mirror of
https://github.com/krislamo/vagrant-jenkins
synced 2024-12-16 05:10:36 +00:00
init
This commit is contained in:
commit
c227e3f885
10
.gitignore
vendored
Normal file
10
.gitignore
vendored
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
.DS_Store
|
||||||
|
scratch/*
|
||||||
|
*.box
|
||||||
|
.vagrant
|
||||||
|
puppet/modules
|
||||||
|
puppet/**/hieradata/sensitive.yaml
|
||||||
|
puppet/.tmp
|
||||||
|
puppet/.librarian
|
||||||
|
nolibrarian
|
||||||
|
puppet/hiera.yaml.rpmsave
|
10
README.md
Normal file
10
README.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
|
||||||
|
Only the master Jenkins server is provisioned at this time. Provisioning
|
||||||
|
a separate worker node has not been implemented. Of course the master
|
||||||
|
server can also serve as a worker so this single node will be sufficient
|
||||||
|
for most use cases.
|
||||||
|
|
||||||
|
Manual Puppet Run
|
||||||
|
=======
|
||||||
|
|
||||||
|
sudo /opt/puppetlabs/bin/puppet apply --environment=production /etc/puppetlabs/code/environments/production/manifests/site.pp
|
80
Vagrantfile
vendored
Normal file
80
Vagrantfile
vendored
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
BOX = 'ebrc/centos-7-64-puppet'
|
||||||
|
BOX_URL = ''
|
||||||
|
TLD = 'jenkins.vm'
|
||||||
|
|
||||||
|
JENKINS_HOSTS = {
|
||||||
|
:master => {
|
||||||
|
:vagrant_box => BOX,
|
||||||
|
:vagrant_box_url => BOX_URL,
|
||||||
|
:wf_hostname => 'ci.' + TLD,
|
||||||
|
:puppet_manifest => 'site.pp'
|
||||||
|
},
|
||||||
|
# :node => {
|
||||||
|
# :vagrant_box => BOX,
|
||||||
|
# :vagrant_box_url => BOX_URL,
|
||||||
|
# :wf_hostname => 'node1.' + TLD,
|
||||||
|
# :puppet_manifest => 'site.pp'
|
||||||
|
# },
|
||||||
|
}
|
||||||
|
|
||||||
|
[
|
||||||
|
{ :name => 'vagrant-librarian-puppet', :version => '>= 0.9.2' },
|
||||||
|
].each do |plugin|
|
||||||
|
if not Vagrant.has_plugin?(plugin[:name], plugin[:version])
|
||||||
|
raise "#{plugin[:name]} #{plugin[:version]} is required. Please run `vagrant plugin install #{plugin[:name]}`"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
Vagrant.configure(2) do |config|
|
||||||
|
|
||||||
|
JENKINS_HOSTS.each do |name,cfg|
|
||||||
|
config.vm.define name do |vm_config|
|
||||||
|
|
||||||
|
vm_config.vm.provider 'virtualbox' do |v|
|
||||||
|
v.gui = false
|
||||||
|
end
|
||||||
|
|
||||||
|
if Vagrant.has_plugin?('landrush')
|
||||||
|
vm_config.landrush.enabled = true
|
||||||
|
vm_config.landrush.tld = TLD
|
||||||
|
end
|
||||||
|
|
||||||
|
vm_config.vm.box = cfg[:vagrant_box] if cfg[:vagrant_box]
|
||||||
|
vm_config.vm.box_url = cfg[:vagrant_box_url] if cfg[:vagrant_box_url]
|
||||||
|
vm_config.vm.hostname = cfg[:wf_hostname] if cfg[:wf_hostname]
|
||||||
|
|
||||||
|
vm_config.vm.synced_folder 'puppet/',
|
||||||
|
'/etc/puppetlabs/code/',
|
||||||
|
owner: 'root', group: 'root'
|
||||||
|
|
||||||
|
vm_config.ssh.forward_agent = true
|
||||||
|
vm_config.ssh.pty = true
|
||||||
|
|
||||||
|
if ! File.exist?(File.dirname(__FILE__) + '/nolibrarian')
|
||||||
|
vm_config.librarian_puppet.puppetfile_dir = 'puppet'
|
||||||
|
vm_config.librarian_puppet.destructive = false
|
||||||
|
end
|
||||||
|
|
||||||
|
if ( Vagrant.has_plugin?('landrush') and vm_config.landrush.enabled)
|
||||||
|
# The Puppet manifests includes a firewalld reload that clobbers
|
||||||
|
# the iptables dns nat rule added by Landrush. So save iptables
|
||||||
|
# for restoration after Puppet provisioning.
|
||||||
|
vm_config.vm.provision :shell, inline: '/sbin/iptables-save -t nat > /root/landrush.iptables'
|
||||||
|
end
|
||||||
|
vm_config.vm.provision :puppet do |puppet|
|
||||||
|
puppet.environment = 'production'
|
||||||
|
puppet.environment_path = 'puppet/environments'
|
||||||
|
puppet.manifests_path = 'puppet/environments/production/manifests'
|
||||||
|
puppet.manifest_file = cfg[:puppet_manifest]
|
||||||
|
puppet.hiera_config_path = 'puppet/hiera.yaml'
|
||||||
|
#puppet.options = ['--debug --trace --verbose']
|
||||||
|
end
|
||||||
|
if ( Vagrant.has_plugin?('landrush') and vm_config.landrush.enabled)
|
||||||
|
vm_config.vm.provision :shell, inline: '/sbin/iptables-restore < /root/landrush.iptables'
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
end
|
21
puppet/Puppetfile
Normal file
21
puppet/Puppetfile
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
forge 'https://forgeapi.puppetlabs.com'
|
||||||
|
|
||||||
|
mod 'crayfishx/firewalld'
|
||||||
|
mod 'jlambert121/trusted_ca'
|
||||||
|
mod 'puppet/archive'
|
||||||
|
mod 'puppetlabs/java_ks'
|
||||||
|
mod 'puppetlabs/stdlib'
|
||||||
|
mod 'stahnma/epel'
|
||||||
|
|
||||||
|
mod 'ebrc/ebrc_yum_repo',
|
||||||
|
:git => 'git@github.com:EuPathDB/puppet-ebrc_yum_repo.git'
|
||||||
|
|
||||||
|
mod 'ebrc/ebrc_java',
|
||||||
|
:git => 'git@github.com:EuPathDB/puppet-ebrc_java.git'
|
||||||
|
|
||||||
|
mod 'ebrc/ebrc_jenkins',
|
||||||
|
:git => 'git@github.com:EuPathDB/puppet-ebrc_jenkins.git'
|
||||||
|
|
||||||
|
mod 'local/profiles',
|
||||||
|
:path => './src/profiles'
|
||||||
|
:latest
|
55
puppet/Puppetfile.lock
Normal file
55
puppet/Puppetfile.lock
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
FORGE
|
||||||
|
remote: https://forgeapi.puppetlabs.com
|
||||||
|
specs:
|
||||||
|
crayfishx-firewalld (3.1.4)
|
||||||
|
puppetlabs-stdlib (< 5.0.0, >= 4.2.0)
|
||||||
|
jlambert121-trusted_ca (1.1.0)
|
||||||
|
puppetlabs-stdlib (< 5.0.0, >= 3.2.0)
|
||||||
|
puppet-archive (1.1.2)
|
||||||
|
puppetlabs-stdlib (< 5.0.0, >= 4.2.0)
|
||||||
|
puppetlabs-java_ks (1.4.1)
|
||||||
|
puppetlabs-stdlib (4.12.0)
|
||||||
|
stahnma-epel (1.2.2)
|
||||||
|
puppetlabs-stdlib (>= 3.0.0)
|
||||||
|
|
||||||
|
GIT
|
||||||
|
remote: git@github.com:EuPathDB/puppet-ebrc_java.git
|
||||||
|
ref: master
|
||||||
|
sha: 5434fa8c13d2dc4987530b5d9e713f05b9d93841
|
||||||
|
specs:
|
||||||
|
ebrc-ebrc_java (0.1.0)
|
||||||
|
|
||||||
|
GIT
|
||||||
|
remote: git@github.com:EuPathDB/puppet-ebrc_jenkins.git
|
||||||
|
ref: master
|
||||||
|
sha: 133ce0f678faa7af1a3a2a743c67baba09adee20
|
||||||
|
specs:
|
||||||
|
ebrc-ebrc_jenkins (0.0.1)
|
||||||
|
|
||||||
|
GIT
|
||||||
|
remote: git@github.com:EuPathDB/puppet-ebrc_yum_repo.git
|
||||||
|
ref: master
|
||||||
|
sha: 2e75a0de6b7e4da022a1a4de7ee5306b5fcc0a4d
|
||||||
|
specs:
|
||||||
|
ebrc-ebrc_yum_repo (0.1.0)
|
||||||
|
puppetlabs-stdlib (>= 1.0.0)
|
||||||
|
|
||||||
|
PATH
|
||||||
|
remote: ./src/profiles
|
||||||
|
specs:
|
||||||
|
local-profiles (0.0.0)
|
||||||
|
crayfishx-firewalld (>= 0)
|
||||||
|
ebrc-ebrc_jenkins (>= 0)
|
||||||
|
|
||||||
|
DEPENDENCIES
|
||||||
|
crayfishx-firewalld (>= 0)
|
||||||
|
ebrc-ebrc_java (>= 0)
|
||||||
|
ebrc-ebrc_jenkins (>= 0)
|
||||||
|
ebrc-ebrc_yum_repo (>= 0)
|
||||||
|
jlambert121-trusted_ca (>= 0)
|
||||||
|
local-profiles (>= 0)
|
||||||
|
puppet-archive (>= 0)
|
||||||
|
puppetlabs-java_ks (>= 0)
|
||||||
|
puppetlabs-stdlib (>= 0)
|
||||||
|
stahnma-epel (>= 0)
|
||||||
|
|
0
puppet/environments/production/environment.conf
Normal file
0
puppet/environments/production/environment.conf
Normal file
19
puppet/environments/production/hieradata/common.yaml
Normal file
19
puppet/environments/production/hieradata/common.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
ebrc_jenkins::user_home: /usr/local/home/jenkins
|
||||||
|
ebrc_jenkins::instances:
|
||||||
|
CI:
|
||||||
|
version: 1.638
|
||||||
|
http_port: 9181
|
||||||
|
jmx_port: 9120
|
||||||
|
|
||||||
|
ebrc_ca::cacert: apidb-ca-rsa.crt
|
||||||
|
ebrc_java::java_home: /usr/java/jdk1.8.0_92
|
||||||
|
ebrc_java::packages:
|
||||||
|
- jdk1.8.0_92
|
||||||
|
ebrc_java::java_home: /usr/java/jdk1.8.0_92
|
||||||
|
ebrc_java::default_ver: /usr/java/jdk1.8.0_92
|
||||||
|
|
||||||
|
java_keystore_target: /etc/pki/tls/certs/cacerts
|
||||||
|
java_keystore_passwd: graeo5locza
|
||||||
|
|
||||||
|
local_home: /usr/local/home
|
@ -0,0 +1,3 @@
|
|||||||
|
---
|
||||||
|
roles:
|
||||||
|
- profiles::ebrc_jenkins
|
@ -0,0 +1,2 @@
|
|||||||
|
---
|
||||||
|
roles:
|
4
puppet/environments/production/manifests/site.pp
Normal file
4
puppet/environments/production/manifests/site.pp
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
node default {
|
||||||
|
hiera_include('roles')
|
||||||
|
}
|
||||||
|
|
12
puppet/hiera.yaml
Normal file
12
puppet/hiera.yaml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
:backends:
|
||||||
|
- yaml
|
||||||
|
|
||||||
|
:yaml:
|
||||||
|
:datadir: "%{settings::codedir}/environments/%{::environment}/hieradata"
|
||||||
|
|
||||||
|
:hierarchy:
|
||||||
|
- "nodes/%{::fqdn}"
|
||||||
|
- "%{::domain}"
|
||||||
|
- sensitive
|
||||||
|
- common
|
4
puppet/src/README.md
Normal file
4
puppet/src/README.md
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
This `src` directory contains Puppet modules only available in this
|
||||||
|
Vagrant project. Because Puppet librarian can clean out the `modules`
|
||||||
|
directory, we put local modules here, out of librarian's scope, and
|
||||||
|
reference them for in the Puppetfile for installation to `modules`.
|
38
puppet/src/profiles/files/ssl/apidb-ca-rsa.crt
Normal file
38
puppet/src/profiles/files/ssl/apidb-ca-rsa.crt
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGujCCBKKgAwIBAgIJAJ88X2Ge/QNVMA0GCSqGSIb3DQEBBQUAMIGZMQswCQYD
|
||||||
|
VQQGEwJVUzEVMBMGA1UECBMMUGVubnN5bHZhbmlhMRUwEwYDVQQHEwxQaGlsYWRl
|
||||||
|
bHBoaWExLTArBgNVBAoTJEFwaURCIEJpb2luZm9ybWF0aWNzIFJlc291cmNlIENl
|
||||||
|
bnRlcjEOMAwGA1UEAxMFQXBpREIxHTAbBgkqhkiG9w0BCQEWDmhlbHBAYXBpZGIu
|
||||||
|
b3JnMB4XDTEyMDgzMTE5MTMyNFoXDTIyMDgyOTE5MTMyNFowgZkxCzAJBgNVBAYT
|
||||||
|
AlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFTATBgNVBAcTDFBoaWxhZGVscGhp
|
||||||
|
YTEtMCsGA1UEChMkQXBpREIgQmlvaW5mb3JtYXRpY3MgUmVzb3VyY2UgQ2VudGVy
|
||||||
|
MQ4wDAYDVQQDEwVBcGlEQjEdMBsGCSqGSIb3DQEJARYOaGVscEBhcGlkYi5vcmcw
|
||||||
|
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDWjz2aYcFph78mYHXI92QG
|
||||||
|
RetOwW8Sp8bSaI3j3/MsG/+0zAesAub3qAldizZSnPGT62Ok9CwloKno8xl5k08D
|
||||||
|
tdK1PBy1KTcOhpVGDpGpQIWC5cZ3WmLkT9VciE25MSsmBsShqP7jmDy9tBAOQ5mJ
|
||||||
|
YeFxnnkiZfNMkeW+fMv/SUIutebUVMi+ZnRqj5DDlgLbcNUzH533SauYXTkehbyY
|
||||||
|
Awwx2BtPhjINWn4PFv11NGM8P5mri6+M0l8twCIUKFi9SoCjYAM0uOd3AS3EJxxK
|
||||||
|
M3QBYJVrykbqxHF/MaD3z/hbXCrhmIQm96ApnVnmxpc1DtkPKkkfhbnkDbOJqVfe
|
||||||
|
6IOHxxzRN1a1Igb12dR+nRAf6vZNCMZ1YFzC01rw1bkKlYrcaX+ZM1El1n1mgHtP
|
||||||
|
OrQZLeNzCCl0LACBAC1Ky4/2OdyAP7A3Hrlo4dT8rTC+5ZWn+vuhwZV6KMk7rElf
|
||||||
|
n1HpBvKwypSJqc5jHq7f9hTQyktWdg1rfvn+TPPfZHehKsYQrR1oEGJVynouvQMG
|
||||||
|
YrDnGTbg12xpMv+zWDpRsuTx6zpSwbS/S3/PnEndhQBx8eRrHbHkV/9zP1qPt7Xl
|
||||||
|
mX5XLQz+zJV801rx00Jadfta8SZBohV6uhhwFdBuc1z7+VOhKjKVG5EzfhINY4a/
|
||||||
|
3CaoTF51sAHuLl6q67T9FQIDAQABo4IBATCB/jAdBgNVHQ4EFgQUasR0PhZJaGRx
|
||||||
|
tVXJleUI6PJXEvUwgc4GA1UdIwSBxjCBw4AUasR0PhZJaGRxtVXJleUI6PJXEvWh
|
||||||
|
gZ+kgZwwgZkxCzAJBgNVBAYTAlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFTAT
|
||||||
|
BgNVBAcTDFBoaWxhZGVscGhpYTEtMCsGA1UEChMkQXBpREIgQmlvaW5mb3JtYXRp
|
||||||
|
Y3MgUmVzb3VyY2UgQ2VudGVyMQ4wDAYDVQQDEwVBcGlEQjEdMBsGCSqGSIb3DQEJ
|
||||||
|
ARYOaGVscEBhcGlkYi5vcmeCCQCfPF9hnv0DVTAMBgNVHRMEBTADAQH/MA0GCSqG
|
||||||
|
SIb3DQEBBQUAA4ICAQAgiSwGDZvC9GVErm8m7DNdLU17lP8V1aUXMLbwAm2hwp6C
|
||||||
|
snUR3TzJ0MOPSPy67NIMYMWwkRKDILKUXOvfsnE295ZmqmTaUZk+Uv3DoU3xcaIw
|
||||||
|
LbAOhlIrgPvGQyWXUwAdGacBTrJM4dzQ+pAPnt9ZVu5X9+BYD7ic0H0WNimurjtk
|
||||||
|
4l+X+wxibJB8Mj3zMnkBRm3wNS1teeU3HRjByEX3HoHuxMYWhWX6tOosBIXiV/9c
|
||||||
|
12jVPseogPROziiMxqpkyDqUXWiZhzvL/MK0NGYGPlevAodvTWh4CG8Ld1ErFy07
|
||||||
|
Sk6YVxBQhz5+HAyHQNLjySh8UeX4EdF9Y1Fpmmy7M2afV+YEjB0ahIGmYfUqt4rj
|
||||||
|
KbeRdmqobpzjQ7iH53xBS8JMUw1EOP4Evjsi7/62XqB4MgRQ9EM85T0W3zhiwFF2
|
||||||
|
6h7BJ11ElhPjmTzzz12p/MBnnYmrMNwYKzDobfdlDoC4dAz1U5RDI1D7w8RyZbOk
|
||||||
|
5FOxGCS2/8Hk8vBL6/ZF5sTD3iqb7YDdEgvkrnAnPk3UAQ6FHPzp7tfC3IBQr7Jf
|
||||||
|
BmkZhG9oGg8WIkGPKxUqMJuoQAb5UB6GwE6nz2dCnAM62qUVLljs0XNWK1lgRpYy
|
||||||
|
JM0ZtsohoVcerth4vUVwrxATaSJ5N+9e9uitABWEOdkiT6l0Fv8aLrjv/ZkLCA==
|
||||||
|
-----END CERTIFICATE-----
|
26
puppet/src/profiles/manifests/ebrc_ca_bundle.pp
Normal file
26
puppet/src/profiles/manifests/ebrc_ca_bundle.pp
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# install EuPathDB BRC's Certificate Authority to filesystem and add to
|
||||||
|
# system CA bundle using ca-certificates utilities.
|
||||||
|
# Hiera
|
||||||
|
#
|
||||||
|
# The following hiera data should be set for use by the underlying
|
||||||
|
# modules. Defaults are set in common.yaml
|
||||||
|
# - ebrc_ca::cacert - filename of certificate
|
||||||
|
class profiles::ebrc_ca_bundle {
|
||||||
|
|
||||||
|
include ::trusted_ca
|
||||||
|
|
||||||
|
$ca_name = hiera('ebrc_ca::cacert')
|
||||||
|
|
||||||
|
trusted_ca::ca { $ca_name:
|
||||||
|
source => "puppet:///modules/profiles/ssl/${ca_name}",
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/pki/tls/certs/${ca_name}":
|
||||||
|
ensure => file,
|
||||||
|
source => "puppet:///modules/profiles/ssl/${ca_name}",
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0644',
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
40
puppet/src/profiles/manifests/ebrc_ca_keystore.pp
Normal file
40
puppet/src/profiles/manifests/ebrc_ca_keystore.pp
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
# install EuPathDB BRC's Certificate Authority to java keystore.
|
||||||
|
# Leverages puppetlabs/java_ks
|
||||||
|
#
|
||||||
|
# Requirements
|
||||||
|
# - EuPathDB's CA must already be on the file system
|
||||||
|
# (see profile::ebrc_ca_bundle).
|
||||||
|
# - keytool command must be available (provided by modern Java packages)
|
||||||
|
# Hiera
|
||||||
|
#
|
||||||
|
# The following hiera data should be set for use by the underlying
|
||||||
|
# modules. Defaults are set in common.yaml
|
||||||
|
# - ebrc_ca::cacert - filename for certificate
|
||||||
|
# - ebrc_java::java_home - java base directory
|
||||||
|
# - java_keystore_target - path for keystore
|
||||||
|
# - java_keystore_passwd - password for keystore
|
||||||
|
class profiles::ebrc_ca_keystore {
|
||||||
|
|
||||||
|
$alias = 'eupathdbinternalca'
|
||||||
|
$cacert = hiera('ebrc_ca::cacert')
|
||||||
|
$java_home = hiera('ebrc_java::java_home')
|
||||||
|
$java_ks_target = hiera('java_keystore_target')
|
||||||
|
$java_ks_passwd = hiera('java_keystore_passwd')
|
||||||
|
|
||||||
|
if $::osfamily == 'redhat' {
|
||||||
|
$certdir = '/etc/pki/tls/certs'
|
||||||
|
} else {
|
||||||
|
fail("profiles::ebrc_ca_keystore: Unsupported osfamily: ${::osfamily}")
|
||||||
|
}
|
||||||
|
|
||||||
|
java_ks { $alias:
|
||||||
|
ensure => latest,
|
||||||
|
path => ["${java_home}/bin", '/usr/bin'],
|
||||||
|
certificate => "${certdir}/${cacert}",
|
||||||
|
target => $java_ks_target,
|
||||||
|
password => $java_ks_passwd,
|
||||||
|
trustcacerts => true,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
48
puppet/src/profiles/manifests/ebrc_java_stack.pp
Normal file
48
puppet/src/profiles/manifests/ebrc_java_stack.pp
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
# Full java deployment for EuPathDB BRC servers
|
||||||
|
# Includes
|
||||||
|
# - installing one or more Java packages from EuPathDB YUM repo
|
||||||
|
# - adds EuPathDB's certificate authority to cacerts keystore.
|
||||||
|
#
|
||||||
|
# Hiera
|
||||||
|
#
|
||||||
|
# The following hiera data should be set for use by the underlying
|
||||||
|
# modules.
|
||||||
|
#
|
||||||
|
# Used by ebrc_java
|
||||||
|
# ebrc_java::packages - an array of Java packages to install, e.g
|
||||||
|
# ebrc_java::packages:
|
||||||
|
# - jdk-1.7.0_80
|
||||||
|
# - jdk-1.8.0_01
|
||||||
|
# ebrc_java::java_home - the full path to $JAVA_HOME, e.g.
|
||||||
|
# ebrc_java::java_home: /usr/java/jdk1.7.0_80
|
||||||
|
#
|
||||||
|
# Used by ::profiles::ebrc_ca_keystore
|
||||||
|
# java_keystore_target - the full path to the Java keystore file, e.g.
|
||||||
|
# java_keystore_target: /etc/pki/tls/certs/cacerts
|
||||||
|
# java_keystore_passwd - the keystore password
|
||||||
|
# java_keystore_passwd: graeo5locza
|
||||||
|
#
|
||||||
|
# Used by ::profiles::ebrc_ca_bundle
|
||||||
|
# ebrc_ca::cacert - the file name of EBRC's CA
|
||||||
|
# ebrc_ca::cacert: apidb-ca-rsa.crt
|
||||||
|
#
|
||||||
|
class profiles::ebrc_java_stack {
|
||||||
|
|
||||||
|
include ::ebrc_yum_repo
|
||||||
|
include ::profiles::ebrc_ca_bundle
|
||||||
|
include ::profiles::ebrc_ca_keystore
|
||||||
|
|
||||||
|
$java_home = hiera('ebrc_java::java_home')
|
||||||
|
$java_packages = hiera('ebrc_java::packages')
|
||||||
|
|
||||||
|
class { '::ebrc_java':
|
||||||
|
packages => $java_packages,
|
||||||
|
java_home => $java_home,
|
||||||
|
}
|
||||||
|
|
||||||
|
Class['::ebrc_yum_repo'] ->
|
||||||
|
Class['::ebrc_java'] ->
|
||||||
|
Class['::profiles::ebrc_ca_bundle'] ->
|
||||||
|
Class['::profiles::ebrc_ca_keystore']
|
||||||
|
|
||||||
|
}
|
44
puppet/src/profiles/manifests/ebrc_jenkins.pp
Normal file
44
puppet/src/profiles/manifests/ebrc_jenkins.pp
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
# manage requirements for Jenkins server instances
|
||||||
|
# for EuPathDB
|
||||||
|
class profiles::ebrc_jenkins {
|
||||||
|
|
||||||
|
include ::profiles::ebrc_java_stack
|
||||||
|
include ::profiles::local_home
|
||||||
|
include ::ebrc_jenkins
|
||||||
|
|
||||||
|
Class['::profiles::ebrc_java_stack'] ->
|
||||||
|
Class['::profiles::local_home'] ->
|
||||||
|
Class['::ebrc_jenkins']
|
||||||
|
|
||||||
|
firewalld::custom_service{ 'Allow jenkins in public zone':
|
||||||
|
short => 'jenkins',
|
||||||
|
port => [
|
||||||
|
{
|
||||||
|
'port' => 9191,
|
||||||
|
'protocol' => 'tcp'
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'port' => 9181,
|
||||||
|
'protocol' => 'tcp'
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'port' => 9130,
|
||||||
|
'protocol' => 'tcp'
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'port' => 9120,
|
||||||
|
'protocol' => 'tcp'
|
||||||
|
},
|
||||||
|
],
|
||||||
|
before => Firewalld_service['Allow jenkins in public zone'],
|
||||||
|
}
|
||||||
|
|
||||||
|
firewalld_service {'Allow jenkins in public zone':
|
||||||
|
ensure => 'present',
|
||||||
|
zone => 'public',
|
||||||
|
service => 'jenkins',
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
}
|
10
puppet/src/profiles/manifests/local_home.pp
Normal file
10
puppet/src/profiles/manifests/local_home.pp
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# manage a home that is on a local filesystem
|
||||||
|
# as opposed to NFS
|
||||||
|
class profiles::local_home {
|
||||||
|
|
||||||
|
$local_home = hiera('local_home')
|
||||||
|
|
||||||
|
file{ [$local_home]:
|
||||||
|
ensure => directory,
|
||||||
|
}
|
||||||
|
}
|
15
puppet/src/profiles/metadata.json
Normal file
15
puppet/src/profiles/metadata.json
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
{
|
||||||
|
"name": "local/profiles",
|
||||||
|
"version": "0.0.0",
|
||||||
|
"author": "ebrc",
|
||||||
|
"summary": "Local profiles to install Jenkins master",
|
||||||
|
"license": "Apache-2.0",
|
||||||
|
"source": "",
|
||||||
|
"project_page": null,
|
||||||
|
"issues_url": null,
|
||||||
|
"dependencies": [
|
||||||
|
{"name":"ebrc/ebrc_jenkins"},
|
||||||
|
{"name":"crayfishx/firewalld"}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
5
scratch/.gitignore
vendored
Normal file
5
scratch/.gitignore
vendored
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
.DS_Store
|
||||||
|
.vagrant
|
||||||
|
|
||||||
|
!.gitignore
|
||||||
|
|
Loading…
Reference in New Issue
Block a user