opendev/system-config
Code Issues Proposed changes

Use snakeoil certs on numbered jenkins masters.

Browse Source 
Make it easier to deploy jenkins masters by using snakeoil certs on
numbered jenkins masters. This also simplifies the process of replacing
certs as make-ssl-cert can easily regenerate snakeoil certs for us.

Change-Id: I4966b1e502e0edf4f6fad25f06b9bacca25c5951
This commit is contained in:
Clark Boylan 2014-04-09 14:17:06 -07:00
parent 0c7e837ee5
commit 929ebfd170
2 changed files with 22 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
manifests/site.pp
View File

@ -81,97 +81,13 @@ node 'jenkins.openstack.org' {
} }
} }
node 'jenkins01.openstack.org' { node /^jenkins\d+\.openstack\.org$/ {
class { 'openstack_project::jenkins': class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'), jenkins_jobs_password => hiera('jenkins_jobs_password'),
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
ssl_cert_file_contents => hiera('jenkins01_ssl_cert_file_contents'), ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file_contents => hiera('jenkins01_ssl_key_file_contents'), ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file_contents => hiera('jenkins01_ssl_chain_file_contents'), ssl_chain_file => '',
sysadmins => hiera('sysadmins'),
zmq_event_receivers => ['logstash.openstack.org',
'nodepool.openstack.org',
],
}
}
node 'jenkins02.openstack.org' {
class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'),
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
ssl_cert_file_contents => hiera('jenkins02_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins02_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins02_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
zmq_event_receivers => ['logstash.openstack.org',
'nodepool.openstack.org',
],
}
}
node 'jenkins03.openstack.org' {
class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'),
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
ssl_cert_file_contents => hiera('jenkins03_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins03_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins03_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
zmq_event_receivers => ['logstash.openstack.org',
'nodepool.openstack.org',
],
}
}
node 'jenkins04.openstack.org' {
class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'),
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
ssl_cert_file_contents => hiera('jenkins04_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins04_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins04_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
zmq_event_receivers => ['logstash.openstack.org',
'nodepool.openstack.org',
],
}
}
node 'jenkins05.openstack.org' {
class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'),
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
ssl_cert_file_contents => hiera('jenkins05_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins05_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins05_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
zmq_event_receivers => ['logstash.openstack.org',
'nodepool.openstack.org',
],
}
}
node 'jenkins06.openstack.org' {
class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'),
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
ssl_cert_file_contents => hiera('jenkins06_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins06_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins06_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
zmq_event_receivers => ['logstash.openstack.org',
'nodepool.openstack.org',
],
}
}
node 'jenkins07.openstack.org' {
class { 'openstack_project::jenkins':
jenkins_jobs_password => hiera('jenkins_jobs_password'),
jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'),
ssl_cert_file_contents => hiera('jenkins07_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('jenkins07_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('jenkins07_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'), sysadmins => hiera('sysadmins'),
zmq_event_receivers => ['logstash.openstack.org', zmq_event_receivers => ['logstash.openstack.org',
'nodepool.openstack.org', 'nodepool.openstack.org',

24
modules/openstack_project/manifests/jenkins.pp
View File

@ -5,6 +5,9 @@ class openstack_project::jenkins (
$jenkins_jobs_password = '', $jenkins_jobs_password = '',
$jenkins_jobs_username = 'gerrig', # This is not a typo, well it isn't anymore. $jenkins_jobs_username = 'gerrig', # This is not a typo, well it isn't anymore.
$manage_jenkins_jobs = true, $manage_jenkins_jobs = true,
$ssl_cert_file = '',
$ssl_key_file = '',
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '', $ssl_cert_file_contents = '',
$ssl_key_file_contents = '', $ssl_key_file_contents = '',
$ssl_chain_file_contents = '', $ssl_chain_file_contents = '',
@ -22,18 +25,27 @@ class openstack_project::jenkins (
sysadmins => $sysadmins, sysadmins => $sysadmins,
} }
if $ssl_chain_file_contents != '' { # Set defaults here because they evaluate variables which you cannot
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem' # do in the class parameter list.
} else { if $ssl_cert_file == '' {
$ssl_chain_file = '' $prv_ssl_cert_file = "/etc/ssl/certs/${vhost_name}.pem"
}
else {
$prv_ssl_cert_file = $ssl_cert_file
}
if $ssl_key_file == '' {
$prv_ssl_key_file = "/etc/ssl/private/${vhost_name}.key"
}
else {
$prv_ssl_key_file = $ssl_key_file
} }
class { '::jenkins::master': class { '::jenkins::master':
vhost_name => $vhost_name, vhost_name => $vhost_name,
serveradmin => 'webmaster@openstack.org', serveradmin => 'webmaster@openstack.org',
logo => 'openstack.png', logo => 'openstack.png',
ssl_cert_file => "/etc/ssl/certs/${vhost_name}.pem", ssl_cert_file => $prv_ssl_cert_file,
ssl_key_file => "/etc/ssl/private/${vhost_name}.key", ssl_key_file => $prv_ssl_key_file,
ssl_chain_file => $ssl_chain_file, ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents, ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents, ssl_key_file_contents => $ssl_key_file_contents,