coren has submitted this change and it was merged.
Change subject: jenkins::slave and a basic role applied gallium
......................................................................
jenkins::slave and a basic role applied gallium
This patch introduce jenkins::slave that let us setup a jenkins-slave
user that will accept ssh commands from Jenkins.
The first use case is setting up a slave on gallium. We will later on
have a second slave setup whenever the server is ready.
Change-Id: If0b518e2e79724307fa7897186fc6720269e4a01
---
M manifests/role/jenkins.pp
M manifests/site.pp
A modules/jenkins/manifests/slave.pp
3 files changed, 59 insertions(+), 0 deletions(-)
Approvals:
coren: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/jenkins.pp b/manifests/role/jenkins.pp
index 41b385e..b5d8ee6 100644
--- a/manifests/role/jenkins.pp
+++ b/manifests/role/jenkins.pp
@@ -22,3 +22,19 @@
}
}
+
+class role::jenkins::slave::production {
+
+ system_role { 'role::jenkins::slave::production': description =>
'Jenkins slave on production' }
+
+ class { 'jenkins::slave':
+ ssh_authorized_key =>
'AAAAB3NzaC1yc2EAAAABIwAAAQEA4QGc1Zs/S4s7znEYw7RifTuZ4y4iYvXl5jp5tJA9kGUGzzfL0dc4ZEEhpu+4C/TixZJXqv0N6yke67cM8hfdXnLOVJc4n/Z02uYHQpRDeLAJUAlGlbGZNvzsOLw39dGF0u3YmwDm6rj85RSvGqz8ExbvrneCVJSaYlIRvOEKw0e0FYs8Yc7aqFRV60M6fGzWVaC3lQjSnEFMNGdSiLp3Vl/GB4GgvRJpbNENRrTS3Te9BPtPAGhJVPliTflVYvULCjYVtPEbvabkW+vZznlcVHAZJVTTgmqpDZEHqp4bzyO8rBNhMc7BjUVyNVNC5FCk+D2LagmIriYxjirXDNrWlw==',
+ ssh_key_name => 'jenkins@gallium',
+ # Lamely restrict to master which is gallium
+ ssh_key_options => [ 'from=208.80.154.191' ],
+ user => 'jenkins-slave',
+ home => '/srv/ssd/jenkins-slave',
+ require => Mount['/srv/ssd'],
+ }
+
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index 9375425..9173721 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -923,6 +923,7 @@
misc::contint::test::jenkins,
misc::contint::android::sdk,
role::jenkins::master::production,
+ role::jenkins::slave::production,
role::zuul::production,
admins::roots,
admins::jenkins
diff --git a/modules/jenkins/manifests/slave.pp
b/modules/jenkins/manifests/slave.pp
new file mode 100644
index 0000000..f4f9eca
--- /dev/null
+++ b/modules/jenkins/manifests/slave.pp
@@ -0,0 +1,42 @@
+# == Class: jenkins::slave
+#
+class jenkins::slave(
+ $ssh_authorized_key,
+ $ssh_key_name,
+ $ssh_key_options = [],
+ $user = 'jenkins-slave',
+ $home = '/home/jenkins-slave',
+) {
+
+ package { 'openjdk-7-jre-headless':
+ ensure => present,
+ }
+
+ group { $user:
+ ensure => present,
+ name => $user,
+ system => true,
+ allowdupe => false,
+ }
+
+ user { $user:
+ ensure => present,
+ require => Group['jenkins'],
+ name => $user,
+ gid => 'jenkins',
+ home => $home,
+ managehome => false,
+ shell => '/bin/bash',
+ system => true,
+ }
+
+ ssh_authorized_key { $ssh_key_name:
+ ensure => present,
+ user => $user,
+ type => 'ssh-rsa',
+ key => $ssh_authorized_key,
+ target => "${home}/.ssh/authorized_keys",
+ options => $ssh_key_options,
+ }
+
+}
--
To view, visit https://gerrit.wikimedia.org/r/63666
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If0b518e2e79724307fa7897186fc6720269e4a01
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <[email protected]>
Gerrit-Reviewer: ArielGlenn <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Faidon <[email protected]>
Gerrit-Reviewer: Hashar <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
