From e49887095994570f197b421bd960f1da74c97ff8 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 20 Jul 2012 19:38:57 -0700 Subject: [PATCH] Make a class for each type of server. Change-Id: I520b77a4d83958a6a1c2472e87b28f6b8822d890 --- manifests/site.pp | 286 ++---------------- modules/doc_server/manifests/init.pp | 38 --- modules/doc_server/manifests/site.pp | 15 - modules/doc_server/templates/nginx.erb | 11 - modules/meetbot/manifests/site.pp | 2 +- .../manifests/backup_server.pp | 5 + .../openstack_project/manifests/community.pp | 9 + .../openstack_project/manifests/eavesdrop.pp | 16 + .../openstack_project/manifests/etherpad.pp | 18 ++ modules/openstack_project/manifests/init.pp | 12 +- .../manifests/jclouds_slave.pp | 10 + .../openstack_project/manifests/jenkins.pp | 20 ++ .../manifests/jenkins_dev.pp | 17 ++ modules/openstack_project/manifests/lists.pp | 24 ++ modules/openstack_project/manifests/paste.pp | 14 + modules/openstack_project/manifests/planet.pp | 10 + .../manifests/puppetmaster.pp | 11 + modules/openstack_project/manifests/pypi.pp | 16 + modules/openstack_project/manifests/review.pp | 66 ++++ .../openstack_project/manifests/review_dev.pp | 33 ++ .../manifests/slave_template.pp | 10 + modules/openstack_project/manifests/wiki.pp | 9 + 22 files changed, 313 insertions(+), 339 deletions(-) delete mode 100644 modules/doc_server/manifests/init.pp delete mode 100644 modules/doc_server/manifests/site.pp delete mode 100644 modules/doc_server/templates/nginx.erb create mode 100644 modules/openstack_project/manifests/backup_server.pp create mode 100644 modules/openstack_project/manifests/community.pp create mode 100644 modules/openstack_project/manifests/eavesdrop.pp create mode 100644 modules/openstack_project/manifests/etherpad.pp create mode 100644 modules/openstack_project/manifests/jclouds_slave.pp create mode 100644 modules/openstack_project/manifests/jenkins.pp create mode 100644 modules/openstack_project/manifests/jenkins_dev.pp create mode 100644 modules/openstack_project/manifests/lists.pp create mode 100644 modules/openstack_project/manifests/paste.pp create mode 100644 modules/openstack_project/manifests/planet.pp create mode 100644 modules/openstack_project/manifests/puppetmaster.pp create mode 100644 modules/openstack_project/manifests/pypi.pp create mode 100644 modules/openstack_project/manifests/review.pp create mode 100644 modules/openstack_project/manifests/review_dev.pp create mode 100644 modules/openstack_project/manifests/slave_template.pp create mode 100644 modules/openstack_project/manifests/wiki.pp diff --git a/manifests/site.pp b/manifests/site.pp index ea81a8f00a..989ec7fad3 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -9,323 +9,79 @@ node default { # # Long lived servers: # - -# Current thinking on Gerrit tuning parameters: - -# database.poolLimit: -# This limit must be several units higher than the total number of -# httpd and sshd threads as some request processing code paths may need -# multiple connections. -# database.poolLimit = 1 + max(sshd.threads,sshd.batchThreads) + sshd.streamThreads + sshd.commandStartThreads + httpd.acceptorThreads + httpd.maxThreads -# http://groups.google.com/group/repo-discuss/msg/4c2809310cd27255 -# or "2x sshd.threads" -# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a - -# container.heaplimit: -# core.packedgit* -# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a - -# sshd.threads: -# http://groups.google.com/group/repo-discuss/browse_thread/thread/b91491c185295a71 - -# httpd.maxWait: -# 12:07 <@spearce> httpd.maxwait defaults to 5 minutes and is how long gerrit -# waits for an idle sshd.thread before aboring the http request -# 12:08 <@spearce> ironically -# 12:08 <@spearce> ProjectQosFilter passes this value as minutes -# 12:08 <@spearce> to a method that accepts milliseconds -# 12:09 <@spearce> so. you get 5 milliseconds before aborting -# thus, set it to 5000minutes until the bug is fixed. - node "review.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 29418] - } - class { 'gerrit': - virtual_hostname => 'review.openstack.org', - canonicalweburl => "https://review.openstack.org/", - ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem', - ssl_key_file => '/etc/ssl/private/review.openstack.org.key', - ssl_chain_file => '/etc/ssl/certs/intermediate.pem', - email => 'review@openstack.org', - database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up) - container_heaplimit => '8g', - core_packedgitopenfiles => '4096', - core_packedgitlimit => '400m', - core_packedgitwindowsize => '16k', - sshd_threads => '100', - httpd_maxwait => '5000min', - github_projects => $openstack_project::project_list, - upstream_projects => [ { - name => 'openstack-ci/gerrit', - remote => 'https://gerrit.googlesource.com/gerrit' - } ], - logo => 'openstack.png', - war => 'http://tarballs.openstack.org/ci/gerrit-2.4.1-10-g63110fd.war', - script_user => 'launchpadsync', - script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa', - script_site => 'openstack', - enable_melody => 'true', - melody_session => 'true', - gerritbot_nick => 'openstackgerrit', - gerritbot_password => hiera('gerrit_gerritbot_password'), - gerritbot_server => 'irc.freenode.net', - gerritbot_user => 'gerritbot', - github_user => 'openstack-gerrit', - github_token => hiera('gerrit_github_token'), - mysql_password => hiera('gerrit_mysql_password'), - email_private_key => hiera('gerrit_email_private_key'), - } + include openstack_project::review } node "gerrit-dev.openstack.org", "review-dev.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 29418] - } - - class { 'gerrit': - virtual_hostname => 'review-dev.openstack.org', - canonicalweburl => "https://review-dev.openstack.org/", - ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', - ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', - ssl_chain_file => '', - email => "review-dev@openstack.org", - github_projects => [ { - name => 'gtest-org/test', - close_pull => 'true' - } ], - logo => 'openstack.png', - war => 'http://tarballs.openstack.org/ci/gerrit-2.4.2-10-g93ffc27.war', - script_user => 'update', - script_key_file => '/home/gerrit2/.ssh/id_rsa', - script_site => 'openstack', - enable_melody => 'true', - melody_session => 'true', - gerritbot_nick => '', - gerritbot_password => '', - gerritbot_server => '', - gerritbot_user => '', - github_user => 'openstack-gerrit-dev', - github_token => hiera('gerrit_dev_github_token'), - mysql_password => hiera('gerrit_dev_mysql_password'), - email_private_key => hiera('gerrit_dev_email_private_key'), - } + include openstack_project::review_dev } node "jenkins.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 4155] - } - class { 'jenkins_master': - site => 'jenkins.openstack.org', - serveradmin => 'webmaster@openstack.org', - logo => 'openstack.png', - ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem', - ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key', - ssl_chain_file => '/etc/ssl/certs/intermediate.pem', - } - class { "jenkins_jobs": - url => "https://jenkins.openstack.org/", - username => "gerrig", - password => hiera('jenkins_jobs_password'), - site => "openstack", - } - class { "openstack_project::zuul": } + include openstack_project::jenkins } node "jenkins-dev.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 4155] - } - class { 'backup': - backup_user => 'bup-jenkins-dev', - backup_server => 'ci-backup-rs-ord.openstack.org' - } - class { 'jenkins_master': - site => 'jenkins-dev.openstack.org', - serveradmin => 'webmaster@openstack.org', - logo => 'openstack.png', - ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', - ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', - ssl_chain_file => '', - } + include openstack_project::jenkins_dev } node "community.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 8099, 8080] - } - - realize ( - User::Virtual::Localuser["smaffulli"], - ) + include openstack_project::community } node "ci-puppetmaster.openstack.org" { - class { 'openstack_project::server': - iptables_public_tcp_ports => [8140] - } - cron { "updatepuppetmaster": - user => root, - minute => "*/15", - command => 'sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet/production && /usr/bin/git pull -q', - environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin", - } - + include openstack_project::puppet_cron + include openstack_project::puppetmaster } -$sysadmins = $openstack_project::sysadmins - node "lists.openstack.org" { include openstack_project::remove_cron - - # Using openstack_project::template instead of openstack_project::server - # because the exim config on this machine is almost certainly - # going to be more complicated than normal. - class { 'openstack_project::template': - iptables_public_tcp_ports => [25, 80, 465] - } - - $sysadmins += ['duncan@dreamhost.com'] - class { 'exim': - sysadmin => $sysadmins, - mailman_domains => ['lists.openstack.org'], - } - - class { 'mailman': - mailman_host => 'lists.openstack.org' - } - - realize ( - User::Virtual::Localuser["oubiwann"], - ) -} - -node "docs.openstack.org" { - include openstack_project::remove_cron - include openstack_project::server - include doc_server + include openstack_project::lists } node "paste.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80] - } - include lodgeit - lodgeit::site { "openstack": - port => "5000", - image => "header-bg2.png" - } - - lodgeit::site { "drizzle": - port => "5001" - } - + include openstack_project::paste } node "planet.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80] - } - include planet - - planet::site { "openstack": - git_url => "https://github.com/openstack/openstack-planet.git" - } + include openstack_project::planet } node "eavesdrop.openstack.org" { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80] - } - include meetbot - - meetbot::site { "openstack": - nick => "openstack", - nickpass => hiera('openstack_meetbot_password'), - network => "FreeNode", - server => "chat.us.freenode.net:7000", - url => "eavesdrop.openstack.org", - channels => "#openstack #openstack-dev #openstack-meeting", - use_ssl => "True" - } + include openstack_project::eavesdrop } node "pypi.openstack.org" { include openstack_project::remove_cron - - # include jenkins slave so that build deps are there for the pip download - class { 'jenkins_slave': - ssh_key => "", - user => false - } - - class { 'openstack_project::server': - iptables_public_tcp_ports => [80] - } - - class { "pypimirror": - base_url => "http://pypi.openstack.org", - projects => $openstack_project::project_list, - } + include openstack_project::pypi } node 'etherpad.openstack.org' { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [22, 80, 443] - } - - include etherpad_lite - class { 'etherpad_lite::nginx': - etherpad_crt => hiera('etherpad_crt'), - etherpad_key => hiera('etherpad_key') - } - class { 'etherpad_lite::site': - database_password => hiera('etherpad_db_password'), - } - class { 'etherpad_lite::mysql': - database_password => hiera('etherpad_db_password'), - } - include etherpad_lite::backup + include openstack_project::etherpad } node 'wiki.openstack.org' { include openstack_project::remove_cron - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443] - } - - realize ( - User::Virtual::Localuser["rlane"], - ) + include openstack_project::wiki } # A bare machine, but with a jenkins user node /^.*\.template\.openstack\.org$/ { - class { 'openstack_project::template': - iptables_public_tcp_ports => [] - } - class { 'jenkins_slave': - ssh_key => $openstack_project::jenkins_ssh_key, - sudo => true, - bare => true - } + include openstack_project::slave_template } # A backup machine. Don't run cron or puppet agent on it. node /^ci-backup-.*\.openstack\.org$/ { - class { 'openstack_project::template': - iptables_public_tcp_ports => [] - } + include openstack_project::backup_server } # @@ -352,14 +108,6 @@ node /^.*\.slave\.openstack\.org$/ { include openstack_project::jenkins_slave } -# bare-bones slaves spun up by jclouds. Specifically need to not set ssh -# login limits, because it screws up jclouds provisioning node /^.*\.jclouds\.openstack\.org$/ { - - include openstack_project::base - - class { 'jenkins_slave': - ssh_key => "", - user => false - } + include openstack_project::jclouds_slave } diff --git a/modules/doc_server/manifests/init.pp b/modules/doc_server/manifests/init.pp deleted file mode 100644 index e80c97e0c3..0000000000 --- a/modules/doc_server/manifests/init.pp +++ /dev/null @@ -1,38 +0,0 @@ -import "jenkins_slave" - -class doc_server { - - include jenkins_slave - - package { 'nginx': - ensure => present; - } - - package { "python-storm": - ensure => present - } - - package { "python-mako": - ensure => present - } - - package { "python-pychart": - ensure => present - } - - package { "planet-venus": - ensure => present - } - - doc_server::site { "burrow": } - - doc_server::site { "ci": } - - doc_server::site { "keystone": } - - doc_server::site { "glance": } - - doc_server::site { "nova": } - - doc_server::site { "swift": } -} diff --git a/modules/doc_server/manifests/site.pp b/modules/doc_server/manifests/site.pp deleted file mode 100644 index ab8204cfe6..0000000000 --- a/modules/doc_server/manifests/site.pp +++ /dev/null @@ -1,15 +0,0 @@ -define doc_server::site { - - file { "/etc/nginx/sites-available/${name}": - ensure => 'present', - content => template("doc_server/nginx.erb"), - replace => 'true', - require => Package[nginx], - } - - file { "/etc/nginx/sites-enabled/${name}": - ensure => link, - target => "/etc/nginx/sites-available/${name}", - require => Package[nginx], - } -} diff --git a/modules/doc_server/templates/nginx.erb b/modules/doc_server/templates/nginx.erb deleted file mode 100644 index c3cc9d2d0e..0000000000 --- a/modules/doc_server/templates/nginx.erb +++ /dev/null @@ -1,11 +0,0 @@ -server { - listen 80; - server_name <%= name %>.openstack.org; - root /srv/docs/<%= name %>; - location ^~ /docs/ { - alias /srv/docs/<%= name %>/trunk; - } - location ^~ /tarballs/ { - alias /srv/tarballs/<%= name %>; - } -} diff --git a/modules/meetbot/manifests/site.pp b/modules/meetbot/manifests/site.pp index b2aeec8b48..12d6928f47 100644 --- a/modules/meetbot/manifests/site.pp +++ b/modules/meetbot/manifests/site.pp @@ -1,4 +1,4 @@ -define meetbot::site($nick, $nickpass, $network, $server, $url, $channels, $use_ssl) { +define meetbot::site($nick, $nickpass, $network, $server, $url=$fqdn, $channels, $use_ssl) { file { "/etc/nginx/sites-available/${name}-meetbot": ensure => 'present', diff --git a/modules/openstack_project/manifests/backup_server.pp b/modules/openstack_project/manifests/backup_server.pp new file mode 100644 index 0000000000..812091c38c --- /dev/null +++ b/modules/openstack_project/manifests/backup_server.pp @@ -0,0 +1,5 @@ +class openstack_project::backup_server { + class { 'openstack_project::template': + iptables_public_tcp_ports => [] + } +} diff --git a/modules/openstack_project/manifests/community.pp b/modules/openstack_project/manifests/community.pp new file mode 100644 index 0000000000..1df63e4a7b --- /dev/null +++ b/modules/openstack_project/manifests/community.pp @@ -0,0 +1,9 @@ +class openstack_project::community { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443, 8099, 8080] + } + + realize ( + User::Virtual::Localuser["smaffulli"], + ) +} diff --git a/modules/openstack_project/manifests/eavesdrop.pp b/modules/openstack_project/manifests/eavesdrop.pp new file mode 100644 index 0000000000..ab8348a507 --- /dev/null +++ b/modules/openstack_project/manifests/eavesdrop.pp @@ -0,0 +1,16 @@ +class openstack_project::eavesdrop { + class { 'openstack_project::server': + + iptables_public_tcp_ports => [80] + } + include meetbot + + meetbot::site { "openstack": + nick => "openstack", + nickpass => hiera('openstack_meetbot_password'), + network => "FreeNode", + server => "chat.us.freenode.net:7000", + channels => "#openstack #openstack-dev #openstack-meeting", + use_ssl => "True" + } +} diff --git a/modules/openstack_project/manifests/etherpad.pp b/modules/openstack_project/manifests/etherpad.pp new file mode 100644 index 0000000000..c54349bd7c --- /dev/null +++ b/modules/openstack_project/manifests/etherpad.pp @@ -0,0 +1,18 @@ +class openstack_project::etherpad { + class { 'openstack_project::server': + iptables_public_tcp_ports => [22, 80, 443] + } + + include etherpad_lite + class { 'etherpad_lite::nginx': + etherpad_crt => hiera('etherpad_crt'), + etherpad_key => hiera('etherpad_key') + } + class { 'etherpad_lite::site': + database_password => hiera('etherpad_db_password'), + } + class { 'etherpad_lite::mysql': + database_password => hiera('etherpad_db_password'), + } + include etherpad_lite::backup +} diff --git a/modules/openstack_project/manifests/init.pp b/modules/openstack_project/manifests/init.pp index eb514810a0..3dc6c5609d 100644 --- a/modules/openstack_project/manifests/init.pp +++ b/modules/openstack_project/manifests/init.pp @@ -2,11 +2,13 @@ class openstack_project { $jenkins_ssh_key = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson' - $sysadmin = ['corvus@inaugust.com', - 'mordred@inaugust.com', - 'andrew@linuxjedi.co.uk', - 'devananda.vdv@gmail.com', - 'clark.boylan@gmail.com'] + $sysadmin = [ + 'corvus@inaugust.com', + 'mordred@inaugust.com', + 'andrew@linuxjedi.co.uk', + 'devananda.vdv@gmail.com', + 'clark.boylan@gmail.com' + ] $project_list = [ { name => 'openstack/keystone', diff --git a/modules/openstack_project/manifests/jclouds_slave.pp b/modules/openstack_project/manifests/jclouds_slave.pp new file mode 100644 index 0000000000..881c6ffb8d --- /dev/null +++ b/modules/openstack_project/manifests/jclouds_slave.pp @@ -0,0 +1,10 @@ +# bare-bones slaves spun up by jclouds. Specifically need to not set ssh +# login limits, because it screws up jclouds provisioning +class openstack_project::jclouds_slave { + include openstack_project::base + + class { 'jenkins_slave': + ssh_key => "", + user => false + } +} diff --git a/modules/openstack_project/manifests/jenkins.pp b/modules/openstack_project/manifests/jenkins.pp new file mode 100644 index 0000000000..61618a07e8 --- /dev/null +++ b/modules/openstack_project/manifests/jenkins.pp @@ -0,0 +1,20 @@ +class openstack_project::jenkins { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443, 4155] + } + class { 'jenkins_master': + site => 'jenkins.openstack.org', + serveradmin => 'webmaster@openstack.org', + logo => 'openstack.png', + ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem', + ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key', + ssl_chain_file => '/etc/ssl/certs/intermediate.pem', + } + class { "jenkins_jobs": + url => "https://jenkins.openstack.org/", + username => "gerrig", + password => hiera('jenkins_jobs_password'), + site => "openstack", + } + class { "openstack_project::zuul": } +} diff --git a/modules/openstack_project/manifests/jenkins_dev.pp b/modules/openstack_project/manifests/jenkins_dev.pp new file mode 100644 index 0000000000..df4af0aa03 --- /dev/null +++ b/modules/openstack_project/manifests/jenkins_dev.pp @@ -0,0 +1,17 @@ +class openstack_project::jenkins_dev { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443, 4155] + } + class { 'backup': + backup_user => 'bup-jenkins-dev', + backup_server => 'ci-backup-rs-ord.openstack.org' + } + class { 'jenkins_master': + site => 'jenkins-dev.openstack.org', + serveradmin => 'webmaster@openstack.org', + logo => 'openstack.png', + ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', + ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', + ssl_chain_file => '', + } +} diff --git a/modules/openstack_project/manifests/lists.pp b/modules/openstack_project/manifests/lists.pp new file mode 100644 index 0000000000..fd04e5b2f6 --- /dev/null +++ b/modules/openstack_project/manifests/lists.pp @@ -0,0 +1,24 @@ +$sysadmins = $openstack_project::sysadmins + +class openstack_project::lists { + # Using openstack_project::template instead of openstack_project::server + # because the exim config on this machine is almost certainly + # going to be more complicated than normal. + class { 'openstack_project::template': + iptables_public_tcp_ports => [25, 80, 465] + } + + $sysadmins += ['duncan@dreamhost.com'] + class { 'exim': + sysadmin => $sysadmins, + mailman_domains => ['lists.openstack.org'], + } + + class { 'mailman': + mailman_host => 'lists.openstack.org' + } + + realize ( + User::Virtual::Localuser["oubiwann"], + ) +} diff --git a/modules/openstack_project/manifests/paste.pp b/modules/openstack_project/manifests/paste.pp new file mode 100644 index 0000000000..43f7534f30 --- /dev/null +++ b/modules/openstack_project/manifests/paste.pp @@ -0,0 +1,14 @@ +class openstack_project::paste { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80] + } + include lodgeit + lodgeit::site { "openstack": + port => "5000", + image => "header-bg2.png" + } + + lodgeit::site { "drizzle": + port => "5001" + } +} diff --git a/modules/openstack_project/manifests/planet.pp b/modules/openstack_project/manifests/planet.pp new file mode 100644 index 0000000000..a9eb369e37 --- /dev/null +++ b/modules/openstack_project/manifests/planet.pp @@ -0,0 +1,10 @@ +class openstack_project::planet { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80] + } + include planet + + planet::site { "openstack": + git_url => "https://github.com/openstack/openstack-planet.git" + } +} diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp new file mode 100644 index 0000000000..2957d6eb88 --- /dev/null +++ b/modules/openstack_project/manifests/puppetmaster.pp @@ -0,0 +1,11 @@ +class openstack_project::puppetmaster { + class { 'openstack_project::server': + iptables_public_tcp_ports => [8140] + } + cron { "updatepuppetmaster": + user => root, + minute => "*/15", + command => 'sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet/production && /usr/bin/git pull -q', + environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin", + } +} diff --git a/modules/openstack_project/manifests/pypi.pp b/modules/openstack_project/manifests/pypi.pp new file mode 100644 index 0000000000..95bf1c49aa --- /dev/null +++ b/modules/openstack_project/manifests/pypi.pp @@ -0,0 +1,16 @@ +class openstack_project::pypi { + # include jenkins slave so that build deps are there for the pip download + class { 'jenkins_slave': + ssh_key => "", + user => false + } + + class { 'openstack_project::server': + iptables_public_tcp_ports => [80] + } + + class { "pypimirror": + base_url => "http://pypi.openstack.org", + projects => $openstack_project::project_list, + } +} diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp new file mode 100644 index 0000000000..2e44eb5c23 --- /dev/null +++ b/modules/openstack_project/manifests/review.pp @@ -0,0 +1,66 @@ +# Current thinking on Gerrit tuning parameters: + +# database.poolLimit: +# This limit must be several units higher than the total number of +# httpd and sshd threads as some request processing code paths may need +# multiple connections. +# database.poolLimit = 1 + max(sshd.threads,sshd.batchThreads) + sshd.streamThreads + sshd.commandStartThreads + httpd.acceptorThreads + httpd.maxThreads +# http://groups.google.com/group/repo-discuss/msg/4c2809310cd27255 +# or "2x sshd.threads" +# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a + +# container.heaplimit: +# core.packedgit* +# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a + +# sshd.threads: +# http://groups.google.com/group/repo-discuss/browse_thread/thread/b91491c185295a71 + +# httpd.maxWait: +# 12:07 <@spearce> httpd.maxwait defaults to 5 minutes and is how long gerrit +# waits for an idle sshd.thread before aboring the http request +# 12:08 <@spearce> ironically +# 12:08 <@spearce> ProjectQosFilter passes this value as minutes +# 12:08 <@spearce> to a method that accepts milliseconds +# 12:09 <@spearce> so. you get 5 milliseconds before aborting +# thus, set it to 5000minutes until the bug is fixed. +class openstack_project::review { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443, 29418] + } + class { 'gerrit': + virtual_hostname => 'review.openstack.org', + canonicalweburl => "https://review.openstack.org/", + ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem', + ssl_key_file => '/etc/ssl/private/review.openstack.org.key', + ssl_chain_file => '/etc/ssl/certs/intermediate.pem', + email => 'review@openstack.org', + database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up) + container_heaplimit => '8g', + core_packedgitopenfiles => '4096', + core_packedgitlimit => '400m', + core_packedgitwindowsize => '16k', + sshd_threads => '100', + httpd_maxwait => '5000min', + github_projects => $openstack_project::project_list, + upstream_projects => [ { + name => 'openstack-ci/gerrit', + remote => 'https://gerrit.googlesource.com/gerrit' + } ], + logo => 'openstack.png', + war => 'http://tarballs.openstack.org/ci/gerrit-2.4.1-10-g63110fd.war', + script_user => 'launchpadsync', + script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa', + script_site => 'openstack', + enable_melody => 'true', + melody_session => 'true', + gerritbot_nick => 'openstackgerrit', + gerritbot_password => hiera('gerrit_gerritbot_password'), + gerritbot_server => 'irc.freenode.net', + gerritbot_user => 'gerritbot', + github_user => 'openstack-gerrit', + github_token => hiera('gerrit_github_token'), + mysql_password => hiera('gerrit_mysql_password'), + email_private_key => hiera('gerrit_email_private_key'), + } +} diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp new file mode 100644 index 0000000000..e333dcdf84 --- /dev/null +++ b/modules/openstack_project/manifests/review_dev.pp @@ -0,0 +1,33 @@ +class openstack_project::review_dev { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443, 29418] + } + + class { 'gerrit': + virtual_hostname => 'review-dev.openstack.org', + canonicalweburl => "https://review-dev.openstack.org/", + ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', + ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', + ssl_chain_file => '', + email => "review-dev@openstack.org", + github_projects => [ { + name => 'gtest-org/test', + close_pull => 'true' + } ], + logo => 'openstack.png', + war => 'http://tarballs.openstack.org/ci/gerrit-2.4.2-10-g93ffc27.war', + script_user => 'update', + script_key_file => '/home/gerrit2/.ssh/id_rsa', + script_site => 'openstack', + enable_melody => 'true', + melody_session => 'true', + gerritbot_nick => '', + gerritbot_password => '', + gerritbot_server => '', + gerritbot_user => '', + github_user => 'openstack-gerrit-dev', + github_token => hiera('gerrit_dev_github_token'), + mysql_password => hiera('gerrit_dev_mysql_password'), + email_private_key => hiera('gerrit_dev_email_private_key') + } +} diff --git a/modules/openstack_project/manifests/slave_template.pp b/modules/openstack_project/manifests/slave_template.pp new file mode 100644 index 0000000000..acecde6ee5 --- /dev/null +++ b/modules/openstack_project/manifests/slave_template.pp @@ -0,0 +1,10 @@ +class openstack_project::slave_template { + class { 'openstack_project::template': + iptables_public_tcp_ports => [] + } + class { 'jenkins_slave': + ssh_key => $openstack_project::jenkins_ssh_key, + sudo => true, + bare => true + } +} diff --git a/modules/openstack_project/manifests/wiki.pp b/modules/openstack_project/manifests/wiki.pp new file mode 100644 index 0000000000..23ec09e3fb --- /dev/null +++ b/modules/openstack_project/manifests/wiki.pp @@ -0,0 +1,9 @@ +class openstack_project::wiki { + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443] + } + + realize ( + User::Virtual::Localuser["rlane"], + ) +}