R. Tyler Croy
cde1b0c033
WIP, working on getting modules to the PE host
2016-06-27 12:07:46 -07:00
R. Tyler Croy
172a05ff08
Provision using the ec2 hypervisor instead of docker
...
Docs <https://github.com/puppetlabs/beaker/blob/master/docs/hypervisors/ec2.md >
Of course, it takes a bloody eternity
ubuntu-14-04-master executed in 0.12 seconds
Exited: 1
should be installed (FAILED - 1)
Failures:
1) a simple test Package "mysql-server" should be installed
Failure/Error: it { is_expected.to be_installed }
expected Package "mysql-server" to be installed
# ./spec/acceptance/first_spec.rb:10:in `block (4 levels) in <top (required)>'
Finished in 29 minutes 59 seconds (files took 1 minute 11.13 seconds to load)
1 example, 1 failure
Failed examples:
rspec ./spec/acceptance/first_spec.rb:10 # a simple test Package "mysql-server" should be installed
Randomized with seed 29425
2016-06-27 12:07:46 -07:00
R. Tyler Croy
f94d1df71f
Provision hosts with PE
...
Now stuck with upstart missing on containers:
Notice: /Stage[main]/Puppet_enterprise::Puppetdb::Service/Service[pe-puppetdb]/ensure: ensure changed 'stopped' to 'running'
Notice: Applied catalog in 47.14 seconds
initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
PuppetDB configured.
!! ERROR: The PostgreSQL server failed to start; unable to proceed
========================================================================
from /home/tyler/.rvm/gems/ruby-2.1.5@jenkins-infra/gems/beaker-2.44.0/lib/beaker/dsl/helpers/host_helpers.rb:83:in `block in on'
2016-06-27 12:07:46 -07:00
R. Tyler Croy
1feb5cb38e
Start experimenting with running beaker-rspec
...
bundle exec rake beaker
2016-06-27 12:07:46 -07:00
R. Tyler Croy
f46b02b3a2
Upgrade beaker
2016-06-27 12:07:46 -07:00
R. Tyler Croy
7c35450c21
Add work-in-progress configuration to run Beaker on Docker
2016-06-27 12:07:46 -07:00
R. Tyler Croy
7af9549e03
Merge pull request #532 from rtyler/new-demo
...
Upgrade the demo instance to 2.10
2016-06-27 11:50:35 -07:00
R. Tyler Croy
a61b082df1
Upgrade the demo instance to 2.10
...
For deployment, the old image needs to be removed from the host. This currently
isn't handled by Puppet, so the post-provisioning steps are required:
# docker stop demo && docker rm demo
This will ensure the new image with the new label is restarted by Upstart
2016-06-27 11:36:47 -07:00
R. Tyler Croy
1969562fe6
Merge pull request #530 from rtyler/811
...
Install the debian repository key under jenkins.io.key and jenkins-ci.org.key
2016-06-20 12:35:41 -07:00
R. Tyler Croy
eeaa3ac19b
Install the debian repository key under jenkins.io.key and jenkins-ci.org.key
...
At some point in the future, hopefully this calendar year, we deprecate the old
keys entirely
Fixes INFRA-811
2016-06-20 12:16:31 -07:00
R. Tyler Croy
d4e0aa718a
Merge pull request #528 from rtyler/801
...
I am told that the parallel-test-executor makes things faster
2016-06-16 11:02:21 -07:00
R. Tyler Croy
f8de9f8a4e
I am told that the parallel-test-executor makes things faster
...
I like faster
Fixes INFRA-801
2016-06-16 10:39:55 -07:00
R. Tyler Croy
51810d9f07
Update the hostname in the rpm repo too
2016-06-15 16:15:36 -07:00
R. Tyler Croy
f14cb94438
Fix hostname in the Debian rewrite rule
...
This was resulting in some churn, since the packaging scripts have been updated
to rsync the appropriate (.io) hostname to the pkgrepo host
2016-06-15 16:15:12 -07:00
R. Tyler Croy
a5180b13ee
It takes a ccouple of attempts to get teh formatting right with eyaml 😄
2016-06-15 15:58:32 -07:00
R. Tyler Croy
41787bbfd3
Fix some invalid encrypted data in the private keys
2016-06-15 15:55:53 -07:00
R. Tyler Croy
825ec1c5b8
Merge pull request #525 from rtyler/704
...
Manage the OSUOSL and archives mirroring private keys on mirrorbrain hosts
2016-06-15 15:48:59 -07:00
R. Tyler Croy
58644efca2
Manage the OSUOSL and archives mirroring private keys on mirrorbrain hosts
...
Fixes INFRA-704
2016-06-15 15:38:42 -07:00
R. Tyler Croy
32c05b0a6a
One more image, this time with feeling
2016-06-14 21:24:34 -07:00
R. Tyler Croy
3b482444d3
Update to the latest account-app image, with more production-tested bugfixes!
2016-06-14 20:40:08 -07:00
R. Tyler Croy
0a0de26881
Merge pull request #520 from jenkins-infra/INFRA-787
...
This URL has switched to the root of the instance
2016-06-14 19:47:20 -07:00
Kohsuke Kawaguchi
4bc69458ee
This URL has switched to the root of the instance
2016-06-15 11:45:30 +09:00
R. Tyler Croy
0f04e22239
Deploy the latest account-app which uses the JIRA REST API
2016-06-14 18:49:35 -07:00
Kohsuke Kawaguchi
a0abf2b79b
Merge pull request #508 from abayer/pkg.jenkins.io
...
Fix mirrorbrain rsync to use pkg.jenkins.io
2016-06-13 19:35:51 -07:00
R. Tyler Croy
965a0b8090
Upgrade JIRA to 7.1.7
...
References INFRA-725
2016-06-13 16:10:58 -07:00
R. Tyler Croy
958bed05c4
Merge pull request #515 from rtyler/785
...
Remove excess access logging.
2016-06-13 13:42:23 -07:00
R. Tyler Croy
95de2b8a28
Remove excess access logging.
...
The custom_fragment we were previously adding is no longer relevant
Fixes INFRA-785
2016-06-13 13:30:08 -07:00
R. Tyler Croy
8a62ec1010
Merge pull request #513 from rtyler/census-role-account
...
Census role account
2016-06-09 13:44:42 -07:00
R. Tyler Croy
9fd10865e0
Avoid re-writing jenkins.repo files generated by the packaging scripts
...
See: https://github.com/jenkinsci/packaging/blob/master/rpm/publish/publish.sh#L21
This was happening periodically between the publish.sh scripts running and the
puppet agent running, e.g.:
Info: Applying configuration version '1465499114'
Notice: /Stage[main]/Profile::Pkgrepo/Profile::Redhat_repo[redhat-stable]/File[/var/www/pkg.jenkins.io/redhat-stable/jenkins.repo]/content:
--- /var/www/pkg.jenkins.io/redhat-stable/jenkins.repo 2016-05-11 17:34:07.137130241 +0000
+++ /tmp/puppet-file20160609-6157-1ultusl 2016-06-09 19:05:37.427502657 +0000
@@ -1,4 +1,4 @@
[jenkins]
-name=Jenkins-stable
+name=Jenkins
baseurl=http://pkg.jenkins-ci.org/redhat-stable
gpgcheck=1
Info: Computing checksum on file /var/www/pkg.jenkins.io/redhat-stable/jenkins.repo
Info: /Stage[main]/Profile::Pkgrepo/Profile::Redhat_repo[redhat-stable]/File[/var/www/pkg.jenkins.io/redhat-stable/jenkins.repo]: Filebucketed /var/www/pkg.jenkins.io/redhat-stable/jenkins.repo to main with sum bd146045ccb4d4ccf656c2c170c5aeac
Notice: /Stage[main]/Profile::Pkgrepo/Profile::Redhat_repo[redhat-stable]/File[/var/www/pkg.jenkins.io/redhat-stable/jenkins.repo]/content: content changed '{md5}bd146045ccb4d4ccf656c2c170c5aeac' to '{md5}f647b9c65bdc54ff7cf72b37a2cda8da'
Notice: Applied catalog in 8.30 seconds
2016-06-09 13:11:47 -07:00
R. Tyler Croy
b312ca548a
Provision a 'census' role account for syncing census data to and from
2016-06-09 13:11:47 -07:00
R. Tyler Croy
3629dbb30e
Remove htpassword files for census
2016-06-09 13:11:47 -07:00
R. Tyler Croy
6950c5886d
Ensure census::agent can reac out to census.jenkins.io
...
This was an oversight on my part before, I forgot that we need special
credentials on census.jenkins.io to rsync (down and up) census json files
2016-06-09 13:11:47 -07:00
R. Tyler Croy
59953232ff
Enable .htaccess files to override vhost settings for census.jenkins.io
2016-06-09 13:11:47 -07:00
R. Tyler Croy
b7e1c5201e
Install the groovy plugin in ci.jenkins.io
...
This is already being used on trusted.ci, so no reason not to open it up to
ci.jenkins.io too
2016-06-09 10:00:06 -07:00
R. Tyler Croy
9739f9efd2
Ensure the usagestats account is placed before attempting to place an SSH pubkey
...
This was only noticed on a fresh rebuild of a profile::usage machine
2016-06-08 14:13:33 -07:00
R. Tyler Croy
695e5f6317
If the home_dir is not 755, then SSH will fail to authenticate the user.
...
I believe this should be fine, so long as the content within the directory is
group writeable, which it currently is
2016-06-08 13:35:25 -07:00
R. Tyler Croy
e578795189
Make kelp a census::agent
...
References INFRA-559 INFRA-738
2016-06-08 12:57:25 -07:00
R. Tyler Croy
741ad44f20
Merge pull request #510 from rtyler/usage-processing-738
...
Support usage processing and rsyncing to/from hosts
2016-06-08 11:01:34 -07:00
R. Tyler Croy
a5188f9e62
Add serverspec examples for the census::agent role
2016-06-08 10:42:49 -07:00
R. Tyler Croy
18bd7c834e
Install the necessary ssh keys for census::agent
2016-06-07 17:50:56 -07:00
R. Tyler Croy
8f53f9e36d
Internal usage SSH public and private keys
2016-06-07 17:50:54 -07:00
R. Tyler Croy
2c980e812f
Starting the census::agent profile/role
...
References INFRA-738
2016-06-07 17:50:39 -07:00
R. Tyler Croy
6ee44b46be
Merge pull request #509 from rtyler/usage-access-logs-739
...
Devnull redirected access logs for usage.jenkins-ci.org
2016-06-07 12:34:53 -07:00
R. Tyler Croy
0189b87c5d
Devnull redirected access logs for usage.jenkins-ci.org
...
These are unnecessary as the destination (usage.jenkins.io) will properly log
the request when it generates a 200 status response.
Fixes INFRA-739
2016-06-07 11:27:06 -07:00
Andrew Bayer
3adec58695
Fix mirrorbrain rsync to use pkg.jenkins.io
...
Don't merge 'til after https://github.com/jenkinsci/packaging/pull/55 is merged, and probably make sure we've got a pre-staged /var/www/pkg.jenkins.io.staging ready too.
2016-06-06 14:44:40 -07:00
R. Tyler Croy
571a14d73e
Merge pull request #506 from rtyler/usage-rollover
...
Usage rollover
2016-06-03 16:44:30 -07:00
R. Tyler Croy
4c15257529
Add legacy TLS certificate for usage.jenkins-ci.org and letsencrypt for usage.jenkins.io
...
Since usage is hit from a browser, we don't need to worry about the redirect to
usage.jenkins.io over TLS
References INFRA-559
2016-06-03 16:16:47 -07:00
R. Tyler Croy
74b65b3ee9
Roll-over to the new usage host
2016-06-03 14:39:27 -07:00
R. Tyler Croy
b4224d59cd
Apparently 100GB on AWS is not 100GB.
...
Execution of '/sbin/lvcreate -n usage --size 100G data' returned 5: Volume group "data" has insufficient free space (25599 extents): 25600 required.
🔥
2016-06-03 14:06:35 -07:00
R. Tyler Croy
8f95712bcb
Use the proper device name
...
Whoops
2016-06-03 13:58:22 -07:00
R. Tyler Croy
7a392a334b
Merge pull request #502 from rtyler/usage-volume
...
Move usage-stats storage onto an attached volume for better resiliency
2016-06-03 13:15:05 -07:00
R. Tyler Croy
619a81fdd9
Move usage-stats storage onto an attached volume for better resiliency
...
I realized after I provisioned the machine that I should have separated out the
usage volume. Currently usage.jenkins.io has a 100GB EBS volume attached
References INFRA-559
2016-06-03 10:48:05 -07:00
R. Tyler Croy
f3d6f351ca
Upgrade the confluence-cache container to use the latest nginx
...
Fixes INFRA-734
2016-06-02 18:26:39 -07:00
R. Tyler Croy
ea42b2ef37
Add EIPs for ldap and l10n.jenkins.io
...
References INFRA-735
2016-06-02 16:39:48 -07:00
R. Tyler Croy
5c256653ee
Update ci.jenkins.io to an EIP
...
References INFRA-735
2016-06-02 16:21:29 -07:00
R. Tyler Croy
8e18aa1b5c
Merge pull request #497 from rtyler/usage-dns
...
Add the usage.jenkins.io A record
2016-06-02 11:41:30 -07:00
R. Tyler Croy
0b95da3918
Add the usage.jenkins.io A record
2016-06-02 11:29:59 -07:00
R. Tyler Croy
fb660b1e76
Merge pull request #496 from rtyler/usage-provisioning-559
...
Provision usage.jenkins.io with the appropriate apache configurations
2016-06-02 10:29:50 -07:00
R. Tyler Croy
3d4b65a2e6
Ensure permissions are set appropriately on our usage vhost docroot
2016-06-02 09:11:04 -07:00
R. Tyler Croy
18b58a7703
Provision the usage role on a node named as such
2016-06-02 08:53:04 -07:00
R. Tyler Croy
d3f18bbe22
Ensure ownership of the usage directories provisioned by Puppet in serverspec
2016-06-01 17:06:28 -07:00
R. Tyler Croy
723e35cc34
Add support for the legacy means of accessing/updating usage stats data
...
In the current status quo, the `kohsuke` user access usage stats from
usage.jenkins-ci.org and downloads the encrypted payloads. It then decrypts and
anonymizes the stats before uploading them again, as the `kohsuke` user, to
/var/log/usage-stats where the remainder of the usage stats processing occurs
This commit supports that workflow, while introducing a new user `usagestats`
which is a role account for the purpose of doing this syncing in the future
2016-06-01 16:37:34 -07:00
R. Tyler Croy
7458f8c56d
Provision usage.jenkins.io with the appropriate apache configurations
...
Fixes INFRA-599
2016-05-31 14:23:32 -07:00
R. Tyler Croy
c09bde6f46
Merge pull request #494 from rtyler/minor-fixens
...
Some minor fixes
2016-05-26 13:10:06 -07:00
R. Tyler Croy
d5d8659fe2
Add a missing resource dependency for provisioning a fresh jenkins master
...
$docroot basically requires the Apache package to be installed
2016-05-26 12:20:42 -07:00
R. Tyler Croy
b4fcfcfbe6
Ensure we progressing the latest/ symlink for each "release line"
...
Since update-latest-symlink.sh takes an optional first argument which is used as
the "releaseline" and appended to the file directories in /srv/releases/jenkins
when creating links.
2016-05-26 12:17:02 -07:00
Kohsuke Kawaguchi
d0467672e7
Merge pull request #492 from jenkins-infra/demo-uid
...
Demo uid
2016-05-15 08:30:33 -07:00
Kohsuke Kawaguchi
ed40035efe
For the demo to work correctly, the user has to exist in the container.
...
We run jenkins in uid 2002 that's different from what the container is built
with (1000). master is happy with this, but when we invoke git it
complains.
2016-05-15 08:12:37 -07:00
Kohsuke Kawaguchi
2d706ab023
on 2nd though, did it as a template to insert uid
2016-05-15 08:09:28 -07:00
Kohsuke Kawaguchi
013fd870b7
initial file taken from jenkinsci/jenkins:2.1
2016-05-15 08:06:50 -07:00
R. Tyler Croy
c1788a605d
Discard old builds.
2016-05-10 08:08:26 -07:00
R. Tyler Croy
9586a45a01
Ensure we notify the datadog-agent service when our dns_check file changes
2016-05-05 17:38:02 -07:00
R. Tyler Croy
00e91853d9
Merge pull request #489 from rtyler/dns-289
...
Monitor DNS on bind hosts
2016-05-05 16:59:51 -07:00
R. Tyler Croy
ccf448dfe3
Incorporate datadog-based DNS checking into our bind profile
...
This should be sufficient to ensure that bind is running on the host, and the
iptables rules that Docker uses aren't blocking us out of our own nameservers
Fixes INFRA-289
2016-05-05 16:51:55 -07:00
R. Tyler Croy
6ec85a3bb6
Update the demo installation to Jenkins 2.1
2016-05-05 16:18:26 -07:00
R. Tyler Croy
db13272420
Get the spacing right in these templates so puppet stops changing them
...
Oh my how tedious!
2016-05-05 15:37:33 -07:00
R. Tyler Croy
d015375251
Merge pull request #486 from rtyler/mb-cron-694
...
Execute the sync.sh in a crontab for the mirrorbrain user
2016-05-05 15:02:05 -07:00
R. Tyler Croy
fbff93c51d
Merge pull request #485 from rtyler/ldap-646
...
Incorporate the DB indices that were manually added a while back to ldap
2016-05-05 15:01:54 -07:00
R. Tyler Croy
28b0eb680b
Execute the sync.sh in a crontab for the mirrorbrain user
...
This is already in the crontab (manually inserted) and will need to come out
when this change goes to production.
Fixes INFRA-694
2016-05-05 14:05:23 -07:00
R. Tyler Croy
58fb496783
Incorporate the DB indices that were manually added a while back to ldap
...
These were added by @benwalding after we migrated ldap. It turns out that we had
enough hardware "before" that we never really needed to care about indices. We
do now though!
References INFRA-646
2016-05-05 11:27:39 -07:00
R. Tyler Croy
fb3866e963
Disable the saz/ssh module's exporting of hostkey resources
...
Since we're collecting exported ssh_hostkey resources, we were collecting
redundant resources for things like ssh_hostkey[localhost_dsa] since we might
have some nodes in our cluster with redundant $::fqdn facts. Changing
storeconfigs_enabled to false disables this "feature" in saz/ssh
2016-05-04 17:09:40 -07:00
R. Tyler Croy
2a88d7776c
Avoid passing through the FQDN (a .io domain) for generated repo files
...
These are modified and updated right now by the jenkinsci/packaging tooling, so
we don't need puppet to keep overwriting them
2016-05-04 16:53:05 -07:00
R. Tyler Croy
78fc5dfb00
Instead of using --archive for rsyncing, pass the equivalent flags, excluding `-t`
...
THis will help avoid permission issues with the script and directory
modification times.
2016-05-03 16:09:19 -07:00
R. Tyler Croy
1ef1005c9d
Ensure that tool isntaller metadata gets synced into the mirror tree
...
Fixes INFRA-662
2016-05-03 15:36:31 -07:00
R. Tyler Croy
1c7a9a741e
Update the DB cconfigur for the rating app to be correct
...
Fixes INFRA-690
2016-05-03 13:39:24 -07:00
R. Tyler Croy
d7ed241710
Only apply the accounts.jenkins.io letsencrypt certs in production
2016-05-03 13:04:56 -07:00
R. Tyler Croy
a7c5312eb7
Merge pull request #480 from rtyler/compliance
...
Package security update compliance and a couple other minors tweaks
2016-05-03 12:52:34 -07:00
R. Tyler Croy
cbc13ff680
Add a compliance manifest for enforcing security compliance
...
Starting with USN-2959-1 :)
References INFRA-687
2016-05-03 10:41:34 -07:00
R. Tyler Croy
ef764dc09b
Reduce the mirror status page regeneration to once an hour
...
No need for a higher frequency
2016-05-03 09:46:32 -07:00
R. Tyler Croy
3473d8bbff
We really only need to regenerate the mirror list once a day at most
2016-05-03 09:46:12 -07:00
R. Tyler Croy
67b270fad8
Jump to a later version of the r10k module which supports the github secret param
2016-05-02 17:49:07 -07:00
R. Tyler Croy
fa8080c6b1
Move all the r10k webhook config to hiera for consistency
2016-05-02 17:16:13 -07:00
R. Tyler Croy
56640cdcf1
Use the github_secret configuration to ensure we're authenticated from GH
...
Fixes INFRA-631
2016-05-02 17:07:27 -07:00
R. Tyler Croy
64037a08cf
Rename the puppetmaster hiera file to the appropriate cert name
...
I forgot that this is the only fqdn certname in our infra
2016-05-02 16:50:54 -07:00
R. Tyler Croy
d787629180
Migrate to the new Elastic IP for rating.jenkins.io
2016-05-02 16:16:27 -07:00
R. Tyler Croy
f6a4cca98a
Merge pull request #476 from jenkins-infra/r10k-webhook-631
...
R10k webhook for deploying bits more automatically again
2016-05-02 16:15:00 -07:00
R. Tyler Croy
10d43609b1
Open the firewall to the new r10k webhook
2016-05-02 16:06:55 -07:00
R. Tyler Croy
25faff36aa
First pass at configuring tr10k's webhook with @acidprime's module
...
References INFRA-631
2016-05-02 15:33:04 -07:00
R. Tyler Croy
b2df9d962a
Bump to the latest zack/r10k module
2016-05-02 15:08:41 -07:00
R. Tyler Croy
d191cd5851
Put vagrant/common at the top of the hierarchy so its overrides are considered first
...
This ensures that the vagrant hierarchy is considered properly before going to
the "normal" hierarchy.
2016-05-02 15:08:41 -07:00
R. Tyler Croy
40c78a7b94
Merge pull request #474 from rtyler/sshkeys-and-whatnot
...
Sshkeys and whatnot
2016-05-02 15:06:33 -07:00
R. Tyler Croy
bbc2ce7465
Introduce Kohsuke and Oliver's SSH public keys to the mirrorbrain user
...
Kohsuke requires this access since he's driving releases (duh) and ogondza
requires access to push release candidates as the project release officer
Fixes INFRA-683
2016-05-02 14:51:06 -07:00
R. Tyler Croy
f5c2cc965c
Remove serverspec which only applies to trusted agents
2016-05-02 14:51:06 -07:00
R. Tyler Croy
7dcb5ce5b2
Pull in updated account module which orders resources properly
...
Fixes INFRA-653
2016-05-02 14:51:06 -07:00
R. Tyler Croy
ee8ce1a692
Merge pull request #473 from rtyler/minor-tweaks
...
Minor tweaks
2016-05-02 13:42:38 -07:00
R. Tyler Croy
793ab04365
Restrict mirrorbrain scanning of mirrors to once every hour
...
References INFRA-671
2016-05-02 13:25:24 -07:00
R. Tyler Croy
9792159e5a
Update the updatesite legacy keys resources to ensure Apache is installed first
...
Only seeing this as an issue in fresh virtual machines, just need /etc/apache2
(which is installed by the package) to exist first.
I'm explicitly not creating a resource named File[/etc/apache2] since there's a
100% chance that conflicts with something in the puppetlabs/apache2 module :)
2016-05-02 13:23:40 -07:00
R. Tyler Croy
41493ea9eb
Add an A record for the census.jenkins.io A record
2016-05-02 13:22:29 -07:00
R. Tyler Croy
b1f41d1a75
Merge pull request #471 from jenkins-infra/census-taker-470
...
Prepare census puppetz
2016-05-02 12:05:32 -07:00
R. Tyler Croy
9f1d805156
Some minor DRYing up of the censu profile
2016-05-02 11:19:05 -07:00
Kohsuke Kawaguchi
e7e30a9586
Can't really test this
...
because unit test doesn't know that this runs in the role::census
2016-04-30 13:13:09 -07:00
Kohsuke Kawaguchi
b5b1cfb066
Refactored how vagrant specific overrides kick in.
...
Add shadow `vagrant` directory that can override every file
in clients/, roles/, etc. environments/ isn't the only one
that doesn't make sense to override, as vagrant by definition
cannot be production.
This work was triggered by the need to specify different LVM
configurations between okra & census.
2016-04-29 15:51:36 -07:00
Kohsuke Kawaguchi
f4e18392fa
[INFRA-677] define the census server that serves usage stat raw data
2016-04-29 15:45:15 -07:00
Kohsuke Kawaguchi
d74c5ba459
Allowing vagrant specific config per client
2016-04-29 14:58:09 -07:00
R. Tyler Croy
cc1986fa4e
Merge pull request #468 from jenkins-infra/mirrorbrain-updates-669
...
Mirrorbrain updates 669
2016-04-28 17:35:12 -07:00
R. Tyler Croy
573a429382
Switch hosts used for the production mirrorbrain
2016-04-28 17:28:34 -07:00
R. Tyler Croy
5767483dd5
Install letsencrypt certs only in production for pkgrepo
2016-04-28 13:47:06 -07:00
R. Tyler Croy
86ad815380
Monitor postgres with a read-only user
2016-04-28 13:46:51 -07:00
R. Tyler Croy
c7eff2d2fc
Copy the junk ldap certificate to let the updatesite provision in vagrant
...
These are just self-signed certs that we can use to plug into the updatesite's
legacy vhost for provisioning in Vagrant. Nothing fancy
2016-04-28 13:45:25 -07:00
R. Tyler Croy
e2693111eb
Manage postgres and datadog monitoring for the mirrorbrain managed DB
2016-04-28 13:04:13 -07:00
R. Tyler Croy
26518a253e
Introduce the puppetlabs/postgresql module for managing postgresqls ourselves
...
:(
2016-04-28 13:03:48 -07:00
R. Tyler Croy
a3460fd1b7
Merge pull request #466 from jenkins-infra/updated-passwords
...
These passwords were reset
2016-04-26 12:39:36 -07:00
Kohsuke Kawaguchi
9066b33e32
Merge pull request #464 from jenkins-infra/beer
...
Beer plugin demo site is down!
2016-04-26 10:46:52 -07:00
Kohsuke Kawaguchi
396b9a98cf
Merge pull request #463 from jenkins-infra/password-reset-script
...
Password reset script
2016-04-26 10:44:06 -07:00
Kohsuke Kawaguchi
aa9c1d0be1
Beer plugin demo site is down!
2016-04-26 10:36:20 -07:00
Kohsuke Kawaguchi
0dae060b52
script to send password reset email
2016-04-26 10:32:14 -07:00
Kohsuke Kawaguchi
ce9a22a3d4
this breaks indentation
2016-04-26 10:32:14 -07:00
Kohsuke Kawaguchi
3d2728fb1b
record temporary password
2016-04-26 10:32:14 -07:00
Kohsuke Kawaguchi
b78badcc24
Bogus self-signed certificate to get slapd going
...
Generated via:
$ openssl genrsa -out server.key 1024
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
2016-04-26 10:32:14 -07:00
R. Tyler Croy
844e505dea
Switch to an Elastic IP for mirrorbrain
2016-04-26 03:13:59 -07:00
R. Tyler Croy
e8ebdc3627
Merge pull request #460 from rtyler/new-accounts-app
...
Bump to the latest account-app for @larrys
2016-04-25 13:52:44 -07:00
R. Tyler Croy
d441f54f74
Bump to the latest account-app for @larrys
2016-04-25 12:38:17 -07:00
R. Tyler Croy
99607deb72
Merge pull request #458 from jenkins-infra/trusted-is-as-trusted-does
...
Mark machines with the trustedagent role as trusted when laying down the profile
2016-04-25 11:33:57 -07:00
R. Tyler Croy
9e691f2ea7
Mark machines with the trustedagent role as trusted when laying down the buildslave profile
...
I forgot to do this previously, which is obviously why my credentials aren't
where they should be :-P
2016-04-25 11:17:53 -07:00
R. Tyler Croy
638d5641aa
Merge pull request #456 from rtyler/allow-wget
...
Allow wget to access our Wiki, that seems okay
2016-04-23 16:24:23 -07:00
R. Tyler Croy
c08dc8418b
Allow wget to access our Wiki, that seems okay
...
This also unblocks some of our monitoring which apparently were broken by this
2016-04-23 15:33:40 -07:00
Kohsuke Kawaguchi
ae6c579161
These passwords were reset
2016-04-22 21:22:11 -07:00
R. Tyler Croy
a3ae2feb24
Merge pull request #454 from jenkins-infra/mailgun
...
I'm making every mistake I can make at every step
2016-04-22 11:48:53 -07:00
Kohsuke Kawaguchi
0c0e6fc824
I'm making every mistake I can make at every step
2016-04-22 11:37:42 -07:00
Kohsuke Kawaguchi
3287e2458b
Merge pull request #452 from jenkins-infra/accountapp
...
Added HTTP check for accountapp
2016-04-22 11:17:59 -07:00
Kohsuke Kawaguchi
a64d82b137
Added HTTP check for accountapp
2016-04-22 11:08:03 -07:00
R. Tyler Croy
ec3ff47b13
Merge pull request #450 from jenkins-infra/ldap-check
...
Wrong path name for ldap daemon
2016-04-22 10:42:20 -07:00
Kohsuke Kawaguchi
3d9695a3e9
Wrong path name for ldap daemon
2016-04-22 10:33:20 -07:00
Kohsuke Kawaguchi
3e08251e9c
Merge pull request #448 from jenkins-infra/amazon-ses
...
DKIM setting for Amazon SES
2016-04-22 10:23:55 -07:00
Kohsuke Kawaguchi
3365d41b16
Merge pull request #447 from jenkins-infra/mailgun
...
Adding entries for mailgun to send/receive emails for jenkins.io
2016-04-22 10:16:01 -07:00
Kohsuke Kawaguchi
394240371c
DKIM setting for Amazon SES
2016-04-22 10:15:14 -07:00
Kohsuke Kawaguchi
6756c8f5bd
Adding entries for mailgun to send/receive emails for jenkins.io
2016-04-22 10:05:33 -07:00
R. Tyler Croy
7104c4a02d
Merge pull request #445 from jenkins-infra/amazon-ses
...
Adding domain verification for Amazon SES
2016-04-22 10:01:03 -07:00
Kohsuke Kawaguchi
b2c8dabd23
Adding domain verification for Amazon SES
...
as per instructed by ctennis.
2016-04-22 09:52:08 -07:00
R. Tyler Croy
2726ef424c
Merge pull request #443 from rtyler/htaccess-for-pkgrepo
...
.htaccess for pkg.jenkins.io
2016-04-21 20:25:11 -07:00
R. Tyler Croy
0429be8bfe
Ensure that HTTP for pkg.jenkins.io allows .htaccess overrides
2016-04-21 20:18:21 -07:00
R. Tyler Croy
398f9950ed
We need the Groovy plugin in order to run some number of backend tasks
2016-04-21 16:28:58 -07:00
R. Tyler Croy
9a3e532afb
Merge pull request #441 from rtyler/updates-cname
...
Move the updates.jenkins-ci.org CNAME to a host that can actually handle traffic
2016-04-21 15:51:48 -07:00
R. Tyler Croy
a7498ae817
Move the updates.jenkins-ci.org CNAME to a host that can actually handle traffic
...
yo. #justsayin
2016-04-21 15:40:23 -07:00
R. Tyler Croy
ad60af88c9
Merge pull request #439 from jenkins-infra/updates-migration
...
Migrate updates.jenkins-ci.org vhost to the new Puppet-managed updatesite
2016-04-21 15:17:29 -07:00
R. Tyler Croy
6d65ebbb33
Create the updates.jenkins-ci.org vhost to serve content appropriately
2016-04-21 15:09:05 -07:00
R. Tyler Croy
807f7b9077
Add the legacy certificates from jenkins-ci.org
2016-04-21 15:09:05 -07:00
R. Tyler Croy
726b814614
Merge pull request #438 from rtyler/755
...
mirrorbrain's home must have non-standard permission
2016-04-21 14:28:19 -07:00
R. Tyler Croy
312d50d2bc
The mirrorbrain home directory should be world readable
2016-04-21 14:16:03 -07:00
R. Tyler Croy
601ef7397d
Merge pull request #436 from rtyler/more-manual-to-puppet
...
More manual to puppet changes
2016-04-21 14:10:34 -07:00
R. Tyler Croy
13582c397b
Disable protocol upgrade for pkg.jenkins.io
...
If we hit https://pkg.jenkins.io/redhat/some.rpm we're going to get redirected
to a non-HTTPs mirror which is likely going to get barfed on my clients as a
protocol downgrade.
2016-04-21 13:52:34 -07:00
R. Tyler Croy
6f1e7bc9c9
Ensure our mirrorbrain docroot is owner by the user we specify
2016-04-21 13:50:14 -07:00
R. Tyler Croy
653895407d
Make the mirmon-time-update script simpler, and correct
2016-04-21 13:40:18 -07:00
R. Tyler Croy
8f549eaf79
Ensure our pkgrepo home directory is owned by the www-data user
...
This was manually made on pkg.jenkins.io and I didn't notice that it hadn't yet
been committed to Puppet
2016-04-21 13:36:32 -07:00
R. Tyler Croy
3f2fc8fbd9
Punt update-center syncing with each script invocation
2016-04-21 13:36:23 -07:00
R. Tyler Croy
523dfbceb2
Merge pull request #435 from rtyler/sync-uc
...
Import the necessary script additions to sync our update center
2016-04-21 13:15:34 -07:00
R. Tyler Croy
f204b3dec3
Import the necessary script additions to sync our update-center content for mirroring
2016-04-21 13:06:07 -07:00
R. Tyler Croy
d451c38a1b
Merge pull request #433 from jenkins-infra/mirrors-manual-updates
...
Codify some manual updates made to mirrors.jenkins.io
2016-04-21 11:51:03 -07:00
R. Tyler Croy
13bb8a5b39
Manage the ssh_keys for the mirrorbrain user
...
This is largely to drive release processes, basically whoever has a public key
in the mirrorbrain authorized_keys can invoke release processes on the
mirrorbrain machine
2016-04-21 11:41:34 -07:00
R. Tyler Croy
f359d7df1e
Remove the defaulting of ownership for all File resources in profile::mirrorbrain
...
Turns out this also updates all the apache directives (e.g. apache::mod::vhost)
to change those files to the ownership (mirrorbrain) defined here.
2016-04-21 11:04:58 -07:00
R. Tyler Croy
e237ce13e8
Only collect ECDSA sshkey resources
...
There's some old garbage resources in PuppetDB I don't have the time nor
knowledge to purge right now, so we'll only collect "good" host keys, since SSH
defaults to using the ECDSA one anyways
2016-04-21 09:30:31 -07:00
R. Tyler Croy
c2b2e40ab3
Fix the update-latest-symlink script to handle Jenkins 2.x releases
2016-04-21 08:41:07 -07:00
R. Tyler Croy
ddd456a26b
Commit some previously unmanaged files for driving releases from a mirrorbrain
2016-04-20 16:48:56 -07:00
R. Tyler Croy
ab737fde38
Refactor some duplicate filename references away in profile::mirrorbrain
2016-04-20 16:25:46 -07:00
R. Tyler Croy
d758d35aaa
Ensure that our mirrorbrain user gets dropped into the www-data group by default
...
This is helpful for using the mirrorbrain user as a role account for various
mirrorbrain and release related activities, and keeping permissions open enough
to serve content
2016-04-20 16:24:51 -07:00
R. Tyler Croy
ffbc224111
Put the mirrorbrain user and group under more proper Puppet management
2016-04-20 16:10:34 -07:00
R. Tyler Croy
a3cd47a7f5
Make specifying ssh keys more consistent across profiles
2016-04-20 15:29:02 -07:00
R. Tyler Croy
3ffc082bfe
Ensure our permissions on the update sites /var/www are sufficient for SSH auth
2016-04-20 14:23:47 -07:00
R. Tyler Croy
fcbe3bd5e7
Ensure the www-data on the update site has a shell for rsyncing
...
References INFRA-657
2016-04-20 14:23:47 -07:00
R. Tyler Croy
bee750245c
Ensure the createrepo package is on nodes which have the pkgrepo profile
2016-04-20 14:23:40 -07:00
R. Tyler Croy
b0b0b53c5a
Give the mirrorbrain user an interactive shell for rsyncing releases
...
Figured out that this was necessary while performing a dry-run release with
@kohsuke. We're going to start using the `mirrorbrain` user for these rsyncs and
interactive work instead of `www-data` which we had been using previously.
2016-04-20 14:23:40 -07:00
R. Tyler Croy
db3677c062
Disable protocol upgrade for updates.jenkins.io
...
Jenkins will fail to traverse redirects from HTTP to HTTPs, so we must serve
updates.jenkins.io over port 80 as well as port 443.
This has a nice side-effect of allowing us to redirect HTTP traffic onto mirrors
without issue.
2016-04-20 14:23:40 -07:00
R. Tyler Croy
c0afb20017
Merge pull request #432 from rtyler/more-plugins
...
More Jenkins plugins for production
2016-04-20 10:25:51 -07:00
R. Tyler Croy
543f5f69d7
Add github org folders to both production jenkins instances
2016-04-19 22:38:33 -07:00
R. Tyler Croy
29057f4603
Add the embeddable build status plugin to our public jenkins installation
...
This is pretty useful for putting into READMEs and the likes
2016-04-19 22:37:30 -07:00
R. Tyler Croy
a4c7b422fd
Merge pull request #430 from rtyler/new-jenkins-plugins
...
Install new plugins in both CI environments
2016-04-19 19:16:05 -07:00
R. Tyler Croy
321e1155dd
Install new plugins in both CI environments
...
These should make our lives easier
2016-04-19 19:08:30 -07:00
R. Tyler Croy
40312326e7
Merge pull request #429 from rtyler/more-host-keys
...
More host keys
2016-04-19 19:08:03 -07:00
R. Tyler Croy
409e6286da
Ensure permissions are restrictive on SSH private keys
2016-04-19 18:50:57 -07:00
R. Tyler Croy
ae5798d49a
Add host keys and DNS records for archives. and fallback.jenkins.io
2016-04-19 18:49:21 -07:00
R. Tyler Croy
27d79c4d51
Avoid duplicate resource names and prefer ECDSA host keys
2016-04-19 17:28:12 -07:00
R. Tyler Croy
cad3a91138
sshkey[$title] must be a hostname
2016-04-19 17:24:01 -07:00
R. Tyler Croy
13a93e5c1b
Undocumented feature, yay
2016-04-19 17:21:36 -07:00
R. Tyler Croy
18acf8e716
Override is supposed to take an array
...
It's silently failing, as in not changing anything, right now :(
2016-04-19 17:18:00 -07:00
R. Tyler Croy
abcffe7ee3
Ensure our update site has a ~/.ssh directory to install our authorized key into
2016-04-19 17:08:36 -07:00
R. Tyler Croy
b7eb0d37b5
Allow override for /srv/releases/jenkins on mirrorbrains
...
Turns out we generated .htaccess files in order to serve up URLs like
/osx/latest which redirect to the latest package
2016-04-19 16:33:54 -07:00
R. Tyler Croy
a978f8634c
Add one more missing host key type
2016-04-19 16:24:42 -07:00
R. Tyler Croy
e225d62732
Merge pull request #423 from rtyler/ecdsa
...
Export ECDSA keys too which SSH prefers by default
2016-04-19 16:12:52 -07:00
R. Tyler Croy
9bb11bca86
Export ECDSA keys too which SSH prefers by default
2016-04-19 16:05:58 -07:00
R. Tyler Croy
4d642ed42b
Merge pull request #421 from rtyler/faqdn
...
Avoid scope collisions between $::fqdn and the defined type variable
2016-04-19 16:00:26 -07:00
R. Tyler Croy
b6e5fd9b3f
Avoid scope collisions between $::fqdn and the defined type variable
...
This is dumb
2016-04-19 15:50:03 -07:00
R. Tyler Croy
72f20ba6f2
Merge pull request #420 from jenkins-infra/node_regex
...
Update node regular expressions
2016-04-19 15:48:32 -07:00
R. Tyler Croy
5886b4ee94
Update node regular expressions
2016-04-19 15:37:55 -07:00
R. Tyler Croy
dca01c0a6f
Merge pull request #418 from jenkins-infra/agent-keys-652
...
Distribute SSH keys to trusted agents
2016-04-19 14:56:36 -07:00
R. Tyler Croy
b6ec71f612
Move our SSH server and client configuration into hiera
...
the newer saz/ssh seems to prefer this. HOKAY
2016-04-19 14:47:42 -07:00
R. Tyler Croy
97ad3730cc
Export and collect host keys for all our machines with their "vanity" domain names
...
Depending on the host and which data center it is in, $::fqdn might be anything
from something .osuosl.org to an ec2 internal DNS entry. This ensures we can
colloquially refer to our own DNS entries in our configurations.
2016-04-19 14:31:49 -07:00
R. Tyler Croy
4df67701ae
Add a small serverspec example for sanity-checking the jenkins::agent
2016-04-19 14:21:48 -07:00
R. Tyler Croy
9b4d04718c
Add support for specifying a for_host when giving an SSH private key
...
This should allow us to provide multiple SSH keys which a user can use for
specific hosts instead of a single id_rsa
References INFRA-652
2016-04-19 14:21:48 -07:00
R. Tyler Croy
7ad15786a9
Upgrade our saz/ssh module to help manage SSH user configuration
2016-04-19 14:21:48 -07:00
R. Tyler Croy
565425be45
Install SSH keys for trusted agents
...
This will allow trusted agents to access resources they should be able to access
References INFRA-652
2016-04-19 14:21:48 -07:00
R. Tyler Croy
de4629948a
Merge pull request #416 from rtyler/more-fun-plugins
...
Ensure that CI environments come up with the ssh-agent plugin
2016-04-19 10:59:43 -07:00
R. Tyler Croy
8627a0b78a
Ensure that CI environments come up with the ssh-agent plugin
2016-04-19 10:45:15 -07:00
R. Tyler Croy
fa11e7907e
Merge pull request #414 from rtyler/updates-vhost-645
...
Modify the mirrorbrain role to include the update site
2016-04-19 10:03:48 -07:00
R. Tyler Croy
c41511df74
Properly manage and purge the www-data users keys
...
This will ensure that only what is declared in puppet can publish into the
update site
2016-04-19 09:54:09 -07:00
R. Tyler Croy
58b7795b70
Modify the mirrorbrain role to include the update site
...
It's a pretty fat role as far as our infrastructure goes, but these three
profiles all resolve around the same /srv/jenkins/releases tree :(
2016-04-19 09:38:55 -07:00
R. Tyler Croy
8150e9af37
Merge pull request #413 from rtyler/updates-vhost-645
...
Introduce updates.jenkins.io for the new UC
2016-04-19 09:31:55 -07:00
R. Tyler Croy
0b7343e1f8
Add support for managing an SSH authorized key for updating the update site content
...
References INFRA-645
2016-04-19 09:18:03 -07:00
R. Tyler Croy
fbb6dfa520
Add a simple updates.jenkins.io virtual host
2016-04-19 09:00:21 -07:00
R. Tyler Croy
965ddd9c22
Merge pull request #411 from rtyler/unzip
...
Include the unzip package on agents
2016-04-19 08:34:01 -07:00
R. Tyler Croy
e89046aa02
Include the unzip package on agents
...
[Fix INFRA-650]
2016-04-19 08:23:50 -07:00
R. Tyler Croy
5e0cdf69c5
Merge pull request #409 from rtyler/updates-vhost
...
Roll the updates.jenkins.io CNAME ahead of other changes
2016-04-19 07:22:23 -07:00
R. Tyler Croy
9b51536312
Roll the updates.jenkins.io CNAME ahead of other changes
...
This will allow the change to propagate through the DNS system before our vhost
changes land
References INFRA-645
2016-04-19 07:10:31 -07:00
R. Tyler Croy
e993329381
Merge pull request #407 from rtyler/more_tweaks
...
More minor production tweaks
2016-04-18 23:25:26 -07:00
R. Tyler Croy
f944724086
Enable the toolenv plugin in our production jenkins envs
2016-04-18 23:16:57 -07:00
R. Tyler Croy
10161fe917
Too clever for my own good, this creates an empty file after we get our certs :(
2016-04-18 23:16:23 -07:00
R. Tyler Croy
369a4ff7d7
Merge pull request #405 from jenkins-infra/minor_tweaks
...
Missed a few bits when running fresh in production on ci.jenkins.io
2016-04-18 21:58:24 -07:00
R. Tyler Croy
b6f44258df
Ensure the letsencrypt files exist even if they're empty
...
This will prevent silly errors from before the letsencrypt challenge
2016-04-18 21:51:04 -07:00
R. Tyler Croy
f29862ed7c
Fat-fingered the install-plugin command
2016-04-18 21:49:19 -07:00
R. Tyler Croy
a5ecfd5c08
Merge pull request #331 from rtyler/ci-518
...
Puppetize Jenkins itself
2016-04-18 21:33:23 -07:00
R. Tyler Croy
0f9a1b08c0
Make the reverse proxy port configurable
...
This will allow us to have proper reverse proxy settings on land-locked master
instances
2016-04-18 21:26:49 -07:00
R. Tyler Croy
64a60c004c
Update failing test, we're setting zero executors in another place
2016-04-18 21:22:04 -07:00
R. Tyler Croy
aea91e8077
Classify agent-(int) nodes as jenkins agents too
2016-04-18 21:18:31 -07:00
R. Tyler Croy
01f2d074e9
Properly invoke the CLI on subsequent runs
2016-04-18 21:14:51 -07:00
R. Tyler Croy
2e2ce770d9
Standardize on tunneling in at port 1443 for now
2016-04-18 20:59:57 -07:00
R. Tyler Croy
8dc407bcb9
Ensure our directory is there before trying to create a user
2016-04-18 20:56:29 -07:00
R. Tyler Croy
b535a27d19
Add the configuration for the untrusted ci environment
2016-04-18 20:48:57 -07:00
R. Tyler Croy
c93f3782d0
Use the proper managerDn for LDAP configuration
2016-04-18 20:46:16 -07:00
R. Tyler Croy
832ffcf3a5
Switch to the ec2_public_ip
2016-04-18 20:38:16 -07:00
R. Tyler Croy
460e1f2b25
Allow both CI services to access LDAP
2016-04-18 20:35:04 -07:00
R. Tyler Croy
273151a141
Actually execute the jar properly
2016-04-18 20:29:14 -07:00
R. Tyler Croy
9e8036c29e
Set our executors to zero ourselves
...
This makes the dependency cycles far easier to avoid
2016-04-18 20:22:46 -07:00
R. Tyler Croy
41c843ea86
Set our executors before we lock down jenkins
2016-04-18 20:20:18 -07:00
R. Tyler Croy
97fae9b518
Bring some production ldap configuration to trusted-ci
2016-04-18 20:15:01 -07:00
R. Tyler Croy
47af94685f
Try a different approach by hacking a user with SSH in place for puppet
...
This uses no SSH key the first time any CLI commands are run, but after security
is set up, it should use it moving forward
2016-04-18 20:10:56 -07:00
R. Tyler Croy
a8d3817c09
Revert "mashing a jenkins::job for policy enforcement"
...
This reverts commit b0a34b7cb9
.
2016-04-18 19:40:02 -07:00
R. Tyler Croy
b0a34b7cb9
mashing a jenkins::job for policy enforcement
...
This doesn't help either, since subsequent puppet runs will fail with the
lack of permissions, bollocks!~
2016-04-18 19:37:47 -07:00
R. Tyler Croy
fd8f3ac66a
Revert "Haphazard attempt to get jenkins::credentials to work"
...
This reverts commit 5b672b21ab
.
2016-04-18 18:59:03 -07:00
R. Tyler Croy
5b672b21ab
Haphazard attempt to get jenkins::credentials to work
...
I'm committing this for posterity, but plan on reverting it with the next
commit.
Basically Jenkins's security cannot be modeled in an idempotent fashion. Since
we cannot pre-share any public keys with it, we have to go through this process:
* Stand up Jenkins unsecured (but obviously walled off)
* Set up authentication, authorization, leaving CLI access for anonymous
* Create a role account and give it our SSH public key
* Remove CLI access for anonymous and grant it for our role account
This is a lot of gnarly work and needs to be made better in Jenkins itself. A
temporary workaround is to allow CLI access for anonymous, but only from the
lo0 interface on the system
2016-04-18 18:55:52 -07:00
R. Tyler Croy
4dc0ea42bd
Properly retry and sleep our CLI commands
2016-04-18 18:00:52 -07:00
R. Tyler Croy
468c4907d7
Unsecured is apparently valid, but not the same as UNSECURED
...
Huh.
2016-04-18 17:38:57 -07:00
R. Tyler Croy
f18c3c2272
Enable the jenkins::master role on "untrusted" ci too
2016-04-18 17:35:16 -07:00
R. Tyler Croy
c66ff50c32
Reorder trusted-ci's plugins to stay alphabetical
2016-04-18 17:31:29 -07:00
R. Tyler Croy
24e45c6866
Add some Groovy wizardry to ensure that each Jenkins installation comes up secure
...
Because otherwise, what's the point?
References INFRA-518
2016-04-18 17:31:29 -07:00
R. Tyler Croy
56cb9747ee
Fix the broken reverse proxy setup
2016-04-18 15:32:32 -07:00
R. Tyler Croy
72430f48d8
'secret' doesn't actually match a plugin artifactId
2016-04-18 15:32:32 -07:00
R. Tyler Croy
bb0731b639
Trailing slashes, always important. Here's some extra ones //////
2016-04-18 15:32:32 -07:00
R. Tyler Croy
7f59ea20db
Purge dockerhub credentials from untrusted nodes
2016-04-18 15:06:07 -07:00
R. Tyler Croy
a2eb3af85d
Add support for proxying to the Jenkins master from the apache vhost
2016-04-18 15:06:07 -07:00
R. Tyler Croy
13efb5793f
Disable letsencrypt for our trusted-ci environment
...
This won't be on the public internet so the normal challenge process for
certificates is not going to work.
2016-04-18 14:35:05 -07:00
R. Tyler Croy
3f8901fad3
Classify the trusted-ci cert as a master and the agents appropriately
2016-04-18 14:32:24 -07:00
R. Tyler Croy
a987cb7f6b
Support installing Jenkins plugins (with dependencies!) driven from hiera data
...
References INFRA-518
2016-04-18 14:23:42 -07:00
R. Tyler Croy
aa945edf04
What if we were awesome and installed our letsencrypt certs in the vhost in production too
2016-04-18 13:16:46 -07:00
R. Tyler Croy
9ef68e4858
Flesh out more Jenkins master management in the buildmaster profile
...
As of right now this spins up a pretty much unconfigured Jenkins master with the
appropriate vhosts in front of it
References INFRA-518
2016-04-18 13:05:43 -07:00
R. Tyler Croy
f379f3c9a4
Default all apache installs to using the mpm_event module
2016-04-18 13:05:22 -07:00
R. Tyler Croy
dc9892bd06
Enable the future parser explicitly when Vagrant-testing
2016-04-18 12:04:38 -07:00
R. Tyler Croy
e0a0d608bf
fixup! Add support into the Vagrantfile for provisioning roles in nested directories
2016-04-18 12:00:51 -07:00
R. Tyler Croy
a8a2c26c59
Add support into the Vagrantfile for provisioning roles in nested directories
2016-04-18 11:53:55 -07:00
R. Tyler Croy
aaa33e3f17
Move firewall rules for a jenkins master into the buildmaster profile
2016-04-18 11:49:08 -07:00
R. Tyler Croy
547547fca6
Refactor away the role::buildnode experimenting from before
2016-04-18 11:49:08 -07:00
R. Tyler Croy
f064c2f5cd
Start fleshing out the buildmaster profile for configuring a Jenkins master properly
...
References iNFRA-518
2016-04-18 11:49:08 -07:00
R. Tyler Croy
a2e732445e
Add the puppetlabs/java module for managing java installations
2016-04-18 11:49:08 -07:00
R. Tyler Croy
ed0919c059
Incorporate our existing buildslave profile in to the jenkins::agent role
2016-04-18 11:49:08 -07:00
R. Tyler Croy
3ce67c1ca4
Add a dependency to rtyler/jenkins at 1.6.1 from the forge
...
References INFRA-518
2016-04-18 11:49:08 -07:00
R. Tyler Croy
6230b8cc47
Add two basic roles for Jenkins, a master and agent
...
These contain nothing just yet
References INFRA-518
2016-04-18 11:49:08 -07:00
R. Tyler Croy
6ea69f7c1d
Merge pull request #402 from rtyler/cucumber-is-dying
...
Remove both the ldap and jenkins profiles from cucumber
2016-04-18 11:46:45 -07:00
R. Tyler Croy
105a6664aa
Remove both the ldap and jenkins profiles from cucumber
...
These are either already migrated or in the process of migrating elsewhere
2016-04-18 11:24:18 -07:00
R. Tyler Croy
3c90a7d439
Merge pull request #399 from rtyler/pkg-dns-change
...
Migrate pkg.jenkins-ci.org over to the new pkg.jenkins.io host
2016-04-18 10:02:57 -07:00
R. Tyler Croy
97ab8845c3
Merge pull request #400 from jenkins-infra/pkgvhost
...
Minor updates to pkg.jenkins.io
2016-04-18 10:02:35 -07:00
R. Tyler Croy
db2be36126
pkg.jenkins.io needs mod_rewrite
2016-04-18 09:57:49 -07:00
R. Tyler Croy
b4b9be3bb4
Need to enable AllowOverride All so we can use our .htaccess files
2016-04-18 09:50:13 -07:00
R. Tyler Croy
8fa9c8aad8
We need FollowSymLinks to properly serve old debian packages
2016-04-18 09:46:54 -07:00
R. Tyler Croy
e0dc3e09b3
Create the proper log files for the vhosts
...
Matching @kohsuke's rigorous specifications
2016-04-18 09:44:32 -07:00
R. Tyler Croy
5a0785625d
Migrate pkg.jenkins-ci.org over to the new pkg.jenkins.io host
...
Fixes INFRA-644
2016-04-18 09:26:47 -07:00
R. Tyler Croy
d135433bb6
Merge pull request #397 from jenkins-infra/pkg-ssl
...
Tidy up SSL for pkg.jenkins.io
2016-04-18 09:21:11 -07:00
R. Tyler Croy
957212cb01
Support pkg.jenkins-ci.org without SSL promotion
...
There's a high likelihood that promoting pkg.jenkins-ci.org is going to break
older versions of Apt and Yum
2016-04-18 09:14:17 -07:00
R. Tyler Croy
c489c54166
use the right certificate for https://pkg.jenkins.io
2016-04-18 09:09:40 -07:00
R. Tyler Croy
09452bc7fa
Merge pull request #395 from jenkins-infra/pkgvhost-644
...
Update our relationship for repo directories
2016-04-18 08:26:44 -07:00
R. Tyler Croy
379279b08a
Redhat repos need to refer to the pkg repo host itself, not mirrors
...
This is because the pkg host has our repodata/ inside of it
2016-04-18 08:20:49 -07:00
R. Tyler Croy
85fb3e9d1f
When not using template() we need to use the source directive on our files
...
Silly rtyler.
2016-04-18 08:12:25 -07:00
R. Tyler Croy
a176752b56
Update our relationship for repo directories
...
Apparently rspec-puppet wasn't complaining about an invalid relationship, but
the puppet master sure did!
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: Profile::Redhat_repo[redhat] { require => File[/var/www/pkg.jenkins.io/profile::pkgrepo] }, because File[/var/www/pkg.jenkins.io/profile::pkgrepo] doesn't seem to be in the catalog
2016-04-18 08:06:18 -07:00
R. Tyler Croy
30519a3029
Merge pull request #394 from rtyler/pkgvhost-644
...
Add puppet to manage pkg.jenkins.io
2016-04-18 07:59:53 -07:00
R. Tyler Croy
b838e1ce67
mirrorbrain nodes are also pkgrepo nodes whether they like it or not
...
References INFRA-644
2016-04-18 07:48:46 -07:00
R. Tyler Croy
69411080b4
Ensure the rpm repositories have an repodata/ directory
2016-04-18 07:48:46 -07:00
R. Tyler Croy
1a21d48da9
Add the beginnings of a profile::pkgrepo to manage pkg.jenkins.io effectively
...
There's a *lot* in the old file tree that appears to be managed by the release
process, so I'm trying to get as much as possible into Puppet to keep things
well managed
References INFRA-644
2016-04-18 07:48:46 -07:00
R. Tyler Croy
aec30cbbea
Merge pull request #393 from rtyler/mirrors-cutover
...
Cut over mirrors.jenkins-ci.org to the new host
2016-04-18 07:48:32 -07:00
R. Tyler Croy
51defbf9a3
Cut over mirrors.jenkins-ci.org to the new host
2016-04-18 07:36:44 -07:00
R. Tyler Croy
d195742d7a
Merge pull request #391 from rtyler/no-asn
...
Update the mirrorbrain module to disregard mod_asn
2016-04-17 20:41:46 -07:00
R. Tyler Croy
dca0d93ea4
Update the mirrorbrain module to disregard mod_asn
2016-04-17 20:29:52 -07:00
Kohsuke Kawaguchi
6cc36cf807
Merge pull request #389 from jenkins-infra/confluence-update
...
Confluence update
2016-04-17 19:27:58 -07:00
R. Tyler Croy
18dd158fbb
Merge pull request #388 from rtyler/unquote-mirrorbrains-creds
...
mod_dbd didn't like that I had quoted my values, whoops!
2016-04-17 19:27:06 -07:00
Kohsuke Kawaguchi
5bd58458cb
quote symbol police department strikes again
2016-04-17 19:17:28 -07:00
Kohsuke Kawaguchi
5b189e7745
Force restart containers
2016-04-17 19:16:09 -07:00
R. Tyler Croy
31198074df
mod_dbd didn't like that I had quoted my values, whoops!
2016-04-17 19:15:15 -07:00
Kohsuke Kawaguchi
e22be803dd
Confluence switch-over take2
2016-04-17 19:13:27 -07:00
R. Tyler Croy
f95e4add6b
Merge pull request #387 from jenkins-infra/container-names
...
More container names
2016-04-17 19:07:55 -07:00
R. Tyler Croy
c77f009d37
Merge pull request #338 from rtyler/mirrorbrain-635
...
Manage Mirrorbrain with Puppet
2016-04-17 18:39:45 -07:00
Kohsuke Kawaguchi
255bc2335f
Name containers
...
... so that monitoring correctly tracks this container
2016-04-17 18:38:27 -07:00
R. Tyler Croy
caa2dc8827
Add production credentials for mirrorbrain
2016-04-17 18:28:48 -07:00
R. Tyler Croy
3ef4f289a6
Include our mirrorbrain role on the node with that name
2016-04-17 18:28:02 -07:00
R. Tyler Croy
dd021c15c2
Properly configure mirrorbrain, the apache virtualhost and cron jobs
...
This is an obscenely large commit, unfortunately things came together that way
when emulating what is done on the current mirrorbrain host :(
Fixes INFRA-635
2016-04-17 18:28:02 -07:00
R. Tyler Croy
702790204c
Ensure the placement of logging configuration notifies the apache service
...
Noticed this while mirrorbraining, but we should ensure that Apache gets bumped
when we put new configuration in place
2016-04-17 18:28:01 -07:00
R. Tyler Croy
920e6a883a
Install the necessary dependencies for connecting apache to postgresql
2016-04-17 18:28:01 -07:00
R. Tyler Croy
b954203db2
Add some parameters for hiera to fill in for mirrorbrain
2016-04-17 18:28:01 -07:00
R. Tyler Croy
844d516cf2
Pull the mirrorbrain::apache module into our mirrorbrain profile
...
We're not running separate scanner/apache hosts so we can lump this all in one
profile together
2016-04-17 18:28:01 -07:00
R. Tyler Croy
aeadbd5562
Include the mirrorbrain class inside our profile to provision it properly
2016-04-17 18:28:01 -07:00
R. Tyler Croy
7f5b30bdf8
Upgrade the puppetlabs/apt module so it will handle the Jenkins GPG key properly
...
Previously was getting the following error, which is clearly dumb
1) profile::buildmaster should contain Class[jenkins]
Failure/Error:
raise Puppet::ParseError, (msg) unless [args[1]].flatten.any? do |re_str|
args[0] =~ Regexp.compile(re_str)
Puppet::Error:
Evaluation Error: Error while evaluating a Function Call, validate_re(): "150FDE3F7787E7D11EF4E12A9B7D32F2D50582E6" does not match ["\\A(0x)?[0-9a-fA-F]{8}\\Z", "\\A(0x)?[0-9a-fA-F]{16}\\Z"] at /home/tyler/source/github/jenkins-infra/jenkins-infra/spec/fixtures/modules/apt/manifests/key.pp:60:3 on node blackberry.coupleofllamas.com
# ./spec/fixtures/modules/stdlib/lib/puppet/parser/functions/validate_re.rb:35:in `block in <module:Functions>'
2016-04-17 18:28:01 -07:00
R. Tyler Croy
2b8d7d0c33
Add role and profile skeletons for mirrorbrain
2016-04-17 18:28:01 -07:00
R. Tyler Croy
6b3df58bb8
Pull in our custom puppet-mirrorbrain module
2016-04-17 18:28:01 -07:00
Kohsuke Kawaguchi
2238f51abc
Merge pull request #383 from rtyler/new-ratings
...
Change to a new host and username for rating app
2016-04-17 18:24:15 -07:00
Kohsuke Kawaguchi
c80720f7d0
Merge pull request #384 from jenkins-infra/INFRA-1
...
[INFRA-1] need to allow Wiki & JIRA to connect
2016-04-17 18:24:03 -07:00
Kohsuke Kawaguchi
43c47143cd
[INFRA-1] need to allow Wiki & JIRA to connect
2016-04-17 18:18:31 -07:00
R. Tyler Croy
2bc2e32777
Change to a new host and username for rating app
2016-04-17 18:18:09 -07:00
R. Tyler Croy
7cc431fe72
Merge pull request #382 from jenkins-infra/INFRA-1
...
LDAP cut over for accountapp & Confluence
2016-04-17 18:14:44 -07:00
R. Tyler Croy
f93ac5a41d
Merge pull request #381 from jenkins-infra/ldap-for-puppet
...
Need to whitelist puppet
2016-04-17 18:03:21 -07:00
Kohsuke Kawaguchi
409085d3af
[INFRA-1] Cut over Confluence to ldap.jenkins.io
2016-04-17 18:01:51 -07:00
Kohsuke Kawaguchi
e73636c8e9
[INFRA-1] LDAP cutover for accountapp
2016-04-17 18:01:48 -07:00
Kohsuke Kawaguchi
cf55369e82
Need to whitelist puppet
2016-04-17 17:47:01 -07:00
Kohsuke Kawaguchi
b1a807b780
Merge pull request #379 from jenkins-infra/l10n
...
[INFRA-638] l10n.jenkins.io takes over l10n.jenkins-ci.org
2016-04-17 16:55:51 -07:00
Kohsuke Kawaguchi
f5952f8e1d
Merge pull request #378 from jenkins-infra/container-names
...
set container names appropriately
2016-04-17 16:48:12 -07:00
Kohsuke Kawaguchi
9023cb171f
Consistent use of trailing period
2016-04-17 16:47:02 -07:00
Kohsuke Kawaguchi
996206ae14
Merge pull request #377 from jenkins-infra/ldap_cert
...
[INFRA-1] ordering between config & openldap module
2016-04-17 16:39:43 -07:00
Kohsuke Kawaguchi
b3ac9220b1
[INFRA-638] l10n.jenkins.io takes over l10n.jenkins-ci.org
...
new VM takes over the service previously hosted on cucumber
2016-04-17 16:38:47 -07:00
Kohsuke Kawaguchi
2bbc8b8230
set container names appropriately
...
This helps with datadog monitoring as dashboard can show proper names
2016-04-17 16:33:54 -07:00
Kohsuke Kawaguchi
dad7b18f0d
[INFRA-1] ordering between config & openldap module
...
Directory creation requires an user, so those settings have to happen
between the installation and the service execution, IIUC.
This is way more puppet than I'm comfortable with.
2016-04-17 16:29:26 -07:00
R. Tyler Croy
af418f3a9c
Merge pull request #375 from jenkins-infra/ldap_cert
...
[INFRA-1] deploy LDAPS
2016-04-17 16:26:52 -07:00
Kohsuke Kawaguchi
3b769605ed
Deploy SSL certs & run slapd with it
2016-04-17 16:10:55 -07:00
R. Tyler Croy
6445870b50
Merge pull request #374 from jenkins-infra/l10n
...
New image that creates indirection in /srv/l10n
2016-04-17 16:10:40 -07:00
Kohsuke Kawaguchi
ff05321028
New image that creates indirection in /srv/l10n
2016-04-17 15:35:20 -07:00
R. Tyler Croy
e74aa97cba
Merge pull request #371 from jenkins-infra/rtyler-patch-1
...
Zed's dead baby
2016-04-17 12:54:03 -07:00
R. Tyler Croy
ee422e22b4
Zed's dead baby
...
The tombstone profile will fail once things are removed. Only removing the profile frrom the role and not the files themselves so I can quickly get this out while doing other work lcoally
2016-04-17 12:23:27 -07:00
R. Tyler Croy
5474ff6093
Introduce ldap.jenkins.io certificates
2016-04-17 11:37:41 -07:00
Kohsuke Kawaguchi
ca5149ae9c
Merge pull request #369 from jenkins-infra/l10n
...
[INFRA-638] l10n moving to another machine take 2
2016-04-17 11:20:28 -07:00
Kohsuke Kawaguchi
ce0b4acb43
1007 was colliding
...
20xx are used by other service accounts.
2016-04-17 11:03:52 -07:00
Kohsuke Kawaguchi
a34b8ced18
apparently you cannot tell service to be absent
...
See https://docs.puppet.com/puppet/latest/reference/type.html#service-attribute-ensure
2016-04-17 11:02:28 -07:00
R. Tyler Croy
9bb8e24468
Merge pull request #367 from jenkins-infra/check-command
...
Added a command that runs tests locally more quickly
2016-04-17 10:10:21 -07:00
Kohsuke Kawaguchi
39565388ef
Adding a note, though fixture setup time is already discussed in README
2016-04-17 09:24:46 -07:00
Kohsuke Kawaguchi
bf2e472f1f
Added a command that runs tests locally more quickly
2016-04-17 08:47:09 -07:00
R. Tyler Croy
3f25333780
Merge pull request #366 from jenkins-infra/l10n
...
[INFRA-638] moving off l10n service from okra into new host
2016-04-17 08:47:08 -07:00
Kohsuke Kawaguchi
f6b1da325b
moving off l10n service from okra into new host
2016-04-17 08:40:21 -07:00
R. Tyler Croy
0e1c2b41a2
Merge pull request #364 from rtyler/mirrorbrain-dns-635
...
Add new A records for l10n. pkg. mirrors and ci.jenkins.io
2016-04-17 08:26:26 -07:00
R. Tyler Croy
d38c3fe432
Add new A records for l10n. pkg. mirrors and ci.jenkins.io
...
References INFRA-518, INFRA-635, INFRA-638
2016-04-17 08:08:43 -07:00
Kohsuke Kawaguchi
e9bcb0ede4
Merge pull request #362 from jenkins-infra/rating
...
New version that serves all PHPs over HTTPS
2016-04-16 23:50:41 -07:00
Kohsuke Kawaguchi
cb20a7c643
New version that serves all PHPs over HTTPS
2016-04-16 23:41:30 -07:00
Kohsuke Kawaguchi
28ffbb936c
Merge pull request #360 from jenkins-infra/rating
...
This file needs to be readable from apache
2016-04-16 23:16:57 -07:00
Kohsuke Kawaguchi
f69ac68248
This file needs to be readable from apache
...
... that processes rating app.
2016-04-16 23:09:43 -07:00
Kohsuke Kawaguchi
f78b286679
Merge pull request #358 from jenkins-infra/rating
...
wrong port mapping
2016-04-16 22:59:58 -07:00
Kohsuke Kawaguchi
f0c18c0f28
wrong port mapping
2016-04-16 22:44:53 -07:00
Kohsuke Kawaguchi
a5b355cce5
Merge pull request #356 from jenkins-infra/rating
...
Looks like I need this entry to be able to get the cert
2016-04-16 22:28:03 -07:00
Kohsuke Kawaguchi
92bb3c9b18
Looks like I need this entry to be able to get the cert
2016-04-16 22:20:24 -07:00
Kohsuke Kawaguchi
02a05d0f91
Merge pull request #354 from jenkins-infra/reorder
...
Perform lint first to speed up the check
2016-04-16 22:09:35 -07:00
Kohsuke Kawaguchi
2467204d69
Merge pull request #353 from jenkins-infra/rating
...
Exposing rating app to http
2016-04-16 22:09:25 -07:00
Kohsuke Kawaguchi
a94133d3d2
Expose over HTTPS
...
... so that when used from https://jenkins.io/ it doesn't cause a
browser to issue unsafe script warning
2016-04-16 22:00:17 -07:00
Kohsuke Kawaguchi
b155cb6195
Perform lint first to speed up the check
...
lint runs far more quickly
2016-04-16 21:57:55 -07:00
Kohsuke Kawaguchi
f5a07d3421
Exposing rating app to http
2016-04-16 21:44:18 -07:00
Kohsuke Kawaguchi
98924ba986
Merge pull request #350 from jenkins-infra/l10n
...
[INFRA-638] expose l10n service over HTTP
2016-04-16 21:07:22 -07:00
Kohsuke Kawaguchi
0842b6b539
Merge pull request #351 from jenkins-infra/rating
...
[INFRA-636] New version with correct URL
2016-04-16 21:06:45 -07:00
Kohsuke Kawaguchi
580d74d479
Merge branch 'staging' into l10n
2016-04-16 21:01:02 -07:00
Kohsuke Kawaguchi
9c1c812580
New version with correct URL
2016-04-16 21:00:12 -07:00
Kohsuke Kawaguchi
99a6daea2e
Merge pull request #349 from jenkins-infra/ratings
...
CORS in rating app
2016-04-16 20:50:42 -07:00
Kohsuke Kawaguchi
c9a933750d
Expose l10n service through apache
2016-04-16 20:47:47 -07:00
Kohsuke Kawaguchi
0edda6f0b9
Expose l10n.jenkins.io
2016-04-16 20:44:02 -07:00
Kohsuke Kawaguchi
c91f285839
[INFRA-636] http://rating.jenkins.io/
2016-04-16 20:38:44 -07:00
Kohsuke Kawaguchi
529e639f5e
CORS in rating app
2016-04-16 20:33:06 -07:00
R. Tyler Croy
8a464026cf
Merge pull request #347 from jenkins-infra/ratings
...
The name of the node is 'ratings' unlike the name of the app, which i…
2016-04-16 20:17:47 -07:00
Kohsuke Kawaguchi
ab84e14467
The name of the node is 'ratings' unlike the name of the app, which is 'rating'
...
(sigh)
2016-04-16 20:06:26 -07:00
Kohsuke Kawaguchi
2ce54fa457
Merge pull request #346 from jenkins-infra/psql
...
For convenience, make postgres client available on the host
2016-04-16 20:04:57 -07:00
Kohsuke Kawaguchi
22ad0845f9
For convenience, make postgres client available on the host
2016-04-16 19:55:03 -07:00
R. Tyler Croy
99484a76cd
Merge pull request #342 from jenkins-infra/INFRA-636
...
[INFRA-636] manage rating app
2016-04-16 19:45:05 -07:00
R. Tyler Croy
250612d5db
Merge branch 'staging' into INFRA-636
2016-04-16 19:37:33 -07:00
R. Tyler Croy
b8d589b0b7
Merge pull request #343 from jenkins-infra/l10n
...
uid needs to be fixed to number
2016-04-16 19:37:27 -07:00
R. Tyler Croy
e7867acf43
Merge branch 'staging' into l10n
2016-04-16 19:23:08 -07:00
R. Tyler Croy
cb52747c61
Merge pull request #344 from rtyler/ldap-cert-validation
...
Add a CNAME for DNS-based certificate validation
2016-04-16 19:23:01 -07:00
R. Tyler Croy
5df1ca8e4b
docker::run{username} must be a string
2016-04-16 18:03:36 -07:00
R. Tyler Croy
7ac3786ff6
Correct some minor puppet-lint errors
2016-04-16 18:01:22 -07:00
R. Tyler Croy
f47ed3fac6
Add a CNAME for DNS-based certificate validation
...
[FIX INFRA-640]
2016-04-16 17:58:52 -07:00
Kohsuke Kawaguchi
67421b92e0
uid needs to be fixed to number
...
... because docker tries to resolve this username inside the container,
not outside
2016-04-16 17:55:28 -07:00
Kohsuke Kawaguchi
4e0afaab53
[INFRA-636] manage rating app
2016-04-16 17:43:08 -07:00
R. Tyler Croy
4a26a36461
Merge pull request #340 from rtyler/ldap-a-record
...
Add an A record for ldap.jenkins.io
2016-04-16 17:25:35 -07:00
R. Tyler Croy
40d871e2c3
Add an A record for ldap.jenkins.io
2016-04-16 17:17:15 -07:00
R. Tyler Croy
50cf40bae0
Merge pull request #339 from rtyler/unclogged-the-puppets
...
Express the proper relationship to the Package[httpd] resource
2016-04-16 17:16:58 -07:00
R. Tyler Croy
2bfa8e3695
Express the proper relationship to the Package[httpd] resource
...
The 'apache2' package is installed on Ubuntu by puppetlabs/apache but the resource
in the catalogue is actually Package[httpd]. Likely for convenience-sake inside
of the apache module.
2016-04-16 17:04:50 -07:00
R. Tyler Croy
283bc29157
Merge pull request #337 from rtyler/ldap-vagrant
...
Vagrant-based testing of our ldapserver role
2016-04-16 15:12:18 -07:00
R. Tyler Croy
88b5524a5d
Update the vagrant bootstrapping to pull a more recent puppet from apt.puppetlabs.com
2016-04-16 15:02:42 -07:00
R. Tyler Croy
d47b783ab6
Add a basic serverspec file for the ldapserver role
2016-04-16 15:02:35 -07:00
R. Tyler Croy
2b18768117
Make our assumption that slapd will listen on a unix socket explicit
...
Based on comments from #334
2016-04-16 15:02:35 -07:00
R. Tyler Croy
47913474e5
Properly bail out from creating vagrant nodes for roles which have no serverspec
...
Really, everything should have serverspec, but sometimes we just don't :(
2016-04-16 15:02:31 -07:00
R. Tyler Croy
2a723fd8ec
Merge pull request #335 from jenkins-infra/l10n-server
...
[INFRA-638] Adding a managed l10n server
2016-04-16 14:49:14 -07:00
Kohsuke Kawaguchi
031f2ac949
Merge branch 'staging' into l10n-server
2016-04-16 14:21:18 -07:00
Kohsuke Kawaguchi
4cbb2abcd2
[INFRA-638] Adding a managed l10n server
2016-04-16 14:06:38 -07:00
R. Tyler Croy
da8e489afd
Merge pull request #334 from rtyler/ldap-ssl
...
Enable the appropriate interfaces for the openldap server
2016-04-16 13:44:41 -07:00
R. Tyler Croy
911bfd287e
Enable the appropriate interfacez for the openldap server
2016-04-16 13:25:26 -07:00
R. Tyler Croy
3b192a14e6
Merge pull request #330 from rtyler/ldap-coalescing
...
Merge profile::openldap into profile::ldap
2016-04-16 11:21:45 -07:00
R. Tyler Croy
90b15cd933
A node with the certname `ldap` running ldap? How delightfully absurd
...
[FIX INFRA-1]
2016-04-16 10:58:31 -07:00
R. Tyler Croy
604b8d376a
Remove the kale role
...
When we move into The Cloud (tm) our machines will finally stop being pets and
start being cattle.
2016-04-16 10:58:02 -07:00
R. Tyler Croy
ed89719c27
Merge profile::openldap work into profile::ldap
2016-04-16 10:57:44 -07:00
R. Tyler Croy
cefe375164
Correct a type and pull down the right camptocamp/openldap module for tests
2016-04-16 10:57:44 -07:00
Spencer Krum
6241ad483b
Setup openldap server via puppet
...
This uses the camptocamp openldap module. It defines a new host called
kale since cucumber is likely not the new host for holding an ldap
server.
New hiera keys:
ldap_rootpw (string)
New depenedencies:
libaugeas-ruby (for camptocamp/openldap)
2016-04-16 10:57:42 -07:00
R. Tyler Croy
214e6f6f2d
Merge pull request #332 from jenkins-infra/galapagos
...
Add a build more cross-platform support for profile::buildslave
2016-04-16 09:29:44 -07:00
R. Tyler Croy
9dd80c4356
Allow ruby management on build nodes to be disabled for Mac OS X
2016-04-16 09:20:59 -07:00
R. Tyler Croy
a1006fac41
Introduce a Mac buildnode role.
...
This is the first role that doesn't have a vegetable associated with it. As we
move towards more of a cloud-based infrastructure, our roles need to slowly
morph into the roles for a node instead of our "pet" machines we have right now.
This commit makes provisioning Docker on a profile::buildslave optional, since
Mac OS X is not going to run docker.
[FIX INFRA-601]
2016-04-16 09:20:51 -07:00
R. Tyler Croy
5a06659090
Merge pull request #329 from jenkins-infra/ldap-reset-script
...
Adding an ops script that resets LDAP password en mass
2016-04-16 07:16:54 -07:00
Kohsuke Kawaguchi
9b13a4d355
tab messup
2016-04-15 19:51:14 -07:00
Kohsuke Kawaguchi
41d5a4a96e
Adding an ops script that resets LDAP password en mass
2016-04-15 19:36:24 -07:00
Kohsuke Kawaguchi
5bef9bf7c4
Merge pull request #328 from jenkins-infra/new-osuosl-key
...
SSH key pair to be used to push bits into OSUOSL master mirror
2016-04-15 19:35:36 -07:00
Kohsuke Kawaguchi
3df9f94047
SSH key pair to be used to push bits into OSUOSL master mirror
2016-04-15 17:03:37 -07:00
R. Tyler Croy
fac16f1015
Merge pull request #325 from jenkins-infra/galapagos
...
Upgrade to a new accounts module which purges unmanaged ssh keys
2016-04-12 15:14:09 -07:00
R. Tyler Croy
21dc75b56a
Upgrade our internal testing version of Puppet to 4 to match production
2016-04-12 15:00:26 -07:00
R. Tyler Croy
e478268262
Upgrade to a new accounts module which purges unmanaged ssh keys
2016-04-12 14:33:24 -07:00
R. Tyler Croy
511a67e4bb
Merge pull request #323 from rtyler/new-ssh-key
...
New ssh key for danielbeck
2016-04-12 13:08:28 -07:00
R. Tyler Croy
93f76121c1
New ssh key for danielbeck
2016-04-12 12:48:02 -07:00
R. Tyler Croy
03731e87c5
Merge pull request #321 from rtyler/new-account-app
...
Deploy a new account app with fewer remote calls
2016-04-08 13:00:25 -07:00
R. Tyler Croy
b113b7e484
Deploy a new account app with fewer remote calls
...
See jenkins-infra/account-app#93
2016-04-08 12:50:05 -07:00
R. Tyler Croy
e537fb0c84
Merge pull request #319 from jenkins-infra/galapagos
...
Support for Darwin-based systems
2016-04-07 22:10:09 -07:00
R. Tyler Croy
a62585f3df
Roll out the updated puppet.jenkins.io A record
2016-04-07 21:59:31 -07:00
R. Tyler Croy
3e52b8a66a
Bump to a more Darwin-friendly version of the accounts module
2016-04-07 21:55:07 -07:00
R. Tyler Croy
d37cf7a3f6
Make sure the base profile provisions on OS X properly
...
This is next to impossible to test outside of running on an /actual/ Mac
attached to an /actual/ Puppet master right now. So this is a first stab at
things to run in a user specified environment
References INFRA-601
2016-04-07 21:55:07 -07:00
R. Tyler Croy
6af01c2d84
Remove out-dated client specific yaml
2016-04-07 21:55:07 -07:00
R. Tyler Croy
1941bacb58
Remove old r10k_options hiera data
2016-04-07 21:55:07 -07:00
R. Tyler Croy
0874dd9b30
We're in the future now, no need to be explicit about this!
...
In fact, with PE 2016.1.1 this causes a warning on every puppet run. =_=
2016-04-07 18:34:22 -07:00
R. Tyler Croy
26fda08b4d
Merge pull request #318 from rtyler/irc4
...
Upgrade to a puppet4 compatible puppet-irc module
2016-04-07 17:50:49 -07:00
R. Tyler Croy
9c9f4e3b31
Upgrade to a puppet4 compatible puppet-irc module
2016-04-07 17:41:30 -07:00
R. Tyler Croy
033027fd08
Merge pull request #317 from rtyler/how-many-gem-modules-are-there
...
Use the appropriate puppetserver_gem module for managing PE gems
2016-04-07 17:29:58 -07:00
R. Tyler Croy
2aa8c159ca
Use the appropriate puppetserver_gem module for managing PE gems
2016-04-07 17:23:19 -07:00
R. Tyler Croy
ea51cce71e
Merge pull request #316 from rtyler/manage-r10k
...
Re-introduce basic r10k management into jenkins-infra
2016-04-07 17:02:21 -07:00
R. Tyler Croy
5c4210e34c
Re-introduce basic r10k management into jenkins-infra
...
This is already manually set up on the PE 2016.1.1 machine, this simply ensures
that the configuration is managed and updated in the future
2016-04-07 16:56:19 -07:00
R. Tyler Croy
c7d3f6dac4
Merge pull request #315 from rtyler/new-keys-module
...
Update to a new jenkins-keys module which properly uses the puppetserver_gem provider on PE 2016.1.1
2016-04-07 16:56:02 -07:00
R. Tyler Croy
cea6ff9d76
Update to a new jenkins-keys module which properly uses the puppetserver_gem provider on PE 2016.1.1
2016-04-07 16:48:09 -07:00
R. Tyler Croy
60c2e7aa33
Merge pull request #313 from rtyler/pe2016_hiera
...
Reference the right hieradata path for the newer versions of PE
2016-04-07 16:39:25 -07:00
R. Tyler Croy
8cd6ecf998
Reference the right hieradata path for the newer versions of PE
2016-04-07 16:25:03 -07:00
R. Tyler Croy
27fe41857a
Merge pull request #312 from rtyler/validate_actually_validates
...
Ensure that the uid passed into docker::run() is a string
2016-04-06 15:57:37 -07:00
R. Tyler Croy
68eb066479
Merge branch 'staging' into validate_actually_validates
2016-04-06 15:50:44 -07:00
R. Tyler Croy
44e2d6d16b
Ensure that the uid passed into docker::run() is a string
...
docker::run() uses validate_string($username), and apparently under the Puppet 4
parser this is actually resulting in an error at catalogue compile-time which
should have been happening regardless.
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Evaluation Error: Error while evaluating a Function Call, 2002 is not a string. It looks to be a Fixnum at /etc/puppetlabs/puppet/environments/staging/modules/docker/manifests/run.pp:44:5 on node kelp
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
It seems in the legacy Puppet parser $uid was being coerced into a String, which
is goofy. What is this, JavaScript?
2016-04-06 15:44:06 -07:00
R. Tyler Croy
28e9482bf8
Merge pull request #310 from rtyler/dont-believe-the-hyphen
...
Remove hyphenated class names which are invalid in Puppet 4
2016-04-06 15:22:36 -07:00
R. Tyler Croy
eff4cbe3ba
Remove hyphenated class names which are invalid in Puppet 4
...
I should have caught this earlier, but didn't, woops.
2016-04-06 14:29:42 -07:00
R. Tyler Croy
19494633dd
Merge pull request #309 from jenkins-infra/pe_2015.3.3
...
Prepare for PE 2015.3.3
2016-04-06 09:53:16 -07:00
R. Tyler Croy
d8f3fa1fd3
Ensure the `validate` Rake task uses the future parser for Puppet4 compat
2016-04-06 09:06:22 -07:00
R. Tyler Croy
db31bf3672
tag is actually a meta-parameter in Puppet and shouldn't be overriden.
...
<https://docs.puppetlabs.com/puppet/latest/reference/metaparameter.html#tag >
2016-04-05 16:44:45 -07:00
R. Tyler Croy
9f29f33e67
Update the puppet-accont module to be more Puppet 4 compatible
2016-04-05 16:39:09 -07:00
R. Tyler Croy
35bbe3de1a
Enable the future parser to start working towards Puppet 4
2016-04-05 16:24:01 -07:00
R. Tyler Croy
cc03dc1517
Merge pull request #307 from rtyler/misc-576-fixes
...
Misc fixes related to INFRA-576
2016-04-05 11:52:41 -07:00
R. Tyler Croy
5181de42e3
Change the name of the eggplant node to match the new cert name
2016-04-05 11:43:48 -07:00
R. Tyler Croy
5661476f0c
remove the PE Console SMTP server setting for now
...
This might now longer be necessary, but with 3.8.4 something else is trying to
manage this file, resulting in constant changes on the master
2016-04-05 11:43:42 -07:00
R. Tyler Croy
5de818bf08
Ensure our environment_timeout is set to zero to disable caching
2016-04-05 11:43:41 -07:00
R. Tyler Croy
c51b2335ad
Merge pull request #305 from jglick/patch-1
...
IRC bot build 50
2016-04-05 07:37:02 -07:00
Jesse Glick
170b439b45
IRC bot build 50
2016-04-04 18:25:48 -04:00
R. Tyler Croy
2d367ef62c
Merge pull request #303 from jenkins-infra/new_pe
...
Support the new PE master
2016-04-01 11:00:12 -07:00
R. Tyler Croy
78301440a7
Remove the profile::r10k from the puppetmaster role
...
This r10k webhook is old and crufty, we should update our r10k update mechanism
See also INFRA-27
2016-04-01 10:51:07 -07:00
R. Tyler Croy
aaab509ad9
Disable duplicate resource for Service[pe-puppetserver]
...
The classification for the puppetserver node already has this resource declared,
so we'll just ensure that it's present and running
2016-04-01 10:51:04 -07:00
R. Tyler Croy
b5e1a5a5ff
Switch the hostname for the new puppetmaster to reflect reality
2016-04-01 08:49:12 -07:00
R. Tyler Croy
0b65ccfcb3
Merge pull request #301 from jenkins-infra/new_pe
...
Update site.pp for use on the new Puppet Enterprise host
2016-03-31 17:49:38 -07:00
R. Tyler Croy
5b049632c0
Update site.pp for use on the new Puppet Enterprise host
...
References INFRA-576
2016-03-31 17:40:09 -07:00
R. Tyler Croy
6cd025a4bd
Merge pull request #299 from rtyler/custom-environment-conf
...
Custom environment conf
2016-03-29 21:37:58 -07:00
R. Tyler Croy
b011686e3c
Merge branch 'staging' into custom-environment-conf
2016-03-29 21:07:00 -07:00
R. Tyler Croy
988de53e45
Insert our environment.conf directly into the control repo
...
This will make sure newer versions of PE will properly find our dist/ modules
2016-03-29 19:38:11 -07:00
R. Tyler Croy
28e8c73134
Merge pull request #297 from jenkins-infra/rtyler-patch-1
...
Incorporate some of the latest account-app changes
2016-03-28 14:50:00 -07:00
R. Tyler Croy
d5ad9d378a
Incorporate some of the latest account-app changes
2016-03-28 14:36:24 -07:00
R. Tyler Croy
31f47c1db1
Add some RSpec Puppet to verify that we're doing the right thing for datadog/apache integration
2016-03-25 15:18:31 -07:00
R. Tyler Croy
2514d5d8d6
Merge pull request #295 from rtyler/mpm_event
...
Use a better worker module for Apache when serving the static site
2016-03-25 14:45:27 -07:00
R. Tyler Croy
5c03360f37
Use a better worker module for Apache when serving the static site
...
I've already made this change in production due to an active site issue (HN hug
of death). This codifies that change for posterity
2016-03-25 14:14:03 -07:00
R. Tyler Croy
db9f3a4392
Merge pull request #293 from rtyler/account-app-needs-to-know-jira
...
Account app needs to know jira
2016-03-24 07:18:30 -07:00
R. Tyler Croy
b47722aed9
Make sure the jira-ldap-syncer code has access to LDAP too
2016-03-24 07:11:49 -07:00
R. Tyler Croy
b76fb4419f
Upgrade the accountaoo to something that respects our JIRA environment vars
2016-03-24 07:02:46 -07:00
R. Tyler Croy
81fc717da4
Pass JIRA information into the accountapp so it can sync accounts properly
2016-03-24 07:00:27 -07:00
R. Tyler Croy
7cec5ac04d
Merge pull request #291 from rtyler/more-tls-plz
...
One more build, this time with https
2016-03-23 20:43:42 -07:00
R. Tyler Croy
61f1c4fd7d
One more build, this time with https
2016-03-23 20:33:04 -07:00
R. Tyler Croy
5890f85413
Merge pull request #289 from rtyler/new-accountapp-theme
...
Roll the new account-app with a new look thanks to @kohsuke
2016-03-23 20:06:14 -07:00
R. Tyler Croy
2915a036b2
Roll the new account-app with a new look thanks to @kohsuke
2016-03-23 19:58:23 -07:00
R. Tyler Croy
1c2736720b
Merge pull request #287 from rtyler/misc-tidiness
...
Miscellaneous post-deploy fixens
2016-03-23 19:26:05 -07:00
R. Tyler Croy
b2339d579a
Upgrade toe a more recent version of puppetlabs/apache which has good SSL defaults
...
Basically with 1.8.1 bad versions of SSL are disabled automatically, yey.
2016-03-23 18:54:38 -07:00
R. Tyler Croy
a73859faad
Upgrade to an account-app that actually uses the url from its configuration
2016-03-23 18:44:24 -07:00
R. Tyler Croy
55b3ad33b8
Merge pull request #285 from rtyler/off-the-chain
...
Include the certificate chain to properly serve our TLS content
2016-03-23 18:38:45 -07:00
R. Tyler Croy
400c85423a
Include the certificate chain to properly serve our TLS content
...
Thanks to @dblessing and @piru for the help identifying this issue and the fix
2016-03-23 18:29:04 -07:00
R. Tyler Croy
dff0949428
Merge pull request #283 from rtyler/install-letsencrypt-certs
...
Pick up the proper SSL certificates from letsencrypt on disk
2016-03-23 17:29:22 -07:00
R. Tyler Croy
53c2427f5e
Merge pull request #282 from rtyler/new-accountapp
...
Upgrade the accountapp container to live at the root of its jetty`
2016-03-23 17:22:21 -07:00
R. Tyler Croy
c24867d4d0
Pick up the proper SSL certificates from letsencrypt on disk
2016-03-23 17:21:58 -07:00
R. Tyler Croy
c917c47f5e
Upgrade the accountapp container to live at the root of its jetty installation
2016-03-23 17:11:04 -07:00
R. Tyler Croy
f7ea728577
Merge pull request #278 from rtyler/accounts-subdomain-613
...
Puppetize the accounts-app and move it over to eggplant
2016-03-23 16:52:43 -07:00
R. Tyler Croy
12db0ac758
Only request certificates from letsencrypt.org when we're in production
...
The challenge here is that when we're running in vagrant/serverspec, letsencrypt
won't be able to complete the challenge to verify the authenticity of our
request.
2016-03-23 16:41:03 -07:00
R. Tyler Croy
e7cf5756ba
Start preparing the vhosts for jenkins.io switchover
...
References WEBSITE-51
2016-03-23 16:21:53 -07:00
R. Tyler Croy
db02248018
Move the letsencrypt setup out to its own profile for reuse
2016-03-23 16:21:53 -07:00
R. Tyler Croy
708ca3e690
Explicitly invoke hiera() for declaring the letsencrypt class
...
22:26 < rtyler> danzilio: so if I use a class declaration with explicit calls to hiera() this works
22:27 < rtyler> danzilio: I believe this is because $email is a param on letsencrypt::config and $server is not
22:27 < rtyler> so the hiera class param mashing is discarding it
*shrug*
2016-03-23 16:02:20 -07:00
R. Tyler Croy
e84e589063
Ensure the vagrant yaml configuration takes highest priority
...
Otherwise, production values will always show up in testing
2016-03-23 16:02:20 -07:00
R. Tyler Croy
cea0a63fd1
Incorporate @danzilio's great letsencrypt module for managing our certificates
...
The only "hitch" here is that we need to roll DNS entries out ahead of these
vhost changes to make sure that letsencrypt servers can find the right domain
when this hits production
2016-03-23 16:02:20 -07:00
R. Tyler Croy
c362395237
Add apache vhosts for serving up accounts.jenkins.io
...
puppetlabs/apache really does make all this so much easier than doing it
manually. ❤️
2016-03-23 16:02:20 -07:00
R. Tyler Croy
85045442e3
Include apache::mod::proxy* modules in a safer manner
...
This ensures we don't hit any duplicate resource declaration warnings, which can
happen since apache::vhost with the proxy_pass directive will attempt to declare
a resource for apache::mod::proxy
2016-03-23 16:02:20 -07:00
R. Tyler Croy
01e0c9d0f5
Introduce profile::accountapp with parameters for configuring the account-app container
...
Fixes INFRA-11, INFRA-613
2016-03-23 16:02:20 -07:00
R. Tyler Croy
aa6b25c865
Allow accounts.jenkins.io to access LDAPs
2016-03-23 16:02:20 -07:00
R. Tyler Croy
1b40885c93
Add a basic shared example to ensure a host is running Docker properly
2016-03-23 16:02:06 -07:00
R. Tyler Croy
a3d9388141
Create a distinction between SSL enable Apache serverspec and not
...
Basically if profile::apache-cert isn't included in a role, the Apache instance
will correctly not have any SSL enabled bits.
This updates our serverspec to reflect that appropriately
2016-03-23 16:02:06 -07:00
R. Tyler Croy
f2a0f956ba
Create scaffolding and CNAMEs
2016-03-23 16:02:06 -07:00
R. Tyler Croy
4959ec999c
Merge pull request #279 from rtyler/accounts
...
Create CNAMes for accounts.j.io
2016-03-23 15:55:45 -07:00
R. Tyler Croy
c14b93fed4
Create CNAMes for accounts.j.io
2016-03-23 15:45:12 -07:00
R. Tyler Croy
aaf0cd43fe
Merge pull request #276 from rtyler/530
...
Prune legacy site deployments after a new site deployment completes
2016-03-21 14:08:37 -07:00
R. Tyler Croy
1960ee471c
Prune legacy site deployments after a new site deployment completes
...
Fixes INFRA-530
2016-03-21 13:53:42 -07:00
R. Tyler Croy
0f4590fe1f
Merge pull request #274 from jenkins-infra/no-recursive-dns
...
Upgrade to the latest bind container which prohibits recursive queries
2016-03-15 16:06:27 -07:00
R. Tyler Croy
e104e72cd4
Upgrade to the latest bind container which prohibits recursive queries
2016-03-15 15:34:20 -07:00
Kohsuke Kawaguchi
34ff99f013
Merge pull request #272 from rtyler/infra-6000
...
Create a new profile for managing a Jenkins master
2016-03-07 18:08:58 -08:00
R. Tyler Croy
aab8aa22d6
Create a new profile for managing a Jenkins master
...
Right now this will obviously only be applied to Cucumber, but hopefully this
allows us to get to the point where we can migrate ci.j.o off that host
entirely
Fixes INFRA-600
2016-03-07 17:48:02 -08:00
R. Tyler Croy
205a3d1768
Merge pull request #270 from rtyler/reduce-cycling-on-kelp
...
Use the docker::image resource to prevent repeated pulls of 'latest'
2016-03-03 09:12:30 -08:00
R. Tyler Croy
245b5a2678
Use the docker::image resource to prevent repeated pulls of 'latest' tags
2016-03-03 08:14:55 -08:00
R. Tyler Croy
e273b98d08
Merge pull request #268 from jenkins-infra/certs
...
New certificates for JIRA and Confluence
2016-02-28 20:47:08 -08:00
Kohsuke Kawaguchi
ed3d9b5e38
New certificates for JIRA and Confluence
2016-02-28 20:38:55 -08:00
Kohsuke Kawaguchi
db2c4b6579
Merge pull request #266 from jenkins-infra/demo
...
Demo instance wave #3
2016-02-25 18:40:37 -08:00
Kohsuke Kawaguchi
a12d6976bc
demo instance is locked down enough that it can be exposed to public now
...
I need this for GitHub to be able to deliver a hook
2016-02-25 18:22:03 -08:00
Kohsuke Kawaguchi
49e93eaabe
restart demo instance when the definition changes
...
For example, when the new image is specified
2016-02-25 18:22:03 -08:00
Kohsuke Kawaguchi
a7cc3991d8
Merge pull request #264 from jenkins-infra/demo
...
demo.jenkins-ci.org wave 2
2016-02-25 16:29:48 -08:00
Kohsuke Kawaguchi
e10f9f3a84
Fix up tests
2016-02-25 16:24:28 -08:00
Kohsuke Kawaguchi
94975e179c
Missed earlier renaming effort
2016-02-25 16:16:56 -08:00
Kohsuke Kawaguchi
9ebb1ae70b
Need a newer version
...
... as this version contains Pipeline as Code
2016-02-25 16:16:47 -08:00
R. Tyler Croy
23ba5df1a1
Merge pull request #262 from jenkins-infra/jenkins2demo
...
Deploy Jenkins 2.0 demo site
2016-02-25 15:42:34 -08:00
Kohsuke Kawaguchi
d6799a230b
Renamed to 'demo' based on Tyler's feedback
2016-02-25 15:19:35 -08:00
Kohsuke Kawaguchi
2fa5544a98
Make mod_proxy available by default
...
Most of the time we use Apache to reverse proxy, so it makes sense to just enable them out of the box all the time.
There's little harm in enabling this mod without using it.
2016-02-25 14:45:57 -08:00
Kohsuke Kawaguchi
8f63cbe91a
Wired up to Apache to reverse proxy
2016-02-25 14:45:05 -08:00
Kohsuke Kawaguchi
71a39edada
Deploying this on an available box
...
It could have been anything but kelp looks empty enough
2016-02-25 14:45:05 -08:00
Kohsuke Kawaguchi
81920bfbe9
this is how we do it in Vagrant 1.7+
...
See https://www.vagrantup.com/docs/providers/basic_usage.html
2016-02-25 14:45:05 -08:00
Kohsuke Kawaguchi
ebcfc3ebd8
added a module to launch Jenkins 2 for demonstration
2016-02-25 14:45:05 -08:00
R. Tyler Croy
b81e625a6b
Merge pull request #260 from daniel-beck/ircbot-build46
...
Update ircbot
2016-02-24 14:36:50 -08:00
Daniel Beck
dcf2e46ed0
Update ircbot
2016-02-24 23:25:09 +01:00
R. Tyler Croy
08d168f537
Merge pull request #259 from larrys/patch-2
...
Helps if I copy the right public key.
2016-02-24 11:25:28 -08:00
Larry Shatzer, Jr
19db74cb17
Helps if I copy the right public key.
2016-02-24 11:47:05 -07:00
R. Tyler Croy
c3d09a6226
Merge pull request #258 from larrys/patch-1
...
Adding ssh key to lshatzer
2016-02-24 10:39:10 -08:00
Larry Shatzer, Jr
02f545b913
Adding ssh key to lshatzer
2016-02-24 11:29:20 -07:00
R. Tyler Croy
6422b5dcef
Merge pull request #256 from rtyler/purge-cabbage
...
Remove cabbage files as the machine has since passed on
2016-02-20 14:08:33 -08:00
R. Tyler Croy
34519670c3
Merge branch 'staging' into purge-cabbage
2016-02-20 14:06:11 -08:00
R. Tyler Croy
6eb338e87d
Merge pull request #255 from rtyler/infra-572
...
Provision spinach as a proper Jenkins buildslave
2016-02-20 14:06:03 -08:00
R. Tyler Croy
c76fb050c0
Remove cabbage files as the machine has since passed on
2016-02-20 14:00:57 -08:00
R. Tyler Croy
76661b3c89
Provision spinach as a proper Jenkins buildslave
...
Fixes INFRA-572
2016-02-20 13:58:40 -08:00
R. Tyler Croy
6d16ca05d8
Merge pull request #253 from rtyler/infra-390
...
Fix INFRA-390
2016-02-20 12:59:06 -08:00
R. Tyler Croy
b73530c17f
Disable SSLv2/3 for all apache2 hosts
...
Fixes INFRA-390
2016-02-20 12:48:08 -08:00
R. Tyler Croy
f7123deed1
Merge pull request #252 from rtyler/infra-514-fixes
...
Fixes accompanying INFRA-514
2016-02-20 12:23:29 -08:00
R. Tyler Croy
9a863c40eb
Whoops, can't provision m4.larges outside of a VPC
2016-02-20 12:20:02 -08:00
R. Tyler Croy
b65335a841
Upgrade the vagrant-aws testing instances to stock 14.04 AMIs
...
Now that we're fairly consistent at 14.04.4 all future serverspec testing
should be happening against it.
References INFRA-514
2016-02-20 12:13:02 -08:00
R. Tyler Croy
005992f481
Update the remainder of /usr/sbin/rotatelogs references
...
References INFRA-514
2016-02-20 11:11:11 -08:00
R. Tyler Croy
e11baf4399
Correct the same erroneous apache configuration I saw on archive.jenkins-ci.org
...
References INFRA-514
2016-02-20 11:11:05 -08:00
R. Tyler Croy
5fbd4c3f76
On the apache2 package distributed with 14.04.4, rotatelogs has moved
...
I've set up a symbolic link from /usr/sbin/rotatelogs on okra for now to
accomodate this
References INFRA-514
2016-02-20 10:12:40 -08:00
R. Tyler Croy
ec0f0e24c9
Fix typo in the archives vhost snippet
...
The directory "archive.jenkins.org" doesn't actually exist anywhere
References INFRA-514
2016-02-20 10:12:14 -08:00
R. Tyler Croy
5ad462136d
Merge pull request #250 from rtyler/more-bits
...
Add the other IPv6 addresses for our nodes which are running in Rackspace Cloud
2016-02-18 16:48:00 -08:00
R. Tyler Croy
ada4468e92
Add the other IPv6 addresses for our nodes which are running in Rackspace Cloud
2016-02-18 16:23:05 -08:00
R. Tyler Croy
5f4656326f
Merge pull request #248 from rtyler/package-docker
...
Turns out rspec-puppet doesn't validate that required resource is in the catalogue
2016-02-18 14:52:02 -08:00
R. Tyler Croy
7cf7908071
Turns out rspec-puppet doesn't validate that required resource is in the catalogue
...
Fixes INFRA-573
2016-02-18 14:45:37 -08:00
R. Tyler Croy
dc3f857029
Merge pull request #247 from rtyler/i-before-e-except-after-c
...
Ensure the docker group exists before we attempt to great the 'jenkins' user
2016-02-18 14:28:35 -08:00
R. Tyler Croy
566c5c8f4e
Ensure the docker group exists before we attempt to great the 'jenkins' user
...
Fixes INFRA-573
2016-02-18 14:19:53 -08:00
R. Tyler Croy
915e81bbb7
Merge pull request #245 from rtyler/kelp-dns
...
Add A and AAAA records for kelp
2016-02-18 13:57:27 -08:00
R. Tyler Croy
549fdf98c0
Add A and AAAA records for kelp
...
IPv6: http://cloud-3.steamusercontent.com/ugc/539644405494556317/47C2F86059C34ABA50098707C2A959F1E3327B08/
2016-02-18 13:50:15 -08:00
R. Tyler Croy
915bf85abc
Merge pull request #244 from rtyler/kelp-is-on-the-way
...
Provision Kep as a new machine in our rackspace account
2016-02-18 13:44:05 -08:00
R. Tyler Croy
94ef9cbe84
Provision Kep as a new machine in our rackspace account
...
Cabbage is dead y'all
References INFRA-570
2016-02-18 13:23:52 -08:00
R. Tyler Croy
748ed24948
Merge pull request #242 from rtyler/atlassian-dockerizer
...
Expand the list of commands atlassian-admins can touch to /usr/bin/docker
2016-02-15 13:50:20 -08:00
R. Tyler Croy
2a1b3b1e01
Expand the list of commands atlassian-admins can touch to /usr/bin/docker
...
This should ensure that atlassian-admins can inspect and interact with the
containers running atlassian services
2016-02-13 19:16:28 -08:00
R. Tyler Croy
6f50f652c4
Merge pull request #240 from rtyler/new-confluence
...
Use a confluence container with a proper oomkill script
2016-02-13 08:18:48 -08:00
R. Tyler Croy
fcbf26dea6
Use a confluence container with an oomkill script instead
2016-02-12 16:38:13 -08:00
R. Tyler Croy
eef6ca7e63
Merge pull request #238 from rtyler/new-confluence
...
Bump confluence again
2016-02-12 15:19:52 -08:00
R. Tyler Croy
36755c57a9
Bump confluence again
2016-02-12 15:12:00 -08:00
R. Tyler Croy
f9c56e3de6
Merge pull request #236 from rtyler/new-confluence
...
Deploy the newest build of confluence
2016-02-12 14:25:31 -08:00
R. Tyler Croy
d6cefca6ed
Deploy the newest build of confluence
...
Fixes INFRA-383
2016-02-12 13:32:45 -08:00
R. Tyler Croy
d683f162bf
Merge pull request #234 from rtyler/deploy-site-fix
...
Handle sorting by the version numbers when selecting an archive
2016-02-12 12:36:04 -08:00
R. Tyler Croy
cda74d378f
Handle sorting by the version numbers when selecting an archive to deploy properly
2016-02-12 12:23:35 -08:00
R. Tyler Croy
b5ffa99757
Merge pull request #232 from rtyler/firewallfix
...
Include the properly scoped "root" firewall module
2016-02-11 15:11:06 -08:00
R. Tyler Croy
bad6345893
Include the properly scoped "root" firewall module
2016-02-11 14:59:13 -08:00
R. Tyler Croy
69eb9358eb
Merge pull request #231 from rtyler/managing-openldap
...
Start managing slapd inside of jenkins-infra
2016-02-11 13:59:17 -08:00
R. Tyler Croy
6fbbeb9240
Add firewall rules from infra-puppet for managing slapd
...
This commit also introduces the passing, but basic, serverspec tests for ldap
2016-02-11 13:41:58 -08:00
R. Tyler Croy
080fc8c69a
Incorporate process monitoring for slapd on the profile::ldap module
...
Fixes INFRA-560
2016-02-09 08:58:17 -08:00
R. Tyler Croy
dbe2b7abc1
Ensure we have the diagnostics tools on cucumber now
2016-02-09 08:06:45 -08:00
R. Tyler Croy
d45e1b7514
Import management of openldap from infra-puppet into the jenkins-infra code
...
This should make it easier to add additional monitoring around slapd on
cucumber right now
References INFRA-560
2016-02-09 08:00:26 -08:00
R. Tyler Croy
322277025b
Merge pull request #230 from rtyler/minor-zonefile-fix
...
Correct a warning in our jenkins-ci.org zonefile
2016-02-08 09:30:55 -08:00
R. Tyler Croy
e888c073a9
Correct a warning in our jenkins-ci.org zonefile
...
non-fatal, but about time to fix it
docker run --rm -v $PWD:/data kohsuke/named-checkzone -k fail jenkins-ci.org dist/profile/files/bind/jenkins-ci.org.zone
zone jenkins-ci.org/IN: jenkins-ci.org/MX 'gherkin.jenkins-ci.org' is a CNAME (illegal)
zone jenkins-ci.org/IN: loaded serial 2011122901
2016-02-08 08:59:01 -08:00
R. Tyler Croy
3f4244149f
Merge pull request #228 from rtyler/upstreamed-datadog-agent
...
Upgrade to the datadog_agent module 1.6.0
2016-01-23 00:12:04 -08:00
R. Tyler Croy
0bcab5b305
Upgrade to the datadog_agent module 1.6.0 which contains some of our modifications
2016-01-22 22:39:27 -08:00
Kohsuke Kawaguchi
777c8c153f
Merge pull request #226 from jenkins-infra/mailgun
...
Adding MX record for receiving emails
2016-01-22 11:56:47 -08:00
Kohsuke Kawaguchi
fcaf02cdb9
Fixing warning based on named-checkzone
2016-01-22 11:38:04 -08:00
Kohsuke Kawaguchi
7a91d18e42
Adding MX record for receiving emails
2016-01-22 11:35:26 -08:00
R. Tyler Croy
9aadc164ec
Merge pull request #225 from rtyler/new-jenkinsfile
...
New Jenkinsfile that's ready for running the builds
2016-01-20 16:22:27 -08:00
R. Tyler Croy
ca3171c4d9
Add dockerfile for building the appropriate jenkins-infra test image
2016-01-20 12:21:47 -08:00
R. Tyler Croy
c9ca176870
Introduce more gizmos with parallel() to break the work across nodes
2016-01-20 11:51:57 -08:00
R. Tyler Croy
d37ff9e4ad
Take a stab at a fairly simplistic, linear Jenkinsfile for this repo
2016-01-20 11:51:46 -08:00
R. Tyler Croy
80596114b6
Merge pull request #223 from rtyler/manual-serverspec-sucks
...
Ensure that the Apache installation fronting JIRA has mod_rewrite ena…
2016-01-18 11:11:02 -08:00
R. Tyler Croy
e7e449f34d
Ensure that the Apache installation fronting JIRA has mod_rewrite enabled
...
This type of thing is unfortunately still only caught by manual testing >_<
2016-01-18 10:22:59 -08:00
R. Tyler Croy
9585b9fae9
Merge pull request #222 from rtyler/jira-bots
...
Add the bot abuse prevention measures to JIRA
2016-01-18 10:17:14 -08:00
R. Tyler Croy
27574ca793
Add the bot abuse prevention measures to JIRA
...
Since these were deployed on confluence, no sense not to have them on JIRA too
2016-01-18 09:56:37 -08:00
R. Tyler Croy
1ff467d973
Merge pull request #220 from rtyler/old-confluence-container-blergh
...
Revert "Revert "Revert "Upgrade confluence build to include some sett…
2016-01-17 19:15:53 -08:00
R. Tyler Croy
97cc080077
Revert "Revert "Revert "Upgrade confluence build to include some settings changes"""
...
This reverts commit a12752195e
.
Everything equal it appears that disabling LDAP caching causes Confluence to
become overwhelmed with the inbound requests
2016-01-17 19:00:10 -08:00
R. Tyler Croy
f9336602a7
Merge pull request #218 from rtyler/rewrite-foo
...
Prevent bots from hammering the wiki by nuking them directly from apache
2016-01-17 18:41:21 -08:00
R. Tyler Croy
675e4bdfc7
Prevent bots from hammering the wiki by nuking them directly from apache
...
Also prevent any bots from hitting /label which is a pretty big spam vector
2016-01-17 18:31:41 -08:00
R. Tyler Croy
f223a6986d
Merge pull request #216 from rtyler/cleaner-confluence-linking
...
Cleaner confluence linking
2016-01-17 16:48:46 -08:00
R. Tyler Croy
a12752195e
Revert "Revert "Upgrade confluence build to include some settings changes""
...
This reverts commit 191cc93a8f
.
See my previous commit, this was an erroneous rollback on my part
2016-01-17 16:34:34 -08:00
R. Tyler Croy
f95c0e6780
Remove hacky hard-coding of IP addresses when binding confluence and confluence-cache together
...
This took me an awful long time to figure out, the IP addresses used on the
production host didn't really guarantee that they would be there after reboots,
etc.
I had previously misattributed an availability failure of the recent confluence
container tag to be the container, but really it was this hard-coded IP address
which was no longer correct.
By using --link we ensure that the confluence-cache container gets updated with
the appropriate /etc/hosts information to hit confluence:8080
2016-01-17 16:34:29 -08:00
R. Tyler Croy
c0ada2e0e1
Merge pull request #214 from rtyler/previous-confluence-cache
...
Revert "Upgrade confluence build to include some settings changes"
2016-01-17 14:15:50 -08:00
R. Tyler Croy
191cc93a8f
Revert "Upgrade confluence build to include some settings changes"
...
This reverts commit f13746f814
.
2016-01-17 14:07:03 -08:00
R. Tyler Croy
c2efca3400
Merge pull request #212 from rtyler/docker-consistency
...
Ensure that we're consistently running v1.8.1 across the cluster
2016-01-17 13:35:47 -08:00
R. Tyler Croy
0107e79b0a
Ensure that we're consistently running v1.8.1 across the cluster
2016-01-17 13:25:14 -08:00
R. Tyler Croy
6ebd041a0c
Merge pull request #210 from rtyler/dockerhub-keys
...
Dockerhub keys for publishing from buildslaves
2016-01-14 11:47:40 -08:00
R. Tyler Croy
80af12aa73
Install the appropriate dockerhub deployment keys onto our buildslaves
2016-01-14 11:38:42 -08:00
R. Tyler Croy
cb0ff4b5db
Refactor the buildslave shared contexts into their own file
2016-01-14 11:38:42 -08:00
R. Tyler Croy
6f19a7fa5d
Merge pull request #209 from rtyler/infra-546
...
Set the hidden configuration "UseRoaming no" to prepare for impending…
2016-01-14 11:18:16 -08:00
R. Tyler Croy
34c2f516d3
Set the hidden configuration "UseRoaming no" to prepare for impending openssh vulnerability
...
See: http://www.mail-archive.com/misc@openbsd.org/msg144351.html
Fixes INFRA-546
2016-01-14 09:51:21 -08:00
R. Tyler Croy
f6531051b3
Merge pull request #208 from jenkins-infra/docker-hub-key
...
Added a credential for pushing bits to Docker Hub
2016-01-13 22:26:22 -08:00
Kohsuke Kawaguchi
e9c8f21e39
Added a credential for pushing bits to Docker Hub
2016-01-13 15:34:44 -08:00
R. Tyler Croy
e63b1f12e9
Merge pull request #206 from rtyler/confluence-container-update
...
Upgrade confluence build to include some settings changes
2016-01-13 13:11:51 -08:00
R. Tyler Croy
f13746f814
Upgrade confluence build to include some settings changes
...
This really needs to come out of the container IMHO, I should need a full
container rebuild for this
2016-01-13 13:00:11 -08:00
R. Tyler Croy
d0165eb98e
Merge pull request #204 from rtyler/staging
...
Ensure that the Jenkins buildslave can actually access docker
2016-01-12 16:51:42 -08:00
R. Tyler Croy
6e85943383
Ensure that the Jenkins buildslave can actually access docker
...
This is related to INFRA-544 but doesn't resolve that particular issue. When I
added `profile::docker` to the buildslave profile, I should have ensured that
the Jenkins user could actually interact with the running docker daemon
2016-01-12 16:36:58 -08:00
R. Tyler Croy
b6bf4b96ef
Merge pull request #202 from rtyler/infra-544
...
Ensure the make and build-essential packages are on all buildslaves
2016-01-12 16:20:35 -08:00
R. Tyler Croy
14632f5e5d
Ensure the make and build-essential packages are on all buildslaves
...
Contrary to my assumption these were not already present everywhere.
Fixes INFRA-544
2016-01-12 16:06:50 -08:00
R. Tyler Croy
f6a531412f
Merge pull request #200 from rtyler/ircbot-deploy
...
Ircbot deploy
2016-01-07 11:27:01 -08:00
R. Tyler Croy
69ce2d4003
Prepare ircbot build44 for deployment
...
This commit also includes a minor refactor to move the container's tag out into
hiera so it can be overwritten on an environment or client basis for easier
management
2016-01-07 10:42:15 -08:00
R. Tyler Croy
354f14d21b
Service jenkins.io requests from the beta site in addition to beta.jenkins.io
2015-12-31 12:30:18 -08:00
R. Tyler Croy
e6115c5b48
Add a drupal cname for cucumber while we migrate the site
...
This will help identify/cross-reference any missing little pieces of content
2015-12-31 08:40:38 -08:00
R. Tyler Croy
6d05dd73a5
Drop github's actual hostkeys, not just the fingerprints onto buildslaves
2015-12-30 16:55:12 -08:00
R. Tyler Croy
ac8547d438
Puppet Enterprise disagrees with the whitespaces in these resource names
2015-12-30 12:09:12 -08:00
R. Tyler Croy
3c604d381f
Merge pull request #196 from rtyler/infra-529
...
Add the GitHub SSH host keys to build slaves
2015-12-30 11:40:02 -08:00
R. Tyler Croy
a7a42c8c70
Add the GitHub SSH host keys to build slaves
...
Fixes INFRA-529
2015-12-30 11:30:40 -08:00
R. Tyler Croy
4efb41cbb0
Merge pull request #194 from rtyler/betasite-handling
...
Add support for deploying the new fancy beta site alongside legacy site
2015-12-28 18:37:04 -08:00
R. Tyler Croy
c17af30da9
Add support for deploying the new fancy beta site alongside the legacy site
2015-12-28 18:28:11 -08:00
R. Tyler Croy
6d1d02dc00
Merge pull request #193 from rtyler/infra-527
...
Manage another previously unmanaged SSH key
2015-12-28 12:52:52 -08:00
R. Tyler Croy
125465fd9b
Introduce a previously unmanaged SSH private key for jenkins build nodes
...
Fixes INFRA-527
2015-12-28 12:37:53 -08:00
R. Tyler Croy
9728d68cc8
Add serverspec examples for cabbage
2015-12-28 12:25:40 -08:00
R. Tyler Croy
b2d157e005
Merge pull request #191 from rtyler/infra-525
...
Enable hard fails for SPF records
2015-12-23 12:56:25 -08:00
R. Tyler Croy
32cd7b3b82
Enable more hard fails for SPF records
...
Fixes INFRA-525
2015-12-23 11:38:40 -08:00
R. Tyler Croy
6a687c85d5
TUrns out there's no version of stahnma/epel at 1.1.2
...
typo'd!
2015-12-23 11:15:46 -08:00
R. Tyler Croy
0064624565
Add a vhost for beta.jenkins.io
2015-12-22 16:20:23 -08:00
R. Tyler Croy
e2a09e6e31
Bring some A records into jenkins.io and some basic cnames to get working
2015-12-22 16:17:49 -08:00
R. Tyler Croy
2ab762db9d
Revert "Upgrade to the latest support version of the puppetlabs-apt module"
...
This reverts commit 71cfdfa6c3
.
I completely forgot that the current docker module we're using, and newer
versions of puppetlabs/apt do not play along together well at all. This wasn't
noticed because the AMI I'm using for integration testing has docker already
pre-installed
Conflicts:
Puppetfile
2015-12-22 15:22:56 -08:00
R. Tyler Croy
8385c51585
Merge pull request #188 from rtyler/jenkins.io-zone
...
Introduce the basic zone file for jenkins.io into our infrastructure
2015-12-22 15:21:02 -08:00
R. Tyler Croy
ace2229a3f
Introduce the basic zone file for jenkins.io into our infrastructure
...
Fixes INFRA-485
2015-12-22 14:39:58 -08:00
R. Tyler Croy
fb7f74e165
Merge pull request #186 from rtyler/module-updates
...
Various Puppet module updates
2015-12-22 13:47:53 -08:00
R. Tyler Croy
e5098a2633
Upgrade epel module, we don't really make much use of RH anymore
2015-12-22 13:21:52 -08:00
R. Tyler Croy
71cfdfa6c3
Upgrade to the latest support version of the puppetlabs-apt module
...
This is a fairly major bump, but it doesn't appear to contain any backwards
incompatible changes for us
(https://forge.puppetlabs.com/puppetlabs/apt/changelog )
2015-12-22 13:19:13 -08:00
R. Tyler Croy
49839030e0
Update to the latest supported git module
...
The changelog (https://forge.puppetlabs.com/puppetlabs/git/changelog ) doesn't
include anything major in any way shape or form, so yey?
2015-12-22 13:17:49 -08:00
R. Tyler Croy
9a24e4fc1a
Upgrade the inifile module
...
There's nothing mind-blowing in this changelog
(https://forge.puppetlabs.com/puppetlabs/inifile/changelog ) but it's all
relatively minor bugfixes and features so why not
2015-12-22 13:13:05 -08:00
R. Tyler Croy
e42e7fe8e7
Upgrade the gcc and ruby modules to include more polite package management
...
ensure_packages() is always better IMHO
2015-12-22 13:04:32 -08:00
R. Tyler Croy
1d47e05c4d
Merge pull request #185 from rtyler/infra-517
...
Add docker to buildslaves
2015-12-22 12:29:00 -08:00
R. Tyler Croy
b74fc16267
Add docker to our build slave profiles
...
Fixes INFRA-517
2015-12-22 10:57:02 -08:00
R. Tyler Croy
5ff47c4ae1
Upgrade the ntp module
2015-12-22 10:55:36 -08:00
R. Tyler Croy
c15ed7dd93
The only way to get the account{} resource to do what you want is to pour over code
...
It turns out you can pass a string into the $gid parameter and even if you set
it, you still have to tell the module to not create a bloody group for you.
This should finally get the constant churn on the group membership cleaned up
Actually fixes INFRA-513
2015-12-21 18:10:46 -08:00
R. Tyler Croy
6da352c8ab
Rev the puppet-datadog_agent module to mark change events as 'normal' priority
2015-12-21 16:51:02 -08:00
R. Tyler Croy
fb93327bf5
Merge pull request #182 from rtyler/pluginsync-master
...
Switch pluginsync to true for the puppet master configuration
2015-12-21 16:21:07 -08:00
R. Tyler Croy
450c973510
Switch pluginsync to true for the puppet master configuration
2015-12-21 16:01:53 -08:00
R. Tyler Croy
f70453405f
Merge pull request #181 from rtyler/infra-513
...
Address INFRA-513 with defined group permissions
2015-12-21 15:49:34 -08:00
R. Tyler Croy
40489ad72e
Ensure consistent group permissions on the site-deployer's files
...
This change also increases the frequency that the deploy-site script can be
run but to make sure it doesn't step all over itself I've added some locking
logic to make sure only one version of the script is running at a time.
Fixes INFRA-513
2015-12-21 15:13:47 -08:00
R. Tyler Croy
81f4dc22e0
Add a note about our dynamic environment issues
2015-12-21 14:19:31 -08:00
R. Tyler Croy
f48d7f2797
Refactor profile::buildslave to use the more polite ensure_packages() function
...
Using ensure_packages() will make sure that the resource is defined, if nobody
else defines it, the function will define it. This helps prevent conflicts with
modules who brazenly define resources
2015-12-18 13:36:18 -08:00
R. Tyler Croy
03f0dae94c
Refactor the infra-puppet purging code into a separate module so it is not unilaterally applied by base
2015-12-18 13:36:18 -08:00
R. Tyler Croy
2bd098101d
Refactor some common code for management out into a diagnostics profile
2015-12-18 12:16:42 -08:00
R. Tyler Croy
66c7b16a61
Merge pull request #179 from rtyler/prep-for-cucumber
...
Add a role for cucumber which will allow it to run the puppet agent
2015-12-18 11:15:40 -08:00
R. Tyler Croy
b84ccb6fc3
Add a role for cucumber which will allow it to run the puppet agent properly
...
I'm intentionally excluding the `base` profile since that will include accounts
and all sorts of other stuff which may conflict with the old "infra-puppet"
By excluding profile::base for now, I can start to test the agent properly with
infra-puppet and all that jazz running side-by-side
References INFRA-176
2015-12-18 11:04:27 -08:00
R. Tyler Croy
7909df5b9d
Add DNS record for the beta site
...
References INFRA-506
2015-12-16 08:21:09 -08:00
R. Tyler Croy
4f2a08f16d
Merge pull request #176 from aheritier/feature/htop
...
Deploy htop package everywhere - http://hisham.hm/htop/ How can you live without it ?
2015-12-16 07:42:16 -08:00
Arnaud Héritier
56a4195407
Deploy htop package everywhere - http://hisham.hm/htop/
2015-12-16 11:37:03 +01:00
R. Tyler Croy
4bd1cad86c
Merge pull request #175 from rtyler/infra-506
...
Static site hosting!
2015-12-15 18:11:49 -08:00
R. Tyler Croy
11044b6b18
Create profile::staticsite for resources which are needed to serve jenkins.io
...
This creates a specific user, with an SSH key for deploying, and the
appropriate directory structure for enabling that user to drop files into the
site directory
References INFRA-506
2015-12-15 17:54:04 -08:00
R. Tyler Croy
74aa8e5353
Every machine in the cluster should be using datadog now
2015-12-15 17:54:04 -08:00
R. Tyler Croy
000ce26838
The only thing harder than testing a Puppet Enterprise master is...
...
Reading the documentation fully before merging code.
2015-12-15 15:41:23 -08:00
R. Tyler Croy
a902dc2557
Upgrade to the latest r10k module
2015-12-15 15:41:23 -08:00
R. Tyler Croy
579466e0e0
This is why you shouldn't multitask
2015-12-15 14:42:28 -08:00
R. Tyler Croy
a7f6a3c6f5
Eschew using datadog::reports which doesn't cooperate with Puppet Enterprise
2015-12-15 14:03:49 -08:00
R. Tyler Croy
046c642167
The last missing piece for puppet run reports to datadog
...
I overlooked this in the documentation last week, whoops!
2015-12-15 07:37:21 -08:00
R. Tyler Croy
27900773b9
Use the appropriate user for the reports from datadog
...
`puppet` doesn't exist in a PE setup, the user is `pe-puppet` instead
2015-12-11 20:19:38 -08:00
R. Tyler Croy
4f5d81a23d
Enable puppet run reports to be fed into datadog
2015-12-11 14:53:46 -08:00
R. Tyler Croy
dd21852407
Merge pull request #168 from rtyler/infra-511
...
Add docker monitoring into datadog
2015-12-11 13:59:11 -08:00
R. Tyler Croy
f1a4f9ff2d
Incorporate the docker datadog integration into profile::docker
...
This should report some basic docker data into our datadog account
References INFRA-511
2015-12-11 13:47:49 -08:00
R. Tyler Croy
df52c70e84
Eggplant is behaving as an apache webserver now
2015-12-11 10:55:06 -08:00
R. Tyler Croy
1a27dc9cef
Properly provision the keepalive setting for Apache
...
This has been causing eggplant provisioning to fail because it's using a newer
version of Apache, which properly fails `apachectl configtest` on an invalid
value for KeepAlive (2.4) whereas the previous version (2.2) gleefully ignored
it.
tyler@eggplant:~$ apachectl -v
Server version: Apache/2.4.7 (Ubuntu)
Server built: Oct 14 2015 14:20:21
tyler@eggplant:~$ ^C
tyler@eggplant:~$ apachectl -v
Server version: Apache/2.4.7 (Ubuntu)
Server built: Oct 14 2015 14:20:21
tyler@eggplant:~$ apachectl configtest
AH00526: Syntax error on line 10 of /etc/apache2/apache2.conf:
KeepAlive must be On or Off
Action 'configtest' failed.
The Apache error log may have more information.
tyler@edamame:~$ apachectl -v
/usr/sbin/apachectl: 87: ulimit: error setting limit (Operation not permitted)
Server version: Apache/2.2.22 (Ubuntu)
Server built: Mar 19 2014 21:11:15
tyler@edamame:~$ apachectl configtest
/usr/sbin/apachectl: 87: ulimit: error setting limit (Operation not permitted)
Warning: DocumentRoot [/srv/jira/docroot] does not exist
Warning: DocumentRoot [/srv/jira/docroot] does not exist
Syntax OK
Turns out this is a subtle, cute, behavior from hiera detailed in https://tickets.puppetlabs.com/browse/MODULES-2147
This is because when Hieradata gets interpolated, it interprets the words
'on', 'yes', 'no', 'off' into booleans.
2015-12-11 10:36:35 -08:00
R. Tyler Croy
aa62c33f6b
Reduce the verbosity of gem installs
2015-12-10 14:32:41 -08:00
R. Tyler Croy
01a05c30bc
Bump to the latest version of our docker module fork to fix a silly bootstrap problem
...
With the current rules set up on Okra in production we get:
Could not set 'present' on ensure: redirection forbidden:
http://get.docker.io/gpg -> https://get.docker.io/gpg at
93:/etc/puppetlabs/puppet/environments/production/modules/apt/manifests/key.pp
Wrapped exception: redirection forbidden: http://get.docker.io/gpg ->
https://get.docker.io/gpg
2015-12-10 14:31:24 -08:00
R. Tyler Croy
fa58d34c5c
Upgrade to the latest forked puppet-irc which has valid Ruby this time >_<
2015-12-09 14:31:22 -08:00
R. Tyler Croy
0a512a1ef3
Begin provisioning eggplant properly
2015-12-09 13:16:21 -08:00
R. Tyler Croy
a3fcee8fc1
Merge pull request #163 from jordane/staging
...
allow bind axfr to oak.osuosl.org (140.211.166.126)
2015-12-09 13:16:11 -08:00
Jordan Evans
b61e0c537c
allow bind axfr to oak.osuosl.org (140.211.166.126)
2015-12-09 11:10:31 -08:00
R. Tyler Croy
27491f2edb
Update all our gems to stay current
2015-12-09 09:28:35 -08:00
R. Tyler Croy
4df0d57789
Merge pull request #162 from rtyler/serverspec-updates
...
Serverspec and development environment updates
2015-12-09 08:34:07 -08:00
R. Tyler Croy
cafb9dd8ef
Working on a thorough Jenkinsfile for the jenkins-infra build/testing needs
2015-12-08 18:46:35 -08:00
R. Tyler Croy
40263aaf83
Update the README with the latest testing processes
2015-12-08 18:46:21 -08:00
R. Tyler Croy
124ce2cb69
Move the repo once again
2015-12-08 18:46:21 -08:00
R. Tyler Croy
bb840b22ad
Include apache, etc on eggplant for future use
2015-12-08 16:33:02 -08:00
R. Tyler Croy
ad427025cb
WIP: Jenkinsfile for building/deploying
2015-12-08 16:16:01 -08:00
R. Tyler Croy
ca33e232c6
Update references to the apachelogcompressor which now omits the troublesome hyphen
2015-12-08 16:01:55 -08:00
R. Tyler Croy
7c7ca6219c
Make minor modifications such that the serverspec tests work with v2
2015-12-08 16:01:55 -08:00
R. Tyler Croy
00cd3fce2c
Modernize the vagrant/serverspec things a bit
2015-12-08 16:01:55 -08:00
R. Tyler Croy
ad1a87d52b
Clean up the zonefile to remove the redundant references to the gherkin name
2015-12-08 10:36:38 -08:00
R. Tyler Croy
22562ff2df
Provision bind on okra to have a third authoritative nameserver
2015-12-08 10:35:32 -08:00
R. Tyler Croy
dbd604ed60
Update some role comments with recent upgrades to capabilities
2015-12-08 10:34:21 -08:00
R. Tyler Croy
4453470429
Introduce eggplant to jenkins-infra management
2015-12-08 10:31:29 -08:00
R. Tyler Croy
277ccfadf7
Make both the pe_gem and pe_puppetserver_gem present.
...
There are still some old modules that need to the `pe_gem` provider to be
installed. All of this will become easier in the next PE server upgrade
References INFRA-502
2015-12-07 09:20:19 -08:00
R. Tyler Croy
c72c37c8af
Move to the new jenkins-keys repository organization
...
This also uses an upgraded module which handles the removal of the pe_gem
provider (see INFRA-502) as well
Fixes INFRA-335
2015-12-07 09:07:08 -08:00
R. Tyler Croy
1c7b60f1fb
Merge pull request #158 from rtyler/infra-502
...
Upgrade the pe_gem provider moduel to the pe_puppetmaster_gem provider
2015-12-01 15:22:44 -08:00
R. Tyler Croy
766b46a119
Upgrade the pe_gem provider moduel to the pe_puppetmaster_gem provider
...
Fixes INFRA-502
It appears that this module
(https://github.com/puppetlabs/puppetlabs-puppetserver_gem ) is what should be
ultimately be used but it appears that under PE 3.7.2 (from my observations)
the $pe_server_version fact is not being implemented which means this branch
won't execute properly:
<0238cfd785/manifests/params.pp (L18)
>
2015-12-01 15:05:41 -08:00
R. Tyler Croy
6e524cbff5
Merge pull request #156 from rtyler/updatezzz
...
Dependency updates
2015-11-30 08:34:36 -08:00
R. Tyler Croy
a16716f569
Upgrade to the latest stdlib module
...
The newer datadog module requires something newer, and we should be using
something more updated anyways
2015-11-30 08:25:56 -08:00
R. Tyler Croy
4b50d9b0f3
Introduce a zonefile check into our CI scripts
...
I've manually tested this rake test locally with a broken zone file, and it
errored out appropriately
This is still a heavy-weight way to do this, but better than nothing
Resolves INFRA-283
2015-11-30 08:25:56 -08:00
R. Tyler Croy
7493c97a9a
Upgrade to the latest puppetlabs_spec_helper, no need for our fork
2015-11-13 16:53:08 -08:00
R. Tyler Croy
87c629922d
lint and test compatibility cleanup
2015-11-13 16:53:02 -08:00
R. Tyler Croy
be32b646a0
Upgrade puppet-lint and pretty much all the other gems for beaker
2015-11-13 16:52:59 -08:00
R. Tyler Croy
47a65464d1
Upgrade to the latest puppet-irc and datadog modules
2015-11-13 15:08:27 -08:00
R. Tyler Croy
4b305c88cb
Merge pull request #154 from jenkins-infra/new-certs
...
New certificate that adds 'updates.cdn.jenkins-ci.org' as an alias
2015-10-23 10:49:08 -07:00
Kohsuke Kawaguchi
403b8081fd
New certificate that adds 'updates.cdn.jenkins-ci.org' as an alias
2015-10-23 10:44:40 -07:00
R. Tyler Croy
3659ab8e5f
Merge pull request #152 from daniel-beck/jenkins-meeting
...
Make robobutler join #jenkins-meeting
2015-08-27 15:32:09 -07:00
Daniel Beck
010f20eddb
Make robobutler join #jenkins-meeting
2015-08-28 00:26:42 +02:00
R. Tyler Croy
679fd1d24e
Merge pull request #150 from jenkins-infra/better-default-role
...
Make new servers automatically assume the default role,
2015-08-22 13:58:51 -07:00
Kohsuke Kawaguchi
276db8db04
Make new servers automatically assume the default role,
...
for example so that you can login as you.
2015-08-05 10:43:44 -07:00
Kohsuke Kawaguchi
1cc0994f00
[FIXED INFRA-298]
...
deploy_all does not exist any more.
2015-08-05 10:38:38 -07:00
Kohsuke Kawaguchi
4fc734ab84
Added cabbage
2015-08-05 10:23:40 -07:00
Kohsuke Kawaguchi
f6a87c9641
Adding a new VM
2015-08-05 10:14:35 -07:00
Kohsuke Kawaguchi
939da12d0c
Merge branch 'disable-maintenance' into staging
2015-08-02 10:44:15 -07:00
Kohsuke Kawaguchi
3daf39ee68
Making lint happy
2015-08-02 10:43:49 -07:00
Kohsuke Kawaguchi
6564c6d2cf
Fixing a test failure take 3
2015-08-02 10:36:23 -07:00
Daniel Beck
b25392d97d
Disable maintenance
2015-08-02 19:20:37 +02:00
Kohsuke Kawaguchi
cbb5ade786
Fixing a test failure take 2
2015-08-01 19:33:25 -07:00
Kohsuke Kawaguchi
0bd50c6f8f
Fixed a test failure in the previous commit
2015-08-01 11:17:03 -07:00
Kohsuke Kawaguchi
cd3d1f0ce4
Fixing puppet failures
...
Accounts are created on every machine, so atlassian-admins group must
also exist everywhere, too.
2015-08-01 06:22:38 -07:00
Kohsuke Kawaguchi
e50045765f
Activate maintenance screen for Wiki, too
2015-07-31 10:59:24 -07:00
Kohsuke Kawaguchi
8fd54f30ab
Apache module doesn't generate 'Listen' instruction
...
... so adding it manually here.
2015-07-31 10:53:30 -07:00
Kohsuke Kawaguchi
446a99ad26
Activate maintenance screen for JIRA
2015-07-31 10:21:52 -07:00
Christopher Orr
edcab5270c
Add SSH public key for orrc.
2015-07-03 08:37:04 -07:00
Kohsuke Kawaguchi
d51f4a2c54
Merge pull request #140 from jenkins-infra/issues/atlassian-admins-307
...
Add atlassian-admins
2015-05-19 18:36:06 -07:00
R. Tyler Croy
9aeefd16b6
Give atlassian-admins to ability to look at some logs and futz with services
2015-05-17 18:20:57 -07:00
R. Tyler Croy
8f6a9b0e04
Introduce the atlassian-admins group
...
Current has no additional permissions
2015-05-16 13:26:58 -07:00
R. Tyler Croy
0f59f6df8f
Ensure we're validating that hosts have HTTP oriented firewall rules in serverspec
...
This includes some other minor refactorings
2015-05-16 12:24:49 -07:00
R. Tyler Croy
7ea346c8c4
Merge pull request #138 from aheritier/patch-2
...
Allow aheritier to logon on jenkins servers
2015-05-12 13:32:13 -07:00
Arnaud Heritier
fb85fc0964
Allow aheritier to logon on jenkins servers
...
Discussed on thread http://lists.jenkins-ci.org/pipermail/jenkins-infra/2015-May/000342.html
2015-05-12 22:18:49 +02:00
R. Tyler Croy
d4a0926831
Merge pull request #128 from jenkins-infra/INFRA-283
...
Have Jenkins perform DNS zone file syntax check
2015-05-10 19:13:20 -07:00
Kohsuke Kawaguchi
8534e2ea78
Merge pull request #135 from jenkins-infra/jira-datadog
...
Datadog monitoring for JIRA
2015-05-05 07:39:43 -07:00
Kohsuke Kawaguchi
a141d5885d
datadg_agent class must be loaded for Service[$datadog_agent::params::service_name] to resolve.
2015-05-05 07:35:26 -07:00
Kohsuke Kawaguchi
feb43ef95b
when the file change, restarts datadog agent
2015-05-05 07:25:50 -07:00
Kohsuke Kawaguchi
484bbc0d2d
Manage checks for JIRA
...
And relax the failure window so that sporadic one-off failures won't get reported as alerts
2015-05-05 07:07:55 -07:00
Kohsuke Kawaguchi
24010b3a1f
[INFRA-297]
...
Looks like puppet apache module disables Keep-Alive by default. Resurrect them.
2015-05-04 23:04:18 -07:00
Kohsuke Kawaguchi
02b63c1c32
YAML syntax error
2015-05-04 22:52:39 -07:00
Kohsuke Kawaguchi
05f29321c7
Added one more HTTP check for Confluence
2015-05-04 22:31:12 -07:00
Kohsuke Kawaguchi
dd52af2871
Merge pull request #131 from jenkins-infra/codify-datadog
...
Codifying Datadog checker definitions from fragments
2015-05-04 22:21:29 -07:00
Kohsuke Kawaguchi
0f7d81346a
Codifying Datadog checker definitions from fragments
2015-05-04 18:42:14 -07:00
Kohsuke Kawaguchi
fb13786233
Merge pull request #129 from jenkins-infra/faster-archives
...
Increasing the bandwidth of archives server
2015-05-03 22:04:34 -07:00
Kohsuke Kawaguchi
c64b4de3b8
DEV@cloud can't do docker, so this can't be a part of CI
...
And no, I can't install bind9utils on the slave either.
2015-05-03 22:03:04 -07:00
Kohsuke Kawaguchi
e52b25d357
Increasing the bandwidth of archives server
...
We are only using about $600/month out of the allowance from Rackspace,
so we can afford to pay $300/month for archives and still come within
the allownce.
2015-05-03 22:00:24 -07:00
Kohsuke Kawaguchi
6c00f8319d
[FIXED INFRA-283]
...
Added rake task to perform syntax check on DNS zone file, and have
Jenkins test it all the time.
2015-05-03 19:07:37 -07:00
Kohsuke Kawaguchi
a24d674943
Fixed a test failure
2015-05-03 08:37:34 -07:00
Kohsuke Kawaguchi
34d17abdc4
Merge pull request #123 from jenkins-infra/jira-6.4.2
...
Upgrade JIRA to 6.4.2
2015-05-03 08:33:46 -07:00
Kohsuke Kawaguchi
3ffe02ec84
Apache only recognizes *.conf
...
... so to make this less error prone, create this with the '.conf' extension so that 'ln -s ../sites-available/issues.jenkins-ci.org.maintenance.conf' would create a valid file in the 'sites-enabled' directory.
2015-05-03 08:20:48 -07:00
Kohsuke Kawaguchi
b53cb3c6f0
Removing other recurse
...
See 58c9dcb3a5
2015-05-03 08:09:02 -07:00
Kohsuke Kawaguchi
58c9dcb3a5
recurse tries to manage files in the directory.
...
I thought it was for creating parent directories recursively. Ouch.
2015-05-03 07:52:51 -07:00
R. Tyler Croy
415e720c68
Remove a puppet module which doesn't exist any more :/
...
It looks like we don't use it anyways, so...
2015-05-03 07:41:03 -07:00
Kohsuke Kawaguchi
e749ba71bf
Merge pull request #122 from jenkins-infra/maintenance
...
Prepare apache conf for maintenance mode
2015-05-03 07:11:18 -07:00
Kohsuke Kawaguchi
0976adae88
Upgrade JIRA to 6.4.2
...
See notes at
https://github.com/jenkins-infra/jira/blob/master/UPGRADE.md
2015-05-02 22:35:38 -07:00
Kohsuke Kawaguchi
e0c5c5df00
Prepare maintenance UI for Confluence as well
2015-05-02 22:29:14 -07:00
Kohsuke Kawaguchi
d0ca125df7
Generate apache conf for maintenance screen
2015-05-02 22:28:32 -07:00
R. Tyler Croy
0a154bcf67
Remove puppet_rnu_reports which fail in production
...
We need a better means of enabling the puppet agent reporting
2015-04-27 14:38:21 -07:00
R. Tyler Croy
b424e79c31
Whoops, forgot to enable indexes for the crawler
2015-04-27 11:50:47 -07:00
R. Tyler Croy
12dd840739
Disable redirection from archives to mirrors so we can scan it as a mirror
...
See https://gist.github.com/kohsuke/2103f6085663391a6c88 for more details
2015-04-27 11:32:55 -07:00
R. Tyler Croy
efd91bad1b
Run the puppet agent reports from the master
2015-04-26 18:29:45 -07:00
R. Tyler Croy
a922ceead8
Enable mcollective agents to connect back to the puppet master
2015-04-26 14:35:56 -07:00
R. Tyler Croy
12ff969b15
Update toe the latest puppet-irc reporter which supports configurable timeouts
...
This should help get our reports published to the IRC channel more reliably
2015-04-26 13:42:03 -07:00
R. Tyler Croy
2b5603b6d4
Remove comment which is no-longer applicable
2015-04-26 12:10:28 -07:00
R. Tyler Croy
c50e0f8578
Turns out the pe-mcollective resource is already declared =_=
...
This is so incredibly tedious.
Error: Could not retrieve catalog from remote server: Error 400 on SERVER:
Duplicate declaration: Service[pe-mcollective] is already declared in file
/etc/puppetlabs/puppet/environments/staging/dist/profile/manifests/puppetmaster.pp:71;
cannot redeclare at
/opt/puppet/share/puppet/modules/puppet_enterprise/manifests/mcollective/service.pp:6
on node jenkins-puppet.osuosl.org
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
2015-04-26 11:32:20 -07:00
R. Tyler Croy
f9edf6b721
Upgrade the r10k module to work better with more recent versions of PE
...
This commit also adds the pe-mcollective service which we'll want
2015-04-26 11:25:53 -07:00
R. Tyler Croy
8a91b3b4f7
Add the Service[pe-puppetserver] resource by default
...
Since it's apparently not in the master's catalogue automagically
2015-04-26 11:10:24 -07:00
R. Tyler Croy
a0b60289a9
On Puppet Enterprise 3.7 we need to notify the pe-puppetserver service
2015-04-25 17:24:37 -07:00
Kohsuke Kawaguchi
790c2787f6
syntax error
2015-04-25 11:56:54 -07:00
Kohsuke Kawaguchi
72ed5b6a62
Merge pull request #109 from jenkins-infra/post-jira-migration
...
[INFRA-279] welcome to new JIRA on edamame
2015-04-25 11:31:43 -07:00
Kohsuke Kawaguchi
562bb32cae
Deploy new JIRA that fixes attachment problems
2015-04-25 11:03:22 -07:00
Kohsuke Kawaguchi
4b2157975a
Merge pull request #110 from jenkins-infra/jira-switch-to-prod-db
...
[INFRA-279] switch JIRA to production DB
2015-04-25 10:44:19 -07:00
Kohsuke Kawaguchi
66c2d9de5f
Merge pull request #108 from jenkins-infra/jira-low-ttl
...
[INFRA-279] DNS TTL reduction for JIRA
2015-04-24 07:23:17 -07:00
Kohsuke Kawaguchi
6d449c8035
[INFRA-279]
...
Prior to migration, tear down temporary DB and reconfigure JIRA
container to talk to production DB.
2015-04-18 22:10:35 -07:00
Kohsuke Kawaguchi
b3045dc0d5
[INFRA-279] When migration is complete, edamame is new issues.jenkins-ci.org
2015-04-18 15:12:22 -07:00
Kohsuke Kawaguchi
e1d25a5566
[INFRA-279]
...
Reduce TTL for issues.jenkins-ci.org in preparation of the migration.
2015-04-18 15:04:06 -07:00
Kohsuke Kawaguchi
0c354e3d71
Merge pull request #106 from jenkins-infra/INFRA-279
...
[INFRA-279] JIRA migration next step
2015-04-18 14:57:24 -07:00
Kohsuke Kawaguchi
5c98b894b7
Bug fix based on vagrant.
...
Serverspect test needs to be relaxed a bit, because the JIRA container
will start in the setup UI.
2015-04-18 14:53:46 -07:00
Kohsuke Kawaguchi
27c8271a73
connect to test database instance
2015-04-18 14:44:02 -07:00
Kohsuke Kawaguchi
5ab68e180c
This image adds more memory to JIRA
2015-04-18 14:42:43 -07:00
Kohsuke Kawaguchi
27030e4ab4
[INFRA-279]
...
Next step toward JIRA migration.
Runs the actual JIRA container on edamame, with real LDAP backend but
with fake DB.
This lets us verify more things before we do the production switch over.
2015-04-18 14:05:54 -07:00
R. Tyler Croy
b8dad70d23
Open up apache in the firewall if it's installed
2015-04-13 14:05:37 -07:00
R. Tyler Croy
5bab7c06ee
Allow puppet agent traffic to pass through to the master
...
Missed this in the hub-ub on Saturday when we locked down the master. Forgot
that agents don't use port 443 like the web console for accessing catalogues
2015-04-13 08:02:19 -07:00
R. Tyler Croy
4f7965c1d5
Revert "[INFRA-261] As a stop gap measure, going through proxy on eggplant to access MySQL."
...
This reverts commit 4e914b0024
.
2015-04-13 07:05:49 -07:00
R. Tyler Croy
29b40a6486
Allow webhooks from github through too
2015-04-11 20:16:03 -07:00
R. Tyler Croy
aa920cd7b4
Wouldn't it be nice to see the dashboard again
2015-04-11 19:46:27 -07:00
Kohsuke Kawaguchi
48790d45e9
Really switch wiki from eggplant to confluence.
2015-04-11 12:01:43 -07:00
Kohsuke Kawaguchi
a2b49a7ed8
Enable mod_status and have datadog at it
2015-04-11 11:46:32 -07:00
Kohsuke Kawaguchi
0a611a2a19
Deploy newer confluence image that has more memory allocation in it
2015-04-11 11:35:27 -07:00
Kohsuke Kawaguchi
decbd8601e
Merge pull request #97 from jenkins-infra/confluence-firewall
...
Confluence firewall related changes
2015-04-11 11:22:22 -07:00
R. Tyler Croy
b2bf30f817
Allow inter container traffic on the docker0 interface
2015-04-11 11:21:29 -07:00
Kohsuke Kawaguchi
032142f32d
Go through docker host's internal IP
...
Hard coding this isn't ideal, but it looks stable enough.
This way hopefully it's less likely to interfere with iptables that are
going to block traffic from outside.
See https://github.com/docker/docker/issues/1143
2015-04-11 11:06:03 -07:00
R. Tyler Croy
15b7f0c722
Open up port 80 and 443 in the Confluence profile
...
Otherwise, what's the point right
2015-04-11 10:55:29 -07:00
R. Tyler Croy
7712c61720
Ensure all hosts are dropping request to ports not explicitly opened
...
Caught this while auditing hosts during the confluence migration, oversight on
my part, whoops!
2015-04-11 10:55:00 -07:00
Kohsuke Kawaguchi
c142156c34
Revert "Switch wiki from eggplant to confluence."
...
This reverts commit 28fa537eec
.
Not yet ready to switch the production traffic over.
2015-04-11 10:41:33 -07:00
Kohsuke Kawaguchi
d388ccc535
container linking doesn't work.
...
When the backend restarts, the cache doesn't get its new IP.
This is not only a problem during the configuration changes, but automatic restart of Confluence in case it's dead.
So going back to routing requests through the main interface.
2015-04-11 10:39:17 -07:00
R. Tyler Croy
42ebce1b5a
Merge pull request #91 from jenkins-infra/confluence-post-migration
...
DO NOT MERGE YET [INFRA-261] switch wiki to lettuce
2015-04-11 10:26:23 -07:00
Kohsuke Kawaguchi
4e914b0024
[INFRA-261] As a stop gap measure, going through proxy on eggplant to access MySQL.
2015-04-11 10:12:02 -07:00
R. Tyler Croy
d87e3686ac
Include lettuce and its subnet in the SPF records
2015-04-11 09:43:30 -07:00
Kohsuke Kawaguchi
0eb0ecee30
Merge pull request #90 from jenkins-infra/confluence
...
[INFRA-261] Production switch-over
2015-04-11 09:36:32 -07:00
Kohsuke Kawaguchi
53fc6cad1b
Switching Confluence container to UID/GID=2000
...
This avoids the conflict with existing UID/GID. See
http://lists.jenkins-ci.org/pipermail/jenkins-infra/2015-April/000297.html
2015-04-06 21:41:27 -07:00
Kohsuke Kawaguchi
28fa537eec
Switch wiki from eggplant to confluence.
2015-04-05 22:35:57 -07:00
Kohsuke Kawaguchi
9a689ecb20
[INFRA-261] Production switch-over
...
This change makes confluence container talks to the production DB, and
shutdowns the temporary mariadb container.
2015-04-05 22:29:06 -07:00
Kohsuke Kawaguchi
e745452a86
Confluence container has hard-coded UID/GID.
...
This isn't ideal, as it gives random user/group access to the data, but there's not much we can do about it, and all the users on the box are more than somewhat trusted anyway.
2015-04-05 21:08:11 -07:00
Kohsuke Kawaguchi
82d119cc76
If confluence changes, make sure to restart confluence-cache as well
2015-04-05 21:01:33 -07:00
Kohsuke Kawaguchi
4a0c76e036
apparently '\n' produces two letters \ and n, not NL.
2015-04-05 21:01:33 -07:00
Kohsuke Kawaguchi
9809d2cf65
Update confluence image
...
build4 had a bug that it was trying to talk to ldap.jenkins-ci.org via LDAP. build5 fixes that.
2015-04-05 18:31:42 -07:00
Kohsuke Kawaguchi
535b109678
Adding another volume to okra
...
archives area has grown past 150GB, and it's blocking UC.
2015-04-05 15:31:31 -07:00
Kohsuke Kawaguchi
2bc85d8013
Merge pull request #85 from jenkins-infra/confluence
...
Confluence migration step 2
2015-04-02 18:01:46 -07:00
Kohsuke Kawaguchi
4f4d9318ff
docker::run.command is apparently mandatory.
2015-04-02 08:08:40 -07:00
Kohsuke Kawaguchi
29fc9330e3
This entry is only for mock-webapp.
...
Confluence won't need it.
2015-04-02 08:06:07 -07:00
Kohsuke Kawaguchi
48999796e7
[INFRA-261] Confluence migration step 2
...
PR #78 has been deployed in production. Along with a few additional
changes, the virtual host setup has been validated.
As the next step, this change runs a real Confluence instance with real
LDAP, except with a fake database.
This way we can test the behaviour of confluence container.
2015-04-01 23:34:51 -07:00
Kohsuke Kawaguchi
283d705185
Safely feed LDAP password into a container
...
Passing it as a command line argument would make the password visible to
ps(1), so we need to go via --env-file.
The change in garethr/docker adds this support
2015-04-01 23:18:37 -07:00
Kohsuke Kawaguchi
b24d995bf4
Apparently if I didn't specify $port, $name (and not $vhost_name) gets used for <VirtualHost HOSTPORT> part.
...
Just reinforces my conviction described in
ea76b290c0
2015-04-01 22:33:15 -07:00
Kohsuke Kawaguchi
00d30b67b8
following this guide to try to see why file backup now fails
...
https://docs.puppetlabs.com/pe/latest/trouble_comms.html
I get "Could not back up ... getaddrinfo: Name or service not known" error
2015-04-01 22:20:37 -07:00
Kohsuke Kawaguchi
f48ef71167
Let apache module enable the mod
2015-04-01 21:56:04 -07:00
Kohsuke Kawaguchi
0934ebe5ec
JIRA version of ea76b290c0
2015-04-01 21:54:36 -07:00
Kohsuke Kawaguchi
59c17d8f1d
SSL module needs to be activated explicitly.
2015-04-01 21:49:44 -07:00
Kohsuke Kawaguchi
df5e4e1aa2
datadog-agent specifies ruby 0.2.0 as the dependency.
...
So to satisfy that constraint, we need to use 0.2.0. According to the
changelog of puppetlabs/ruby, 0.2.0 and 0.2.1 is a metadata-only change,
so this is hopefully OK.
2015-04-01 21:41:17 -07:00
Kohsuke Kawaguchi
0aa9a0d09f
lettuce now needs to deploy the SSL key for wiki.jenkins-ci.org
2015-04-01 21:31:30 -07:00
Kohsuke Kawaguchi
ea76b290c0
fixed a confluence virtual host setting.
...
vhost_name sets the host name part of <VirtualHost HOST:PORT> directive, which makes virtual host only applicable when the request comes through IP address that HOST refers to.
Tests failed to catch this because serverspec makes curl call from within, which means the request was coming from 127.0.0.1 that host name 'wiki.jenkins-ci.org' was resolving to on this box.
Also removing "ssl => true" because it tries to set the certificate path & server key path. Given the way SSL works, trying to configure such information inside VirtualHost really doesn't make sense. See [1] for more info.
I still remain wholly unconvinced about the way puppet handles apache configuration files. I'd much rather write a per-site *.conf file directly by hand than learning how puppet maps those to parameters and how they get translated into the *.conf files. It's neither particularly readable or writable. But oh well.
[1] https://wiki.apache.org/httpd/NameBasedSSLVHosts
2015-04-01 21:31:10 -07:00
Kohsuke Kawaguchi
260492b4f1
Pick up another fix to garethr/docker module
2015-04-01 20:39:29 -07:00
Kohsuke Kawaguchi
59f2e7237d
Merge pull request #78 from jenkins-infra/confluence
...
Containerized Confluence deployment
2015-03-31 18:45:28 -07:00
Kohsuke Kawaguchi
a2c3439022
Merge pull request #77 from jenkins-infra/sslcert
...
Tracking all the certificates here
2015-03-31 18:45:06 -07:00
Kohsuke Kawaguchi
94df092429
Adding the key & cert for cucumber
...
... while we are at it, for better bus factor and etc.
2015-03-30 22:01:22 -07:00
Kohsuke Kawaguchi
e83acc621b
Replaced the bogus key with the actual key.
...
This hiera-yaml encrypted private key is the actual production key used
in eggplant.jenkins-ci.org
2015-03-30 21:58:14 -07:00
Kohsuke Kawaguchi
db5228b2a5
handy tip to just rerun serverspec
2015-03-30 21:54:18 -07:00
Kohsuke Kawaguchi
841c973789
remove dependencies between tests
...
serverspec can randomize execution order of tests. if access log check happens before any requests are sent to Apache, it'll fail.
So for consistent results, insert this as an assertion on another test.
2015-03-30 21:54:18 -07:00
Kohsuke Kawaguchi
8e42c8c7a5
Fixing the way container start/stop is handled.
...
See
2e87e66e1a
2015-03-30 21:54:18 -07:00
Kohsuke Kawaguchi
0309c344da
Initial (mock) confluence deployment
...
This change deploys confluence + confluence-cache containers on lettuce, except that instead of real confluence, this version deploys a mock version.
2015-03-30 21:54:18 -07:00
Kohsuke Kawaguchi
98fd415ed9
documenting the rake task
2015-03-30 21:53:52 -07:00
Kohsuke Kawaguchi
ba414abff3
Defining a rake task to reflect changes made in Puppetfile/.fixtures.yml
2015-03-30 21:23:11 -07:00
Kohsuke Kawaguchi
b418287f9b
followup fix to 928bc3791e
...
This vhost has unusual name, so it needs servername.
2015-03-30 19:33:46 -07:00
Kohsuke Kawaguchi
d740ef357a
Deploy package first to ensure /etc/apache2 exists
2015-03-30 19:33:46 -07:00
R. Tyler Croy
dc2b6d220a
Merge pull request #76 from jenkins-infra/datadog
...
Deploy datadog node to every node
2015-03-30 07:52:03 -07:00
Kohsuke Kawaguchi
07218227ef
These settings are generated by Puppet, so no need to have them here.
2015-03-29 21:58:45 -07:00
Kohsuke Kawaguchi
928bc3791e
I had servername and vhost_name mixed up.
...
vhost_name controls the name-based virtual host. servername is defaulted to the resource name, so no need to specify it again
2015-03-29 21:35:53 -07:00
Kohsuke Kawaguchi
d6f59be465
Fix the container name for humans
2015-03-29 20:33:06 -07:00
Kohsuke Kawaguchi
a640cd831e
Deploy datadog node to every node
2015-03-29 20:11:19 -07:00
Kohsuke Kawaguchi
a0027f7609
Merge branch 'jira' into staging
...
This merges pull request #74
Conflicts:
dist/role/manifests/edamame.pp
hieradata/common.yaml
2015-03-29 19:45:03 -07:00
Kohsuke Kawaguchi
1a03df3f6f
Merge pull request #75 from jenkins-infra/sslcert
...
[INFRA-41] manage SSL private key & certificate
2015-03-29 19:43:30 -07:00
Kohsuke Kawaguchi
dbd4d30c8c
Renamed ssl-cert to apache-cert to address review by rtyler
2015-03-28 23:11:23 -07:00
Kohsuke Kawaguchi
e9026fc332
adding a link to the container repo
2015-03-28 23:05:27 -07:00
Kohsuke Kawaguchi
d4106fba36
describing the intent of this
2015-03-28 23:05:17 -07:00
Kohsuke Kawaguchi
11c0a52f50
Managing SSL certificates & private keys in Puppet
...
Real private key will be managed with hiera-eyaml, but private key used
with bogus self-signed certificate for vagrant need not be (and cannot
be) secured.
Just in case I'm doing something really stupid, the current
'profile::ssl-cert::secret-key-wiki-jira' entry is a bogus private key,
which is nonetheless safe to merge because edamame currently doesn't
serve https.
If this use of multiline string in hiera-eyaml is validated, I'll
replace the entry with the real private key.
2015-03-28 17:02:03 -07:00
Kohsuke Kawaguchi
1e911ffa09
install hiera-eyaml
...
so that ./hieradata/edit doesn't require externally installed tools.
2015-03-28 15:57:43 -07:00
Kohsuke Kawaguchi
baa5eb3986
When a configuration changes, restart the service
2015-03-28 15:32:26 -07:00
Kohsuke Kawaguchi
9f8f7989e3
test access log
2015-03-28 14:46:09 -07:00
Kohsuke Kawaguchi
79d6b7c20b
Test access to JIRA through Apache
2015-03-28 14:46:09 -07:00
Kohsuke Kawaguchi
44379d3632
Bug fixes driven by serverspec test
...
Parent directories need to be created recusively, and mod_proxy is
needed to forward to JIRA.
2015-03-28 14:20:43 -07:00
Kohsuke Kawaguchi
45c9ab2558
1.0.2 doesn't resolve for me, but 1.0.3 does.
...
% puppet module --modulepath '/home/kohsuke/ws/jenkins/infra/jenkins-infra/modules' install --version=1.0.2 --ignore-dependencies rtyler/groovy
Notice: Preparing to install into /home/kohsuke/ws/jenkins/infra/jenkins-infra/modules ...
Notice: Downloading from https://forge.puppetlabs.com ...
Error: Could not install module 'rtyler-groovy' (v1.0.2)
No version of 'rtyler-groovy' will satisfy dependencies
You specified 'rtyler-groovy' (v1.0.2)
Use `puppet module install --force` to install this module anyway
2015-03-28 14:20:43 -07:00
Kohsuke Kawaguchi
881ecaebac
deleted unresolvable symlnks that will make rsync fail.
...
modules/account/.travis.yml has incorrect link target, and this blows up
when vagrant tries to rsync files as it tries to resolves symlinks.
2015-03-28 14:20:14 -07:00
Kohsuke Kawaguchi
08b3c16f62
Unless vagrant runs in bundler, it won't autoload plugins.
...
This got me confused for a while.
2015-03-28 14:19:17 -07:00
Kohsuke Kawaguchi
1f49cddc72
Added unit test and used that to fix jira profile.
2015-03-28 11:39:37 -07:00
Kohsuke Kawaguchi
036962dfa1
Added JIRA profile
2015-03-28 11:16:57 -07:00
Kohsuke Kawaguchi
89994497ee
Using the consistent short vegetable names to name hosts.
2015-03-24 11:17:45 -07:00
Kohsuke Kawaguchi
d6dd8558f7
Update README.md
...
Looks like the documentation has moved.
2015-03-24 10:37:20 -07:00
R. Tyler Croy
114acf3a59
Merge pull request #71 from jenkins-infra/INFRA-231
...
[INFRA-231]
2015-03-02 13:50:22 -08:00
Kohsuke Kawaguchi
414ec670ff
[INFRA-231]
...
Build #41 contains the fix we need to authenticate `jenkins-admin` against nickserv.
2015-03-02 13:30:04 -08:00
R. Tyler Croy
3a8413ba02
Merge pull request #69 from oleg-nenashev/staging
...
Update IRCBot to build40
2015-01-28 08:40:34 -08:00
Oleg Nenashev
f7ac49e283
Update IRCBot to build40
...
* https://github.com/jenkins-infra/ircbot/pull/20 from @christ66
2015-01-28 19:21:08 +03:00
R. Tyler Croy
d2d5016da9
Merge pull request #67 from jenkins-infra/danielbeck
...
Giving access to daniel beck
2015-01-21 12:50:16 -08:00
Kohsuke Kawaguchi
7e8d43dfbc
Giving access to daniel beck
2015-01-21 12:14:28 -08:00
R. Tyler Croy
4f52ffd9fe
Add byebug as the debugger when running Ruby 2.x
2014-12-26 13:13:08 -08:00
R. Tyler Croy
c5f17168cb
Merge pull request #64 from oleg-nenashev/staging
...
Update IRCBot to build38
2014-10-30 10:46:37 -07:00
Oleg Nenashev
73f3f21add
Update IRCBot to build38
...
Features:
* A command, which renames GitHub repos (INFRA-193)
* Parametrization fixes (INFRA-146)
2014-10-30 20:23:42 +03:00
Kohsuke Kawaguchi
99db5ae19b
Redirect was redirecting everything, not just the top page
...
I always forget that 'Redirect' is a prefix match, not the whole match. So it resulted in every access sent back to the mirror controller machine. This change fixes that.
2014-10-17 08:02:45 -07:00
Kohsuke Kawaguchi
f2f5d40373
Merge pull request #61 from jenkins-infra/archives
...
[INFRA-102] Don't serve index. Let people start from the 'mirrors' server.
2014-10-10 10:22:01 -07:00
Kohsuke Kawaguchi
7589df0fdb
Don't serve index. Let people start from the 'mirrors' server.
2014-10-10 09:58:39 -07:00
Kohsuke Kawaguchi
c3aa594d45
Merge pull request #59 from jenkins-infra/archives
...
[INFRA-102] Publishing archives into DNS
2014-10-10 09:41:39 -07:00
Kohsuke Kawaguchi
0696f20f5f
[INFRA-102] Publishing archives into DNS
2014-10-10 09:39:01 -07:00
Kohsuke Kawaguchi
722f981ec6
Merge pull request #57 from jenkins-infra/archives
...
[INFRA-102] archives.jenkins-ci.org wave #2
2014-10-10 09:23:44 -07:00
Kohsuke Kawaguchi
77b60845dc
Expand to the full size of the volume
2014-10-10 09:14:55 -07:00
Kohsuke Kawaguchi
bed760dae2
[INFRA-102] removing a remnant of the earlier experiment that didn't work out
2014-10-09 17:27:41 -07:00
Kohsuke Kawaguchi
195f56cf4e
noting what this machine is about
2014-10-09 17:26:35 -07:00
R. Tyler Croy
ec5415317c
Merge pull request #55 from oleg-nenashev/staging
...
Update to ircbot-build35 , which definitely has the correct version file
2014-10-09 11:21:44 -07:00
Oleg Nenashev
f2dd70e17a
Update to ircbot-build35 , which definitely has the correct version file
...
Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>
2014-10-09 22:13:32 +04:00
R. Tyler Croy
3c3daf5b4e
Merge pull request #53 from oleg-nenashev/staging
...
Update to ircbot-build34 to resolve INFRA-142, INFRA-146 nad INFRA-135
2014-10-09 06:34:44 -07:00
Oleg Nenashev
8f9d7252ef
Update to ircbot-build34 to resolve INFRA-142, INFRA-146 nad INFRA-135
...
Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>
2014-10-09 15:46:04 +04:00
R. Tyler Croy
a43e0352b6
Rely on notifying the Service['docker-ircbot'] resource for ircbot restarts
...
[INFRA-145]
2014-09-27 13:04:02 -07:00
Kohsuke Kawaguchi
5b86f892d2
Merge pull request #50 from oleg-nenashev/staging
...
[INFRA-135] - Update IRC Bot to build 30 (fixes for "version" command)
2014-09-25 13:41:09 -07:00
Oleg Nenashev
866af7a767
[INFRA-135] - Update IRC Bot to build 135 (fixes for "version" command)
...
Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>
2014-09-26 00:08:39 +04:00
R. Tyler Croy
b76048548a
I think it's safe to say that this is no longer a work in progress
2014-09-24 18:05:25 -07:00
R. Tyler Croy
51aff3274c
Merge pull request #48 from rtyler/lettuce-dns
...
Adding the new lettuce A record
2014-09-24 17:58:34 -07:00
R. Tyler Croy
92f33a1a87
Adding the new lettuce A record
2014-09-24 16:22:30 -07:00
R. Tyler Croy
5eb184bce1
Merge pull request #46 from oleg-nenashev/staging
...
Update IRC bot to build25
2014-09-24 15:39:00 -07:00
Oleg Nenashev
0088ae9ef1
Update IRC bot to build25
...
Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>
2014-09-25 02:23:31 +04:00
R. Tyler Croy
13370b8f5c
Merge pull request #44 from rtyler/provision-lettuce
...
Add the newly created OSUOSL VM `lettuce`
2014-09-24 13:47:03 -07:00
R. Tyler Croy
d26360a843
Add the newly created OSUOSL VM `lettuce`
2014-09-24 13:24:16 -07:00
R. Tyler Croy
9b85054693
Merge pull request #43 from oleg-nenashev/staging
...
[INFRA-107,INFRA-139] - Update IRC bot to build24
2014-09-24 13:18:54 -07:00
Oleg Nenashev
21b2083c53
[INFRA-107,INFRA-139] - Update IRC bot to build24
...
Signed-off-by: Oleg Nenashev <o.v.nenashev@gmail.com>
2014-09-25 00:10:53 +04:00
R. Tyler Croy
ad051caf4e
Merge pull request #41 from oleg-nenashev/staging
...
[INFRA-107 and INFRA-135] Update Jenkins IRC bot to build20
2014-09-21 13:58:16 -07:00
Oleg Nenashev
532a53d544
[INFRA-107 and INFRA-135] Update Jenkins IRC bot to build20
2014-09-21 21:53:29 +01:00
R. Tyler Croy
dd3a9ed564
Change the .github file ONE MORE TIME and hope it works
...
This is why having documentation and reproducible infrastructure is important people
2014-09-21 12:03:33 -07:00
R. Tyler Croy
e5ab2c049d
Upgrade to the latest ircbot container which pins the user ID for permissions
2014-09-21 11:54:59 -07:00
R. Tyler Croy
4d3e028528
Properly notify/restart the docker ircbot container when we're modifying its confg
2014-09-21 10:55:27 -07:00
R. Tyler Croy
39737f8da2
Merge pull request #38 from jenkins-infra/INFRA-129
...
[INFRA-129] follow up changes
2014-09-21 10:46:45 -07:00
Kohsuke Kawaguchi
c85dd9bd41
Protect these sensitive files from the eyes of random users
2014-09-21 09:39:30 -07:00
Kohsuke Kawaguchi
e81bff264e
Adding the password of the jenkinsadmin user on GitHub
...
... in case someone needs to go generate tokens again. IRCbot uses OAuth
token and not the password
2014-09-21 09:37:51 -07:00
Kohsuke Kawaguchi
cdab29d19a
Correct keyword was 'oauth' not 'token'
2014-09-21 09:36:58 -07:00
R. Tyler Croy
b73e174b45
Merge pull request #36 from jenkins-infra/INFRA-129
...
Manage and run jenkins-admin in Docker
2014-09-20 18:24:14 -07:00
R. Tyler Croy
922ad39d38
Fix some silly lint warnings
2014-09-20 18:23:21 -07:00
R. Tyler Croy
272fbe3153
Map the private files for the ircbot into the docker container
2014-09-20 18:20:25 -07:00
R. Tyler Croy
0d36a4f7d1
Add the jenkinsadmin profile for running the ircbot docker container
...
Fixes INFRA-129
2014-09-20 15:45:18 -07:00
R. Tyler Croy
472242c00d
Switch to a new 12.04 Puppet/Docker AMI
...
The old one apparently forgot how to puppet and docker properly. Not even sure
how that happened.
2014-09-20 15:22:07 -07:00
Kohsuke Kawaguchi
f9e963a4a2
[INFRA-129] Added credentials used by 'jenkins-admin' IRC bot
2014-09-17 09:44:32 -07:00
R. Tyler Croy
871296d124
Upgrade r10k to 1.2.4 which should fix module downgrades
...
See adrienthebo/r10k#188
2014-09-14 21:43:59 -07:00
R. Tyler Croy
d400e1c410
Roll back to inifile 1.0.3 due to a bug in 1.1.3
...
See: <https://tickets.puppetlabs.com/browse/ENTERPRISE-323 >
Looks like somebody didn't respect semantic versioning!
2014-09-14 16:34:22 -07:00
R. Tyler Croy
6645523f65
Upgrade a number of puppetlabs-based modules to their current supported versions
2014-09-14 15:36:25 -07:00
R. Tyler Croy
f2975074b2
Pin the version of the keys we'll use
2014-09-14 15:01:34 -07:00
R. Tyler Croy
3f0f4570c9
Ignore all kinds of vim related mess
2014-09-13 16:08:46 -07:00
R. Tyler Croy
63645239a0
Upgrade to puppetlabs/apt 1.6.0 which supports Ubuntu 14.04 properly
2014-09-13 15:51:07 -07:00
R. Tyler Croy
3b7e893db6
Adding okra's A record
2014-07-28 11:13:28 -07:00
R. Tyler Croy
a8f58a13ce
Minor whitespace fix
2014-07-12 13:32:59 -07:00
R. Tyler Croy
f61b33e79c
Refactor apache_misc into apache-misc and move SSH settings into that class
...
Since we may incorporate profile::apache-misc into a number of different
profiles, ssh_enabled defaults to false so the consuming class has to
explicitly decide to drop the SSH pubkeys into /var/www
2014-07-12 13:28:05 -07:00
R. Tyler Croy
258a0544c5
Tidy up the archives profile
2014-07-12 13:10:24 -07:00
R. Tyler Croy
1ab78742ff
Merge pull request #31 from jenkins-infra/apache-misc
...
Define misc. apache settings
2014-07-12 11:35:56 -07:00
R. Tyler Croy
e7440e639d
Merge pull request #32 from jenkins-infra/archives
...
[INFRA-102] Adding archives.jenkins-ci.org
2014-07-12 11:35:15 -07:00
Kohsuke Kawaguchi
16ca13c342
Here's hoping this would make lint happy
2014-07-11 15:24:44 -07:00
Kohsuke Kawaguchi
542f13c4f7
Updating the test
...
Looks like the apache module uses the name 'httpd' for everything but
set the name attribute differently.
Feels bit too much like testing the internals. Perhaps I should just
check contain_class("apache")
2014-07-11 14:44:56 -07:00
Kohsuke Kawaguchi
39bce0af5c
Leaving a TODO comment
2014-07-07 21:12:34 -07:00
Kohsuke Kawaguchi
b5bb8c808a
These parameters are unused now
2014-07-07 21:11:28 -07:00
Kohsuke Kawaguchi
e5e70b36d6
Externalized LVM setting as hiera config
2014-07-07 21:09:32 -07:00
Kohsuke Kawaguchi
f2a7390929
To test this better, added a fake block device during vagrant run.
...
LVM config is made customizable.
2014-07-07 20:49:46 -07:00
Kohsuke Kawaguchi
eabdf11b54
added serverspec test
2014-07-07 20:34:53 -07:00
Kohsuke Kawaguchi
af0e735439
Added instructions as to how to launch a serverspect test
2014-07-07 20:30:14 -07:00
Kohsuke Kawaguchi
709a4f162c
Light test as a touch up
2014-07-07 20:10:25 -07:00
Kohsuke Kawaguchi
9992af1961
disable directory indexing
2014-07-07 19:54:15 -07:00
Kohsuke Kawaguchi
a074b74300
documenting the bandwidth throttling scheme
2014-07-07 19:48:51 -07:00
Kohsuke Kawaguchi
1ee4c557e2
Assign this directory to apache
2014-07-07 19:33:49 -07:00
Kohsuke Kawaguchi
79b431fe3f
allow Jenkins to login as www-data to populate the releases
2014-07-07 19:32:26 -07:00
Kohsuke Kawaguchi
1f354940f2
fixing the name based virtual host setting
2014-07-07 19:28:09 -07:00
Kohsuke Kawaguchi
a8b2567d2e
mount task seems to require these arguments
...
Otherwise it ends up producing invalid /etc/fstab
2014-07-07 19:16:53 -07:00
Kohsuke Kawaguchi
be428c8317
Can't figure out how to make this dependency work
2014-07-07 19:11:22 -07:00
Kohsuke Kawaguchi
ec2f815279
Can't figure out how to load a module file, switching to template
2014-07-07 19:07:04 -07:00
Kohsuke Kawaguchi
571d29b41e
adding rate limit setting
2014-07-07 18:56:54 -07:00
Kohsuke Kawaguchi
376b786f37
Moving the fragment into a separate file before adding more lines
2014-07-07 18:56:54 -07:00
Kohsuke Kawaguchi
1b36af6135
Enable rate limit module
2014-07-07 18:56:54 -07:00
Kohsuke Kawaguchi
6a1be6cf33
present only touches /etc/fstab
2014-07-07 18:56:54 -07:00
Kohsuke Kawaguchi
e2be3b0835
Deploy Apache
2014-07-07 18:56:54 -07:00
Kohsuke Kawaguchi
163e7bafa6
defining dependencies.
...
Looks like all the dependencies need to be specified manually. That's incredibly stupid.
2014-07-07 18:56:54 -07:00
Kohsuke Kawaguchi
7fee7b3428
Provisioning LVM volume
2014-07-07 18:13:22 -07:00
Kohsuke Kawaguchi
dcaadc3039
'reverseproxy_combined' log setting is defined by us
...
... therefore its definition needs to be managed by Puppet.
2014-07-07 15:52:53 -07:00
Kohsuke Kawaguchi
9560f4c709
Experimenting with using Rackspace as the fallback mirror.
...
... to store all the past releases. This setting is supposed to enable
Rackspace servers to respond to fallback2.jenkins-ci.org though I'm not
sure how they do that without me providing a reverse mapping. But let's
see.
2014-07-07 10:41:23 -07:00
R. Tyler Croy
18e08d84fa
Verify that password authentication for sshd is disabled on machines
2014-05-30 15:06:13 -07:00
R. Tyler Croy
7da1a887a6
Add ssh::server configuration to the base profile and disably password auth
...
[FIXED INFRA-71]
2014-05-30 11:37:20 -07:00
R. Tyler Croy
5cd29bca16
Add some default iptables rules to allow SSh and block most everything else
...
This means that every role that includes a profile::base will be locked down by
default which is good.
[FIXED INFRA-72]
2014-05-30 09:29:01 -07:00
R. Tyler Croy
7a3403ce09
meetings.jenkins-ci.org is actually supposed to be hosted on edamame
...
Looks like I screwed up the sync between infra-puppet and jenkins-infra
2014-05-25 22:57:07 -07:00
R. Tyler Croy
6188fbf5a7
Move edamame to ns1 and spinach to ns2
...
This should make it feasible to kill DNS on lettuce now. yay
[FIXED INFRA-19]
2014-05-25 22:53:24 -07:00
R. Tyler Croy
fbfce47237
Ignore vendor/ when attempting to lint
...
This allows this command to be run along-side the --path option in the bundle install
2014-05-25 22:08:20 -07:00
R. Tyler Croy
e291dc9a44
Attempt to use a local path for bundler in CI
2014-05-25 22:02:30 -07:00
R. Tyler Croy
85dbc44f6b
Use verbose logging for CI
2014-05-25 21:50:10 -07:00
R. Tyler Croy
202f663e27
Revert "Attempt to install all gems in CI"
...
This reverts commit 365560626d
.
2014-05-25 21:48:38 -07:00
R. Tyler Croy
365560626d
Attempt to install all gems in CI
...
I forget how this broke before
2014-05-25 21:38:12 -07:00
R. Tyler Croy
df394b7c58
Create an A record for edamame properly
2014-05-25 21:20:56 -07:00
R. Tyler Croy
adb47c231e
Switch to using the released version of puppet-groovy that I published
2014-05-25 21:20:56 -07:00
R. Tyler Croy
439214c478
Merge pull request #30 from vjanelle/fix_dns
...
Fix NS records?
2014-05-25 21:18:20 -07:00
Vincent Janelle
ad6751df0e
Fix NS records?
2014-05-25 21:17:07 -07:00
R. Tyler Croy
0c954b7206
Correct the environment variable used in the vagrant-aws helper script
2014-05-25 17:24:42 -07:00
R. Tyler Croy
ceabdac45c
Add a groovy profile and install it on the spinach role
...
This is using our slightly forked version of a groovy module I found on Forge.
Will install groovy into a versioned directory in /opt
[FIXED INFRA-22]
2014-05-25 17:24:30 -07:00
R. Tyler Croy
3c2c000ca7
Upgrade vagrant to 1.6.2 and include a little helper script to define the default provider
2014-05-25 13:45:50 -07:00
R. Tyler Croy
770fe507e6
Change edamame to act as ns2.jenkins-ci.org
2014-05-25 13:34:08 -07:00
R. Tyler Croy
68d46a3467
Default to running m1.larges for faster provision times
2014-05-24 15:28:28 -07:00
R. Tyler Croy
edba3dc524
Ensure the proper configuration directories get set up for the machine hosting bind
2014-05-24 15:28:12 -07:00
R. Tyler Croy
6292603fb2
Run the bind docker container with volumes and ports properly configured
2014-05-24 15:27:47 -07:00
R. Tyler Croy
f223e78293
Minor code-review tweaks and addition of more rspec-puppet tests for profile::bind
2014-05-23 14:21:44 -07:00
R. Tyler Croy
2d77a32ff2
Add celery to the zone file
2014-05-23 14:21:30 -07:00
Kohsuke Kawaguchi
86b49d7eed
Added a profile that deploys containerized BIND9
...
Temporarily deployed to edamame
Conflicts:
dist/role/manifests/edamame.pp
hieradata/common.yaml
2014-05-23 14:03:22 -07:00
R. Tyler Croy
2be8048d37
Update puppet-irc to the latest in our fork which includes a timeout option
...
This isn't strictly necessary, but will be good to test
2014-05-23 10:13:20 -07:00
R. Tyler Croy
ae292d3dd4
Make sure all machines update their apt caches every morning
...
[FIXED INFRA-31]
2014-05-11 17:00:36 -07:00
R. Tyler Croy
f7b60adf40
Add the parallel_tests gem for running the spec tests in parallel
...
On a machine faster than my laptop, this actually makes a difference.
Run:
% parallel_rspec spec/classes
2014-05-11 16:49:07 -07:00
R. Tyler Croy
b39d472a1c
Make profile::base remove any remaining code from infra-puppet
...
This will prevent the two versions of config management from stomping all over
one another.
2014-05-11 16:48:10 -07:00
R. Tyler Croy
66dcf13c53
Use libruby instead of libopenssl-ruby on Lucid
...
See:
ubuntu@ip-10-235-39-170:~$ sudo apt-get install libopenssl-ruby
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'libruby' instead of 'libopenssl-ruby'
libruby is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 35 not upgraded.
2014-05-10 21:38:35 -07:00
R. Tyler Croy
2796fe9e12
Update puppet-irc to also notify IRC for 'changed' puppet runs
2014-05-10 20:09:39 -07:00
R. Tyler Croy
79e7c451c1
Merge pull request #29 from rtyler/issue/ci-slave-23
...
Cleaned up buildsllave profile
2014-05-10 16:27:27 -07:00
R. Tyler Croy
7195685b45
Clean up the profile::buildslave and incorporate it in the celery role
...
This also adds some relatively basic serverspec testing of what a buildslave
should look like on a real machine
[FIXED INFRA-23]
2014-05-10 14:37:48 -07:00
R. Tyler Croy
3de010a3b8
Ensure that vagrant-aws images come online with properly populated apt-caches
...
We won't need this on production machines since they should be updating their
internal apt-caches on a daily basis, see
<https://issues.jenkins-ci.org/browse/INFRA-31 >
[FIXED INFRA-33]
2014-05-10 14:37:42 -07:00
R. Tyler Croy
48a3249d9c
Add a .rspec to hold some RSpec preferences for all invocations
2014-05-10 14:14:48 -07:00
Kohsuke Kawaguchi
215b32a2fb
added a profile for J-on-J build slave
2014-05-10 13:36:20 -07:00
R. Tyler Croy
94b584940d
Celery should behave like a standard Linux machine, nothing special
2014-05-10 10:56:31 -07:00
Kohsuke Kawaguchi
010e0ea906
Adding place holder manifest for celery
...
The plan is to use this as a build slave for J-on-J
2014-05-09 20:05:02 -04:00
R. Tyler Croy
68987a1ed7
Fix a broken serverspec test
...
Shame on me for not running the serverspecs before commiting code
2014-05-09 13:58:20 -07:00
R. Tyler Croy
a4c1854a54
Update the Vagrantfile to use AWS environment variables if they're available
2014-05-09 09:45:35 -07:00
R. Tyler Croy
46a81b843a
Use the correct docroot for the meetings vhost
2014-05-04 16:14:14 -07:00
R. Tyler Croy
f93484a40e
Merge pull request #19 from jenkins-infra/robobutler
...
Robobutler
2014-05-04 16:06:07 -07:00
R. Tyler Croy
b19a8eb266
Incorporate the log-compressor module into the robobutler profile
2014-05-04 15:53:47 -07:00
R. Tyler Croy
36c018e40e
Add the puppet-apache-logcompressor module
...
This commit also reorganizes the .fixtures.yml file a bit to include more
modules that can be found directly on forge. It's a bit faster than a full git
clone
2014-05-04 15:53:47 -07:00
R. Tyler Croy
e097409ee1
Remove the jenkins_apache module from the tree, this exists in puppet-apache-logcompressor
2014-05-04 15:53:46 -07:00
R. Tyler Croy
d65257d4a0
Rework the butlerbot profile to use the puppetlabs/apache modules apache::vhost type
2014-05-04 15:53:46 -07:00
R. Tyler Croy
c9f08fb742
update butlerbot profile and add more test coverage
2014-05-04 15:53:46 -07:00
R. Tyler Croy
e4a58fae2c
Refactor the main docker management into the docker profile
...
This should be included by all profiles that need to use docker
2014-05-04 15:53:46 -07:00
R. Tyler Croy
e854d6090b
Add vagrant/test-environment specific hiera data
2014-05-04 15:53:46 -07:00
R. Tyler Croy
657d101557
Upgrade the Vagrantfile to use a Docker-capable 12.04 LTS AMI
2014-05-04 15:53:46 -07:00
R. Tyler Croy
2f16cfbd59
Fix the `lint` rake task to use the right `ignore_paths`
...
Otherwise, a local `r10k puppetfile install` would cause boatloads of lint
errors since the puppetlabs_spec_helper lint task overwrites ignore_paths
instead of adding to it
(https://github.com/jenkins-infra/puppetlabs_spec_helper/blob/master/lib/puppetlabs_spec_helper/rake_tasks.rb#L162 )
2014-05-04 15:53:46 -07:00
Kohsuke Kawaguchi
06b59d4637
Added manifest to install and run robobutler
2014-05-04 15:53:46 -07:00
Kohsuke Kawaguchi
b951b64426
Adding the check to verify required plugins are available
2014-05-02 19:02:50 -07:00
Kohsuke Kawaguchi
1fc5333430
Set the box URL so that it doesn't have to be installed separately
2014-05-02 19:02:50 -07:00
R. Tyler Croy
6d6ee8728a
Fix the relative link to roles, really
2014-05-02 17:24:24 -07:00
R. Tyler Croy
ad7a3f39bc
Fix the relative link to roles
2014-05-02 17:23:38 -07:00
R. Tyler Croy
77c7b5129a
Document the local vagrant-based testing workflow
2014-05-02 17:22:55 -07:00
Kohsuke Kawaguchi
bcb31d8003
Adding a script to edit common.yaml
...
... so that I won't forget how to do it.
2014-05-02 16:19:39 -07:00
R. Tyler Croy
7063dac4ca
Merge pull request #25 from rtyler/vagrant-serverspec-and-roles
...
Introduce role-based serverspec testing, powered by Vagrant
2014-05-02 14:52:30 -07:00
R. Tyler Croy
488cfbc31c
Add a placeholder spec dir for artichoke aka puppetmaster
2014-05-02 14:48:45 -07:00
R. Tyler Croy
ab18b45079
Introduce role-based serverspec testing, powered by everybody's favorite hobo
...
This allows for writing and running acceptance tests for specific roles
(dist/role/manifests/*.pp) and spinning up a Vagrant AWS machine with that
role, then running the appropriate serverspec tests against it.
2014-05-02 14:41:29 -07:00
R. Tyler Croy
9b734615b0
Include a special Vagrant profile to make sure Vagrant nodes are properly permissioned
2014-05-02 12:52:02 -07:00
R. Tyler Croy
8a3f1090d8
Add a simple vagrant/puppet-apply based environment on top of AWS
2014-05-02 12:06:40 -07:00
R. Tyler Croy
f627928b90
Merge pull request #23 from Spredzy/add_firewall_module
...
Add puppetlabs firewall module
2014-05-02 11:14:03 -07:00
Yanis Guenane
852e25bbf9
Add puppetlabs firewall module
...
Add puppetlabs firewall module to manage security rules.
[FIXED INFRA-18]
2014-05-02 14:10:30 -04:00
R. Tyler Croy
2a0dc0cce6
Merge pull request #24 from Spredzy/fix_it_compile
...
Fix the it { should compile } issue on tests
2014-05-02 11:08:18 -07:00
Yanis Guenane
274c0257a0
Fix the it { should compile } issue on tests
...
Currently the CI fails on it should compile.
This commit fixes it and allow tests to pass
See: https://tickets.puppetlabs.com/browse/PUP-1547
2014-05-02 14:03:26 -04:00
Kohsuke Kawaguchi
4d0b64d9f8
Ignore more vagrant related files
2014-05-02 10:35:47 -07:00
R. Tyler Croy
7395191799
Allow passwordless sudo for the sudo group
2014-05-02 10:18:47 -07:00
R. Tyler Croy
947bea1284
Merge pull request #22 from rtyler/ntp-fixes
...
Ntp fixes
2014-05-02 10:03:05 -07:00
R. Tyler Croy
8eeaf47dcb
Ensure that the base profile is included in our new roles
2014-05-02 10:00:40 -07:00
Yanis Guenane
14f66a6edf
Add the NTP profile to jenkins-infra
...
Add the NTP profile to the puppetmaster-role.
Configuration is taken from hiera.
[FIXED INFRA-24]
2014-05-02 09:12:26 -04:00
R. Tyler Croy
edffb6fbaf
Merge pull request #20 from jenkins-infra/fixirc
...
Fix irc reports
2014-05-01 16:48:27 -07:00
Adam Crews
8cf0b28325
Fixed duplicate resource issue
2014-05-01 16:47:21 -07:00
Adam Crews
3681ca26cd
Fix irc reports
2014-05-01 16:45:24 -07:00
Adam Crews
f49567a805
Merge pull request #16 from rtyler/pe-and-irc
...
Update to the latest puppet-irc which is more accomodating for PE
2014-05-01 16:11:07 -07:00
Adam Crews
e4bd06a6cf
Merge pull request #15 from rtyler/classify-existing-nodes
...
Classify all our existing agent'd nodes
2014-05-01 16:10:32 -07:00
R. Tyler Croy
24b981bb6f
Merge pull request #11 from jenkins-infra/documentation
...
Add README for hiera data
2014-05-01 16:08:38 -07:00
Adam Crews
6b3baecfe8
Add doc about how to install agents
2014-05-01 16:05:45 -07:00
R. Tyler Croy
6f0f95b319
Update to the latest puppet-irc which is more accomodating for Puppet Enterprise
2014-05-01 16:00:56 -07:00
R. Tyler Croy
9296cbe1e6
Classify all our existing agent'd nodes
...
The node == role mapping isn't /great/ but because we have nodes that server a
number of functions, we can't really say 1 logical role (e.g. 'webserver') can
map to 1 logical node
2014-05-01 15:24:32 -07:00
Adam Crews
e7c8853ba6
Merge pull request #13 from rtyler/issue/puppet-irc-25
...
Add a Puppet report processor to ping IRC when reports are generated
2014-05-01 14:45:09 -07:00
R. Tyler Croy
2b9e2eb952
Add hiera fixture file for rspec-puppet in CI
2014-05-01 14:43:07 -07:00
R. Tyler Croy
acdd7ff762
Clean out old fixtures "just in case"
2014-05-01 14:31:14 -07:00
R. Tyler Croy
777f1303ad
Add a Puppet report processor to ping IRC when reports are generated
...
This might get noisy, we'll see how it goes
2014-05-01 14:25:36 -07:00
R. Tyler Croy
6bba6751e7
Properly run the rspec-puppet tests as part of the CI jobs
2014-05-01 13:32:15 -07:00
Adam Crews
2c8c1a5ff1
Merge pull request #10 from rtyler/issue/sudoers-17
...
Add support for managing sudoers access across machines
2014-05-01 12:21:33 -07:00
R. Tyler Croy
eef13844bc
Merge pull request #9 from rtyler/lint-fixes
...
Lint and documentation fixes
2014-05-01 12:17:52 -07:00
R. Tyler Croy
153a9c608d
Add support for managing sudoers access across machines
...
This includes the saz/sudo module and defines a difference in sudoer needs
between OSUOSL managed machines and those outside of the OSUOSL datacenter,
which won't have an `osuadmin` account on them
[FIXED INFRA-17]
2014-05-01 12:13:18 -07:00
Adam Crews
26de0c4928
Add README for hiera data
2014-05-01 12:01:45 -07:00
R. Tyler Croy
303662af4b
More clearly document the puppetmaster profile
2014-05-01 10:22:52 -07:00
R. Tyler Croy
582a8f513f
Turn lint warnings into failures!
...
Let's keep this repository clean :D
2014-05-01 10:21:10 -07:00
R. Tyler Croy
e9b48bbe7e
Enable rspec-puppet tests for the puppetmaster profile and role
2014-04-30 21:24:12 -07:00
R. Tyler Croy
b54e869b36
Add spec/fixtures/modules/*/lib to the rspec $LOAD_PATH to handle custom providers in the catalog
...
This helps address autoload issues in rspec-puppet that would otherwise be handled by pluginsync
1) role::puppetmaster
Failure/Error: should contain_class 'profile::puppetmaster' }
Puppet::Error:
Could not autoload puppet/type/yaml_setting: Could not autoload puppet/provider/yaml_setting/mapped: cannot load such file -- puppetx/filemapper on node kiwi
# ./spec/classes/role/puppetmaster_spec.rb:5:in `block (2 levels) in <top (required)>'
2014-04-30 21:23:13 -07:00