_password'),
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
make maven versioning and deployment workflow similiar to python This commit fixes bug 1182154 The maven workflow for versioning and deployment is at odds with how we like to do it. For versioning, our convention is to get info from SCM to set the project build versions. For deployments to remote repositories we prefer to use curl instead of mvn deploy due to maven security vulnerabilities. Our python builds have already been setup to set package versions from SCM and deploy to pypi using curl so this commit is to make maven versioning and deployments similiar our python versioning and deployment workflow. This commit does the following: Setup a project version string as an environement variable so we can pass it to maven builds. The version string is retrieved from information in git. This makes the build versioning workflow similar to how we build python packages. This setup expects a variable called '$project-version' in the root 'version' element (i.e. <version>${project-version}</version>) of the maven project's pom.xml file. For general (throw away CI) builds we do the following: 1. generate a package 'myplugin.hpi' with version '1.3.0.4.a0bc21f' in the MANIFEST.MF file. The '4' is the number of commits since last tag. 2. publish 'myplugin-1.3.0.4.a0bc21f.hpi' to tarballs.o.o For release builds we do the following: 1. generate a package 'myplugin.hpi' with version '1.3.1' in the MANIFEST.MF file. 2. publish 'myplugin-1.3.1.hpi' to tarballs.o.o 3. publish 'myplugin-1.3.1.hpi' to repo.jenkins-ci.org Passes the jenkins credentials from hiera to the pypi slave so we can use it to deploy released plugins to repo.jenkins-ci.org Creates a generic jenkinsci-upload job that will deploy released jenkins plugin artifacts to a remote repository with user credentials from hiera. It will use the same curl deployment method as the pypi-upload job. Change-Id: If1306523a28da94ee970d96b7a788ca116348de7 Reviewed-on: https://review.openstack.org/31875 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-06-12 14:26:41 -07:00
jenkinsci_username => hiera('jenkins_ci_org_user'),
jenkinsci_password => hiera('jenkins_ci_org_password'),
Run pypi uploads more securely. To run pypi uploads more securely perform the `python setup.py sdist` on a normal build slave, then copy the sdist to the pypi slave and perform only the upload from that host. Change-Id: Ie68d484ef6d129749186c792d0ced812ac25818b Reviewed-on: https://review.openstack.org/16335 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2012-11-16 13:16:26 -08:00
}
}
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
node /^precise-?\d+.*\.slave\.openstack\.org$/ {
include openstack_project
Move OpenStack classes to openstack_project module Change-Id: Iafcd2e06c5b62e4cde5eccaab3173a20bb08a78d
2012-07-20 18:56:35 -07:00
include openstack_project::puppet_cron
Use puppetmaster for slaves. Use puppet agent --test for puppet cron. We don't need the private ssh or gpg key on the slaves anymore. We do need the glance testing stuff, so stick that into hiera. Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce Reviewed-on: https://review.openstack.org/10851 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-05 13:02:21 -05:00
class { 'openstack_project::slave':
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
certname => 'precise.slave.openstack.org',
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
ssh_key => $openstack_project::jenkins_ssh_key,
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
sysadmins => hiera('sysadmins'),
Use puppetmaster for slaves. Use puppet agent --test for puppet cron. We don't need the private ssh or gpg key on the slaves anymore. We do need the glance testing stuff, so stick that into hiera. Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce Reviewed-on: https://review.openstack.org/10851 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-05 13:02:21 -05:00
}
Apply cgroups and ulimit to precise8. To test the cgroup and ulimit changes in a controlled manner apply the two limiting tools to precise8. One this host the jenkins user will only be able to start 256 processes and will be limited to using 90% of the hosts physical memory. Change-Id: Id57c2ca9bbb40366b2827c4b07236aa33cc10bd7
2012-07-03 14:28:41 -07:00
}
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
node /^precise-dev\d+.*\.slave\.openstack\.org$/ {
include openstack_project
Move OpenStack classes to openstack_project module Change-Id: Iafcd2e06c5b62e4cde5eccaab3173a20bb08a78d
2012-07-20 18:56:35 -07:00
include openstack_project::puppet_cron
Use puppetmaster for slaves. Use puppet agent --test for puppet cron. We don't need the private ssh or gpg key on the slaves anymore. We do need the glance testing stuff, so stick that into hiera. Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce Reviewed-on: https://review.openstack.org/10851 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-05 13:02:21 -05:00
class { 'openstack_project::slave':
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
ssh_key => $openstack_project::jenkins_dev_ssh_key,
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
sysadmins => hiera('sysadmins'),
Jenkins slave puppetry for CentOS. The install scripts now look for CentOS in release files. Also some instances of facter's operatingsystem are switched to osfamily and capitalization of RedHat is normalized to match what facter uses. Change-Id: I3bbca5481d0d5e6de9e62bfd6e2b0a85264ed6ed Reviewed-on: https://review.openstack.org/27398 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-04-24 02:27:21 +00:00
}
}
Add a node pattern for precise3k slaves. * manifests/site.pp: Add a node pattern for slave servers which run Ubuntu Precise Pangolin and default to Python 3.3 for the Puppet PIP package provider. * launch/README: Starting with precise3k slaves, individual Puppet certificates will now be used per-server. Change-Id: I2cde440720afd8014fc98dfd133d29a428751a9d
2013-07-18 02:37:29 +00:00
node /^precise3k-?\d+.*\.slave\.openstack\.org$/ {
include openstack_project
include openstack_project::puppet_cron
class { 'openstack_project::slave':
ssh_key => $openstack_project::jenkins_ssh_key,
sysadmins => hiera('sysadmins'),
python3 => true,
}
}
node /^precise3k-dev\d+.*\.slave\.openstack\.org$/ {
include openstack_project
include openstack_project::puppet_cron
class { 'openstack_project::slave':
ssh_key => $openstack_project::jenkins_dev_ssh_key,
sysadmins => hiera('sysadmins'),
python3 => true,
}
}
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
node /^centos6-?\d+\.slave\.openstack\.org$/ {
include openstack_project
Jenkins slave puppetry for CentOS. The install scripts now look for CentOS in release files. Also some instances of facter's operatingsystem are switched to osfamily and capitalization of RedHat is normalized to match what facter uses. Change-Id: I3bbca5481d0d5e6de9e62bfd6e2b0a85264ed6ed Reviewed-on: https://review.openstack.org/27398 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-04-24 02:27:21 +00:00
include openstack_project::puppet_cron
class { 'openstack_project::slave':
certname => 'centos6.slave.openstack.org',
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
ssh_key => $openstack_project::jenkins_ssh_key,
Jenkins slave puppetry for CentOS. The install scripts now look for CentOS in release files. Also some instances of facter's operatingsystem are switched to osfamily and capitalization of RedHat is normalized to match what facter uses. Change-Id: I3bbca5481d0d5e6de9e62bfd6e2b0a85264ed6ed Reviewed-on: https://review.openstack.org/27398 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-04-24 02:27:21 +00:00
sysadmins => hiera('sysadmins'),
Use puppetmaster for slaves. Use puppet agent --test for puppet cron. We don't need the private ssh or gpg key on the slaves anymore. We do need the glance testing stuff, so stick that into hiera. Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce Reviewed-on: https://review.openstack.org/10851 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-05 13:02:21 -05:00
}
Add tox to jenkins slave configs. Change-Id: I1528afc878c65abfd83a6a9418631a1c392e2a5a
2012-01-23 15:16:06 -08:00
}
Refactor Dynamic tcp ports. Change-Id: Id53f9960f0b7b5c27f3595fc6722a2a110aa88db
2012-03-25 12:44:52 -07:00
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
node /^centos6-dev\d+\.slave\.openstack\.org$/ {
include openstack_project
Add support for RHEL to site.pp. Updates site.pp with a block for RHEL slaves. Change-Id: Ib83e9d0cd1cc4208eac3a0a63580c76e60965c2a Reviewed-on: https://review.openstack.org/23106 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-02-27 14:06:42 -05:00
include openstack_project::puppet_cron
class { 'openstack_project::slave':
Add jenkins dev slaves. Allow them to use an ssh key distinct from production. Clean up unused slave classes. Use dedicated keys on dev slaves (do this in prod in the future, but it's a breaking change). Add a dev_slave_template class for devstack-gate to use. Remove devstack-gate deps from jenkins master (they're on devstack-launch now). Clean up unneeded remove statements for glance creds. Tidy up some permissions on files where they weren't specified before. Change-Id: I02cef1ee3951c5780084118073770521bebb9eda Reviewed-on: https://review.openstack.org/29319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-05-15 16:03:05 -07:00
ssh_key => $openstack_project::jenkins_dev_ssh_key,
Add support for RHEL to site.pp. Updates site.pp with a block for RHEL slaves. Change-Id: Ib83e9d0cd1cc4208eac3a0a63580c76e60965c2a Reviewed-on: https://review.openstack.org/23106 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-02-27 14:06:42 -05:00
sysadmins => hiera('sysadmins'),
}
}
Add fedora18 and fedora18-dev slaves. * manifests/site.pp: Add node name patterns for fedora18 production and development slaves with Python 3 support switched on. Change-Id: I7eac41e6dccde50be962cbc3fda21ac90c3d246b Reviewed-on: https://review.openstack.org/34084 Reviewed-by: Dan Prince <dprince@redhat.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-06-22 02:07:45 +00:00
node /^fedora18-?\d+\.slave\.openstack\.org$/ {
include openstack_project
include openstack_project::puppet_cron
class { 'openstack_project::slave':
certname => 'fedora18.slave.openstack.org',
ssh_key => $openstack_project::jenkins_ssh_key,
sysadmins => hiera('sysadmins'),
python3 => true,
}
}
node /^fedora18-dev\d+\.slave\.openstack\.org$/ {
include openstack_project
include openstack_project::puppet_cron
class { 'openstack_project::slave':
ssh_key => $openstack_project::jenkins_dev_ssh_key,
sysadmins => hiera('sysadmins'),
python3 => true,
}
}
Make a pared-down slave for jclouds. Change-Id: I4ca31201362516b85ce39287270d94428895b5c8
2012-05-28 10:41:13 -04:00
node /^.*\.jclouds\.openstack\.org$/ {
Use puppetmaster for slaves. Use puppet agent --test for puppet cron. We don't need the private ssh or gpg key on the slaves anymore. We do need the glance testing stuff, so stick that into hiera. Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce Reviewed-on: https://review.openstack.org/10851 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-05 13:02:21 -05:00
class { 'openstack_project::bare_slave':
certname => 'jclouds.openstack.org',
}
Pass sysadmins list into node defs. Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00
}
Style guide updates for manifest directory Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0 Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/13830 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-28 10:05:02 -04:00
# vim:sw=2:ts=2:expandtab:textwidth=79
Copy Permalink