From 6884ea0206bda1492a827e4f975e41668396f137 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Mon, 21 May 2012 17:53:36 +0000 Subject: [PATCH] Make devstack nodes jenkins slaves. But still not _full_ jenkins slaves since they should not have mysql installed, and don't need many of the packages we put on general jenkins slaves. Also, devstack needs sudo. Paremeterize the jenkins_slave class so that sudo and the full package complement are optional. Change-Id: I5e3cc15b5ebd48aee548b35eaef77c582e23f5df --- manifests/site.pp | 15 +-- manifests/users.pp | 5 - modules/jenkins_slave/manifests/init.pp | 119 ++++++++---------- .../jenkins_slave/manifests/jenkinsuser.pp | 9 +- 4 files changed, 70 insertions(+), 78 deletions(-) diff --git a/manifests/site.pp b/manifests/site.pp index 9247e60193..2ea31b767f 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1,5 +1,7 @@ import "openstack" +$jenkins_ssh_key = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson' + class openstack_cron { include logrotate cron { "updatepuppet": @@ -22,7 +24,7 @@ class openstack_jenkins_slave { iptables_public_tcp_ports => [] } class { 'jenkins_slave': - ssh_key => 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson' + ssh_key => $jenkins_ssh_key } } @@ -326,12 +328,11 @@ node /^.*\.template\.openstack\.org$/ { class { 'openstack_template': iptables_public_tcp_ports => [] } - # This sets up a user with jenkins ssh key and adds it to the sudo group. - # Don't do that on regular jenkins slaves, only on lowest-privilege test - # hosts, such as the devstack hosts. - realize( - User::Virtual::Localuser["jenkins"], - ) + class { 'jenkins_slave': + ssh_key => $jenkins_ssh_key, + sudo => true, + bare => true + } } # diff --git a/manifests/users.pp b/manifests/users.pp index 5cef604baf..937d247239 100644 --- a/manifests/users.pp +++ b/manifests/users.pp @@ -35,9 +35,4 @@ class openstack_project::users { realname => 'Duncan McGreggor', sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAttca0Lahzo1rskWcCGwYh71ADmUsn/6RNBd7H7WVsX+QTacq90fpNghFNTen4I7tC1p0IemwHcCOb1noeXkjxl7W5r7l0OhiqMHp/u2ao0F3dINryuNEww2IHRhY6GwwGJ+slv+i4/FviUgqHZVzopUon/9VY0mu1wfu3vTRw0qXsvqr09Jiavt/8gJ0Fa5PsYkf7l0edFk0scTmGp3G4HY/ZvnbChfZMg6L/xcGPtK/GbLYg6PGtLVVnubXMtxD9GZYhwrY0i9Z2egcRI2W7IznM4OGFzYgA9HZqylPoWt4+ghzC5azUlbO2u6+8HigJVblAGHRWcznEf/ZDR3erw== oubiwann@rhosgobel\n", } - - @user::virtual::localuser { 'jenkins': - realname => 'OpenStack Jenkins', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson\n", - } } diff --git a/modules/jenkins_slave/manifests/init.pp b/modules/jenkins_slave/manifests/init.pp index 398ef337ad..60b940dd1d 100644 --- a/modules/jenkins_slave/manifests/init.pp +++ b/modules/jenkins_slave/manifests/init.pp @@ -1,7 +1,8 @@ -class jenkins_slave($ssh_key) { +class jenkins_slave($ssh_key, $sudo = false, $bare = false) { jenkinsuser { "jenkins": ensure => present, + sudo => $sudo, ssh_key => "${ssh_key}" } @@ -10,25 +11,28 @@ class jenkins_slave($ssh_key) { require => [ Package[git], File[jenkinshome] ], } - devstackrepo { "devstack": - ensure => present, - require => [ Package[git], File[jenkinshome] ], - } - apt::ppa { "ppa:openstack-ci/build-depends": ensure => absent } - $packages = ["apache2", - "asciidoc", # for building gerrit + # Packages that all jenkins slaves need + $common_packages = [ + "default-jdk", # jdk for building java jobs + "build-essential", "autoconf", "automake", - "build-essential", "ccache", + "devscripts", + "python-pip", + ] + + # Packages that most jenkins slaves (eg, unit test runners) need + $standard_packages = [ + "apache2", + "asciidoc", # for building gerrit "cdbs", "curl", "debootstrap", - "devscripts", "dnsmasq-base", "ebtables", "gawk", @@ -49,8 +53,7 @@ class jenkins_slave($ssh_key) { "lxc", "maven2", "mercurial", # needed by pip bundle - "mysql-server", - "default-jdk", # jdk for building java jobs + "mysql-server", "pandoc", #for docs, markdown->docbook, bug 924507 "parted", "pep8", @@ -60,7 +63,6 @@ class jenkins_slave($ssh_key) { "python-cheetah", "python-libvirt", "python-libxml2", - "python-pip", "python-sphinx", "python-unittest2", "python-vm-builder", @@ -72,17 +74,18 @@ class jenkins_slave($ssh_key) { "unzip", "vlan", "wget"] + + if ($bare == false) { + $packages = [$common_packages, $standard_packages] + } else { + $packages = $common_packages + } + package { $packages: ensure => "latest", require => Apt::Ppa["ppa:openstack-ci/build-depends"], } - package { "apache-libcloud": - ensure => latest, - provider => pip, - require => Package[python-pip] - } - package { "git-review": ensure => latest, provider => pip, @@ -108,36 +111,6 @@ class jenkins_slave($ssh_key) { ], } - cron { "tmpreaper": - user => jenkins, - ensure => 'absent', - } - - exec { "jenins-slave-mysql": - creates => "/var/lib/mysql/openstack_citest/", - command => "/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -e \"\ - CREATE USER 'openstack_citest'@'localhost' IDENTIFIED BY 'openstack_citest';\ - CREATE DATABASE openstack_citest;\ - GRANT ALL ON openstack_citest.* TO 'openstack_citest'@'localhost';\ - FLUSH PRIVILEGES;\"", - require => [ - File["/etc/mysql/my.cnf"], # For myisam default tables - Package["mysql-server"], - Service["mysql"] - ] - } - - file { 'jenkinslogs': - name => '/var/log/jenkins/tmpreaper.log*', - ensure => 'absent', - } - - file { 'jenkinslogdir': - name => '/var/log/jenkins', - ensure => 'absent', - force => true, - } - file { 'ccachegcc': name => '/usr/local/bin/gcc', ensure => link, @@ -166,22 +139,38 @@ class jenkins_slave($ssh_key) { require => Package['ccache'], } - file { "/etc/mysql/my.cnf": - source => 'puppet:///modules/jenkins_slave/my.cnf', - owner => 'root', - group => 'root', - ensure => 'present', - replace => 'true', - mode => 444, - require => Package["mysql-server"], - } - service { "mysql": - name => "mysql", - ensure => running, - enable => true, - subscribe => File["/etc/mysql/my.cnf"], - require => [File["/etc/mysql/my.cnf"], Package["mysql-server"]] - } + if ($bare == false) { + exec { "jenins-slave-mysql": + creates => "/var/lib/mysql/openstack_citest/", + command => "/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -e \"\ + CREATE USER 'openstack_citest'@'localhost' IDENTIFIED BY 'openstack_citest';\ + CREATE DATABASE openstack_citest;\ + GRANT ALL ON openstack_citest.* TO 'openstack_citest'@'localhost';\ + FLUSH PRIVILEGES;\"", + require => [ + File["/etc/mysql/my.cnf"], # For myisam default tables + Package["mysql-server"], + Service["mysql"] + ] + } + file { "/etc/mysql/my.cnf": + source => 'puppet:///modules/jenkins_slave/my.cnf', + owner => 'root', + group => 'root', + ensure => 'present', + replace => 'true', + mode => 444, + require => Package["mysql-server"], + } + + service { "mysql": + name => "mysql", + ensure => running, + enable => true, + subscribe => File["/etc/mysql/my.cnf"], + require => [File["/etc/mysql/my.cnf"], Package["mysql-server"]] + } + } } diff --git a/modules/jenkins_slave/manifests/jenkinsuser.pp b/modules/jenkins_slave/manifests/jenkinsuser.pp index f71d3b91f2..66bd744cc4 100644 --- a/modules/jenkins_slave/manifests/jenkinsuser.pp +++ b/modules/jenkins_slave/manifests/jenkinsuser.pp @@ -1,9 +1,15 @@ -define jenkinsuser($ensure = present, $ssh_key) { +define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { group { 'jenkins': ensure => 'present' } + if ($sudo == true) { + $groups = ['sudo', 'admin'] + } else { + $groups = [] + } + user { 'jenkins': ensure => 'present', comment => 'Jenkins User', @@ -11,6 +17,7 @@ define jenkinsuser($ensure = present, $ssh_key) { gid => 'jenkins', shell => '/bin/bash', membership => 'minimum', + groups => $groups, require => Group['jenkins'] }