Puppet Class: profile::ci::jenkins
- Defined in:
- modules/profile/manifests/ci/jenkins.pp
Overview
SPDX-License-Identifier: Apache-2.0 [jenkins_prefix] The HTTP path used to reach the Jenkins instance. Must have a leading slash. Default: '/ci'.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 |
# File 'modules/profile/manifests/ci/jenkins.pp', line 6
class profile::ci::jenkins(
Stdlib::Unixpath $prefix = lookup('profile::ci::jenkins::prefix'),
Stdlib::Unixpath $builds_dir = lookup('profile::ci::jenkins::builds_dir'),
Stdlib::Unixpath $workspaces_dir = lookup('profile::ci::jenkins::workspaces_dir'),
Stdlib::Unixpath $java_home = lookup('profile::ci::jenkins::java_home'),
Stdlib::Fqdn $legacy_host = lookup('profile::ci::jenkins::legacy_host'),
Stdlib::Fqdn $new_host = lookup('profile::ci::jenkins::new_host'),
Boolean $jenkins_enabled = lookup('profile::ci::jenkins::service_enabled'),
) {
include profile::ci
include ::profile::java
Class['::profile::java'] ~> Class['::jenkins']
include ::profile::ci::thirdparty_apt
Class['::profile::ci::thirdparty_apt'] ~> Class['::jenkins']
# Load the Jenkins module, that setup a Jenkins controller
$service_enable = ($profile::ci::manager and $jenkins_enabled) ? {
false => 'mask',
default => $profile::ci::manager,
}
class { '::jenkins':
http_port => 8080,
prefix => $prefix,
umask => '0002',
service_ensure => stdlib::ensure($profile::ci::manager, 'service'),
service_enable => $service_enable,
service_monitor => $profile::ci::manager,
builds_dir => $builds_dir,
workspaces_dir => $workspaces_dir,
java_home => $java_home,
}
# Templates for Jenkins plugin Email-ext.
file { '/var/lib/jenkins/email-templates':
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
file { '/var/lib/jenkins/email-templates/wikimedia.template':
source => 'puppet:///modules/contint/jenkins-email-template',
mode => '0444',
owner => 'root',
group => 'root',
require => File['/var/lib/jenkins/email-templates'],
}
$jenkins_build_monitor_script = '/usr/local/bin/prometheus-jenkins-build-monitor'
$jenkins_build_monitor_outfile = '/var/lib/prometheus/node.d/jenkins_build_monitor.prom'
prometheus::node_textfile { 'prometheus-jenkins-build-monitor':
ensure => stdlib::ensure($profile::ci::manager),
filesource => 'puppet:///modules/profile/ci/prometheus-jenkins-build-monitor.py',
interval => 'minutely',
run_cmd => join([
$jenkins_build_monitor_script,
"--outfile ${jenkins_build_monitor_outfile}",
], ' '),
user => 'root',
}
if !$profile::ci::manager {
file { $jenkins_build_monitor_outfile:
ensure => absent,
}
}
# allow syncing jenkins data between servers for migration
# but do not automatically do it
rsync::quickdatacopy { 'var-lib-jenkins-contint':
ensure => present,
auto_sync => false,
server_uses_stunnel => true,
delete => true,
source_host => $legacy_host,
dest_host => $new_host,
module_path => '/var/lib/jenkins',
}
# Allow legacy contint machines talk to jenkins, behind envoy,
# on new contint/jenkins machines.
firewall::service { 'jenkins-contint':
proto => 'tcp',
port => 1443,
srange => [$legacy_host],
}
# Ensure firewall rule is applied before trying to start jenkins.
Firewall::Service['jenkins-contint'] -> Service['jenkins']
}
|