The opendev project has been moving away from puppet and this is one of
the puppet modules that is no longer used. To simplify things for us we
are taking the extra step of retiring this repo.
Change-Id: Ibd49cc2311b2b3ee10b5d0ec235f9d247dafdc94
Turn jenkins.default to a template. This enables to customize it
easily. This is useful for downstream projects where it is needed
to tune jenkins.default parameters. Either Pass the required
parameter to jenkins class or pass a customized jenkins.default
file location in jenkins_default.
For backward compatibility, default values are set in the class
parameters list.
Change-Id: Ice0e4ffa2fffd041d8bcc4a0b323ffae7ba2b0c8
In an effort to support having an OpenPGP signing key that doesn't
exactly match the name+email in .gitconfig, separately parameterize
the signingkey option allowing it to be explicitly overridden with a
key ID or other similar identifier (such as a matching E-mail
address).
Change-Id: Id577c4479abd2f443f73c630a12e94d3ebe63660
Currently, when Apache2 is deciding on which vhost to service the requests,
it first looks for the VirtualHost that has the same IP and port as in the request.
(http://httpd.apache.org/docs/current/vhosts/details.html)
This means, providing "jenkins::master::vhost_name" is resolved on host,
and the host has only one IP address, that all requests match this vhost.
This prevents from hosting Jenkins on CI host together with zuul and logserver.
Change-Id: Idf16c2925ab700107a6fd311e276dc1cdb8ad44d
Stop using ssh_authorized_key with a fixed name,
and move key generation to a template. It will accept
an ssh_key parameter, that can accept either an array
or a single string. And it will populate these keys on the
.ssh/authorized_keys properly.
Doing that we allow to rotate keys properly, and avoid
some of the races that could be originated using a
single key using the ssh_authorized_key way.
Change-Id: I572b7a18186329c4277a3f460fc05e6eb30c63b7
memory.memsw.limit_in_bytes is not supported on Trusty,
setting this raises a 'setting not supported by kernel error'.
Checked with upstream, they confirmed lack of support in several
kernels, so we should skip it.
Change-Id: I511f684776975c3e58f4a341ba2351f8d448f073
There is a typo in the call of parameters, so it was
causing puppet to fail when some extensions were added.
Change-Id: I4afa0c5581b602602aae5ca11b21008a93510652
There is a setting in jjb to enable/disable jenkins
querying plugins. Set this var on the template, defaulting
to True, that means Jenkins will always query plugins
by default.
Change-Id: Ie39090fce4ec01edde0cc99a35e1e9e1991cac98
Enable passing extra settings to jjb,
so settings needed for extra modules can be
easily set on jenkins_jobs.ini
Extensions must be sent with the format
$extensions = [
{
'name' => 'extension',
'parameters' => [
{
'name' => 'parameter_name',
'value' => 'parameter_value',
}
]
}
]
Enable passing hipchat_authtoken parameter to
enable HipChat integration on jjb.
Change-Id: I7317eda0ad245e3320577d194e545eb4edaf3fac
Jenkins has documented[0] the appropriate way to reverse proxy Jenkins
and it is complaining that our config is broken so update it according
to their docs.
Big changes here are to set nodecode on AllowEncodedSlashes and nocanon
on ProxyPass so that the PATH_INFO value is left alone. But also set
some X-Forward headers to tell Jenkins about the original port and
protocol.
Also remove the modrewrite rules so that they do not interfere with
ProxyPass as they appear to no longer be needed to host zuul status.
[0] https://wiki.jenkins-ci.org/display/JENKINS/Running+Jenkins+behind+Apache
Change-Id: I9e2b159c1bde1c55779b7b519969b167ec788ea9
It turns out that specifying the ciphers we want to use leads to
breakage. So instead we'll explicitly tell Apache which ciphers
we don't want to use.
Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.
Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
Some slaves may want to connect to gerrit as a different person.
Rather than hardcoding jenkins@openstack.org - parameterize it.
Change-Id: Iafeb76f1bec7a0ba1a33b0c9c5b74e2b88d13889
* modules/jenkins/templates/cgconfig.erb: The cgconfig service does
not handle comment lines and fails to start. There is little benefit
to embedding comments into the resulting configuration file anyway,
so instead just make them ruby comments within the template.
Change-Id: Ie749acfcd231560094137e82e048726d04944b4e
Reviewed-on: https://review.openstack.org/35715
Reviewed-by: Khai Do <zaro0508@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
* modules/jenkins/manifests/cgroups.pp
* modules/jenkins/manifests/params.pp: Fedora separates the cgroups
management utilities into an additional package.
* modules/jenkins/templates/cgconfig.erb: Fedora already automounts
cgroups subsystems. Also, because of Red Hat bug 918951, swap
management doesn't work in Fedora 18.
Change-Id: I2366261d64c11fdc8e65a39481e8db9d589ca2de
Reviewed-on: https://review.openstack.org/34083
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/jenkins/files/cgroups/upstart_cgconfig: Very trivial
Upstart job to load /etc/cgconfig.conf once cgroup-lite has started.
* modules/jenkins/files/cgroups/upstart_cgred: Very trivial Upstart
job to start cgred once cgconfig has been loaded.
* modules/jenkins/manifests/cgroups.pp: Conditionally add Upstart
jobs cgconfig and cgred if Ubuntu >= 12.10. They used to exist, but
were dropped in the process of refactoring cgroup support after
Precise.
* modules/jenkins/manifests/params.pp: Add parameter lists for the
cgconfig and cgred dependencies since they differ between RHEL and
Ubuntu.
* modules/jenkins/templates/cgconfig.erb: Conditionally omit the
default cgroup mounts section on Ubuntu Quantal or later.
Change-Id: I16e2996387d534928a3cfa90de9159fbe02bbdd2
Reviewed-on: https://review.openstack.org/20638
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Add a new cgroup package parameter.
Update the cgroups.pp manifest to use the package params.
Also, updates the cgconfig.erb template to support Red Hat which
has slightly different cgroup mounts than Ubuntu.
Change-Id: I9bf34c93fe987c085040929ab16d5a5f5406ad47
Reviewed-on: https://review.openstack.org/18999
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Put jenkins_master into jenkins::master and jenkins_job_builder into
jenkins::job_builder and jenkins_slave into jenkins::slave.
Change-Id: Icb0e3071894730c17d8f36f49e9d34979d9c568e
Reviewed-on: https://review.openstack.org/11249
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Clark Boylan