# Copyright (c) 2015 Hewlett-Packard Development Company, L.P. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License # == Class: single_node_ci # # This class will setup a typical 3rd party CI system using Jenkins # Zuul, Nodepool, Jenkins Job Builder, onto a single host. It requires # a 'project-config' data repository to configure these services. # # Zuul status page will be available on port 80 # Jenkins UI will be available on port 8080 # # === Parameters # # [*vhost_name*] # This is the FQDN of the host running the CI system managed by this class. # If you don't have one that resolves correctly, use the host's IP address. # # [*project_config_repo*] # This is the git URL to the project-config repo that contains all the # jenkins jobs, nodepool configurations, and zuul configurations. # # [*serveradmin*] # The e-mail address of the owner of the CI system # # [*jenkins_vhost_name*] # This is the alternative hostname or FQDN to use by Jenkins. # Don't use $vhost_name as it conflicts with zuul # # [*jenkins_username*] # If you have Jenkins secured, this is the username Jenkins Job Builder # will use to manage all Jenkins jobs. Otherwise the value is ignored. # # [*jenkins_password*] # If you have Jenkins secured, this is the password associated with the # jenkins_username. Otherwise the value is ignored. # # [*jenkins_ssh_private_key*] # This is the private key the Jenkins master will use to login to # Jenkins slaves. # # [*jenkins_ssh_public_key*] # This is the public key associated with jenkins_ssh_private_key. # The public key should not have any white space. Omit the 'ssh-rsa' prefix # and comment section / e-mail address suffix. # # [*java_args_override*] # These are the arguments to pass to Java: # "-Xloggc:/var/log/jenkins/gc.log -XX:+PrintGCDetails -Xmx12g -Dorg.kohsuke.stapler.compression.CompressionFilter.disabled=true -Djava.util.logging.config.file=/var/lib/jenkins/logger.conf -Dhudson.model.ParametersAction.keepUndefinedParameters=true" # Set this parameter through hieradata. # To work around the security restrictions that result from upgrading to version > 1.651.2 # Add the Java system parameter: # "-Dhudson.model.ParametersAction.keepUndefinedParameters=true" # Please note that adding this parameter is not secure and it exposes a potential jenkins security vulnerability. # # [*jenkins_version*] # This is a Jenkins version, such as '1.651', 'present' (to install # the most recent, and never upgrade), or latest' (to install the most # recent version, and upgrade if a more recent version is published). # # [*gerrit_server*] # This is the host name of the gerrit server this CI system will be # listening for events. # # [*gerrit_user*] # This is the username to access the gerrit server's event stream. # You can look up the gerrit username from the gerrit server, under # 'settings', in the 'profile' section. # # [*gerrit_user_ssh_public_key*] # This is the public key registered for the gerrit_user's gerrit account. # The public key should not have any white space. Omit the 'ssh-rsa' prefix # and comment section / e-mail address suffix. # # [*gerrit_user_ssh_private_key*] # This is the private key associated with the gerrit_user_ssh_public_key. # # [*gerrit_ssh_host_key*] # This is the host key of the gerrit server. # # [*git_email*] # The e-mail address for zuul to use for internal git commits. # # [*git_name*] # The name for zuul to use for internal git commits. # # [*log_server*] # This is the FQDN/IP address of the log server where log files are uploaded # after a job finishes. Jenkins will use its jenkins_ssh_private_key to scp # job log files files to it. # # [*smtp_host*] # The smtp hostname to use for zuul to send notification e-mails # if configured to do so in project-config/zuul/layout/layout.yaml # # [*smtp_default_from*] # The default 'from' e-mail address zuul will use when it sends # notification e-mails. # # [*smtp_default_to*] # The default 'to' e-mail address zuul will use when it sends # notification e-mails. # # [*zuulv2*] # Set to true to deploy zuul v2 (incompatible with zuul v3). # # [*zuul_revision*] # The branch name used to install zuul. # # [*zuul_git_source_repo*] # The zuul git source repository to install zuul. # # [*oscc_file_contents*] # The multi-line contents of os-client-config. # This allows the nodepool.yaml file provided to not contain any sensitive # provider passwords. See configuration guide for more details: # https://git.openstack.org/cgit/openstack/os-client-config/tree/README.rst # # [*mysql_root_password*] # This is the root mysql password. If mysql is not yet installed, # this will be the password. Otherwise, if mysql is already installed, # this is the root password needed to setup the nodepool mysql user and # database. # # [*mysql_nodepool_password*] # This is the nodepool user's mysql password. # # [*nodepool_jenkins_target*] # This is the name of the Jenkins target found in the # project-config/nodepool/nodepool.yaml file. # # [*jenkins_api_key*] # If Jenkins is secured, this the Jenkins API Token need to access the Jenkins API. # It is provided in Jenkins UI --> Manage Jenkins --> Manage Users --> 'jenkins user' # --> Configure --> Show API Token. Otherwise it is ignored. # # [*jenkins_credentials_id*] # If Jenkins is secured, this parameter needs to match the id field of this element: # # inside this file: /var/lib/jenkins/credentials.xml # and associated with this this key 'jenkins_ssh_private_key'. Otherwise it is ignored. # # [*nodepool_revision*] # The branch name used to install nodepool. # # [*nodepool_git_source_repo*] # The nodepool git source repository to install nodepool. # class openstackci::single_node_ci ( $vhost_name = $::fqdn, $project_config_repo = undef, # Jenkins Configurations $jenkins_vhost_name = 'jenkins', $serveradmin = "webmaster@${vhost_name}", $jenkins_username = 'jenkins', $jenkins_password = undef, $jenkins_ssh_private_key = undef, $jenkins_ssh_public_key = undef, $java_args_override = undef, $jenkins_version = 'present', $jjb_git_revision = 'master', $jjb_git_url = 'https://git.openstack.org/openstack-infra/jenkins-job-builder', # Zuul Configurations $gerrit_server = 'review.openstack.org', $gerrit_user = undef, $gerrit_user_ssh_public_key = undef, $gerrit_user_ssh_private_key = undef, $gerrit_ssh_host_key = '[review.openstack.org]:29418,[104.130.246.91]:29418,[2001:4800:7819:103:be76:4eff:fe05:8525]:29418 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfsIj/jqpI+2CFdjCL6kOiqdORWvxQ2sQbCzSzzmLXic8yVhCCbwarkvEpfUOHG4eyB0vqVZfMffxf0Yy3qjURrsroBCiuJ8GdiAcGdfYwHNfBI0cR6kydBZL537YDasIk0Z3ILzhwf7474LmkVzS7V2tMTb4ZiBS/jUeiHsVp88FZhIBkyhlb/awAGcUxT5U4QBXCAmerYXeB47FPuz9JFOVyF08LzH9JRe9tfXtqaCNhlSdRe/2pPRvn2EIhn5uHWwATACG9MBdrK8xv8LqPOik2w1JkgLWyBj11vDd5I3IjrmREGw8dqImqp0r6MD8rxqADlc1elfDIXYsy+TVH', $git_email = undef, $git_name = undef, $log_server = undef, $smtp_host = 'localhost', $smtp_default_from = "zuul@${vhost_name}", $smtp_default_to = "zuul.reports@${vhost_name}", $zuulv2 = true, $zuul_revision = undef, $zuul_git_source_repo = 'https://git.openstack.org/openstack-infra/zuul', # Nodepool configurations $oscc_file_contents = undef, $mysql_root_password = undef, $mysql_nodepool_password = undef, $nodepool_jenkins_target = undef, $jenkins_api_key = undef, $jenkins_credentials_id = undef, $nodepool_revision = undef, $nodepool_git_source_repo = 'https://git.openstack.org/openstack-infra/nodepool', ) { if $zuulv2 { if $nodepool_revision == undef { $nodepool_revision_ = '0.5.0' } else { $nodepool_revision_ = $nodepool_revision } if $zuul_revision == undef { $zuul_revision_ = '2.6.0' } else { $zuul_revision_ = $zuul_revision } class { '::openstackci::jenkins_master': vhost_name => $jenkins_vhost_name, serveradmin => $serveradmin, jenkins_ssh_private_key => $jenkins_ssh_private_key, jenkins_ssh_public_key => $jenkins_ssh_public_key, jenkins_version => $jenkins_version, manage_jenkins_jobs => true, jenkins_url => 'http://127.0.0.1:8080/', jenkins_username => $jenkins_username, jenkins_password => $jenkins_password, project_config_repo => $project_config_repo, log_server => $log_server, java_args_override => $java_args_override, jjb_git_revision => $jjb_git_revision, jjb_git_url => $jjb_git_url, } class { '::openstackci::zuul_merger': vhost_name => $vhost_name, gearman_server => 'localhost', gerrit_server => $gerrit_server, gerrit_user => $gerrit_user, # known_hosts_content is set by openstackci::zuul_scheduler known_hosts_content => '', zuul_ssh_private_key => $gerrit_user_ssh_private_key, zuul_url => "http://${vhost_name}/p/", git_email => $git_email, git_name => $git_name, manage_common_zuul => false, revision => $zuul_revision_, git_source_repo => $zuul_git_source_repo, } class { '::openstackci::zuul_scheduler': vhost_name => $vhost_name, gearman_server => 'localhost', gerrit_server => $gerrit_server, gerrit_user => $gerrit_user, known_hosts_content => $gerrit_ssh_host_key, zuul_ssh_private_key => $gerrit_user_ssh_private_key, url_pattern => "http://${log_server}/{build.parameters[LOG_PATH]}", zuul_url => "http://${vhost_name}/p/", job_name_in_report => true, status_url => "http://${vhost_name}", project_config_repo => $project_config_repo, git_email => $git_email, git_name => $git_name, smtp_host => $smtp_host, smtp_default_from => $smtp_default_from, smtp_default_to => $smtp_default_to, revision => $zuul_revision_, } class { '::openstackci::nodepool': mysql_root_password => $mysql_root_password, mysql_password => $mysql_nodepool_password, nodepool_ssh_private_key => $jenkins_ssh_private_key, revision => $nodepool_revision_, git_source_repo => $nodepool_git_source_repo, oscc_file_contents => $oscc_file_contents, environment => { # Set up the key in /etc/default/nodepool, used by the service. 'NODEPOOL_SSH_KEY' => $jenkins_ssh_public_key }, project_config_repo => $project_config_repo, # Disable nodepool image logs as it conflicts with the zuul status page enable_image_log_via_http => false, jenkins_masters => [ { name => $nodepool_jenkins_target, url => 'http://localhost:8080/', user => $jenkins_username, apikey => $jenkins_api_key, credentials => $jenkins_credentials_id, }, ], } } else { # Zuul V3 if $nodepool_revision == undef { $nodepool_revision_ = 'master' } else { $nodepool_revision_ = $nodepool_revision } if $zuul_revision == undef { $zuul_revision_ = 'master' } else { $zuul_revision_ = $zuul_revision } # TODO v3 all in one fail('zuul v3 all in one deployment is not supported') } }