From 564f8ab2375eafa8eb0c90ea7c7a5eb7883b8095 Mon Sep 17 00:00:00 2001 From: Joshua Hesketh Date: Sat, 5 Apr 2014 15:58:12 +1100 Subject: [PATCH] Configure swift credentials for workers to push to This change adds credentials as set up by fungi (2014-04-05T03:16:46) http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2014-04-05.log This allows zuul to send signed URL's for workers to push files to on a per-job basis. This change will require a zuul restart, not just a reload! Note this is unreverts the revert in c1b98eaff618b8c739cc02f089ef6fe6c02cbcc3 but is slightly edited hence the lack of a proper revert commit. The reason for the revert has been debugged and was due to rax identity service not providing a catalog entry for swift when a tenant name is provided. Change-Id: I04d3207002f7422b9851515ee88a74b19dd2f248 --- manifests/site.pp | 27 ++++++++----- .../openstack_project/manifests/zuul_prod.pp | 38 +++++++++++++------ modules/zuul/manifests/init.pp | 7 ++++ modules/zuul/templates/zuul.conf.erb | 18 +++++++++ 4 files changed, 69 insertions(+), 21 deletions(-) diff --git a/manifests/site.pp b/manifests/site.pp index 38f2028de8..fda839b44b 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -425,15 +425,24 @@ node 'nodepool.openstack.org' { node 'zuul.openstack.org' { class { 'openstack_project::zuul_prod': - gerrit_server => 'review.openstack.org', - gerrit_user => 'jenkins', - gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), - zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'), - url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}', - zuul_url => 'http://zuul.openstack.org/p', - sysadmins => hiera('sysadmins'), - statsd_host => 'graphite.openstack.org', - gearman_workers => [ + gerrit_server => 'review.openstack.org', + gerrit_user => 'jenkins', + gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), + zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'), + url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}', + swift_authurl => 'https://identity.api.rackspacecloud.com/v2.0/', + swift_user => 'infra-files-rw', + swift_key => hiera('infra_files_rw_password'), + # Yes, really unset the tenant name. Rax identity can't construct a + # proper catalog when we provide the tenant here. + swift_tenant_name => '', + swift_region_name => 'DFW', + swift_default_container => 'infra-files', + swift_default_logserver_prefix => 'http://logs.openstack.org/', + zuul_url => 'http://zuul.openstack.org/p', + sysadmins => hiera('sysadmins'), + statsd_host => 'graphite.openstack.org', + gearman_workers => [ 'nodepool.openstack.org', 'jenkins.openstack.org', 'jenkins01.openstack.org', diff --git a/modules/openstack_project/manifests/zuul_prod.pp b/modules/openstack_project/manifests/zuul_prod.pp index 7c6f1fcde2..76e01734a3 100644 --- a/modules/openstack_project/manifests/zuul_prod.pp +++ b/modules/openstack_project/manifests/zuul_prod.pp @@ -9,6 +9,13 @@ class openstack_project::zuul_prod( $zuul_ssh_private_key = '', $url_pattern = '', $zuul_url = '', + $swift_authurl = '', + $swift_user = '', + $swift_key = '', + $swift_tenant_name = '', + $swift_region_name = '', + $swift_default_container = '', + $swift_default_logserver_prefix = '', $sysadmins = [], $statsd_host = '', $gearman_workers = [], @@ -24,18 +31,25 @@ class openstack_project::zuul_prod( } class { '::zuul': - vhost_name => $vhost_name, - gearman_server => $gearman_server, - gerrit_server => $gerrit_server, - gerrit_user => $gerrit_user, - zuul_ssh_private_key => $zuul_ssh_private_key, - url_pattern => $url_pattern, - zuul_url => $zuul_url, - job_name_in_report => true, - status_url => 'http://status.openstack.org/zuul/', - statsd_host => $statsd_host, - git_email => 'jenkins@openstack.org', - git_name => 'OpenStack Jenkins', + vhost_name => $vhost_name, + gearman_server => $gearman_server, + gerrit_server => $gerrit_server, + gerrit_user => $gerrit_user, + zuul_ssh_private_key => $zuul_ssh_private_key, + url_pattern => $url_pattern, + zuul_url => $zuul_url, + job_name_in_report => true, + status_url => 'http://status.openstack.org/zuul/', + statsd_host => $statsd_host, + git_email => 'jenkins@openstack.org', + git_name => 'OpenStack Jenkins', + swift_authurl => $swift_authurl, + swift_user => $swift_user, + swift_key => $swift_key, + swift_tenant_name => $swift_tenant_name, + swift_region_name => $swift_region_name, + swift_default_container => $swift_default_container, + swift_default_logserver_prefix => $swift_default_logserver_prefix, } class { '::zuul::server': } diff --git a/modules/zuul/manifests/init.pp b/modules/zuul/manifests/init.pp index 3bb13d9296..754d7a0056 100644 --- a/modules/zuul/manifests/init.pp +++ b/modules/zuul/manifests/init.pp @@ -34,6 +34,13 @@ class zuul ( $statsd_host = '', $git_email = '', $git_name = '', + $swift_authurl = '', + $swift_user = '', + $swift_key = '', + $swift_tenant_name = '', + $swift_region_name = '', + $swift_default_container = '', + $swift_default_logserver_prefix = '', ) { include apache include pip diff --git a/modules/zuul/templates/zuul.conf.erb b/modules/zuul/templates/zuul.conf.erb index fba83fbeee..15c8f4074c 100644 --- a/modules/zuul/templates/zuul.conf.erb +++ b/modules/zuul/templates/zuul.conf.erb @@ -30,3 +30,21 @@ git_user_email=<%= git_email %> <% if git_name != "" -%> git_user_name=<%= git_name %> <% end -%> + +<% if swift_authurl != "" -%> +[swift] +authurl=<%= swift_authurl %> +user=<%= swift_user %> +key=<%= swift_key %> +<% if swift_tenant_name != "" -%> +tenant_name=<%= swift_tenant_name %> +<% else -%> +# tenant_name is not provided here as some swift providers +# do not have identity servers that work when tenant_name +# is provided. You may set the tenant_name if necessary +# but otherwise it is unset to accomodate these providers. +<% end -%> +region_name=<%= swift_region_name %> +default_container=<%= swift_default_container %> +default_logserver_prefix=<%= swift_default_logserver_prefix %> +<% end -%>