class ci_server::debian inherits ci_server { # ============================== qtqa setup in jenkins homedir ====================== file { "/var/lib/jenkins/.profile": ensure => present, source => "puppet:///modules/ci_server/dot.profile", require => Package["jenkins", "liblocal-lib-perl"], owner => "jenkins", group => "nogroup", } # all packages needed for qtqa repo setup. # most of these are to support a working homedir CPAN setup # (able to compile and install XS modules) $qtqa_packages = [ "git", "libwww-perl", "liblocal-lib-perl", "libc6-dev", "libexpat1-dev", "make" ] package { $qtqa_packages: ensure => installed; } exec { "clone qtqa into jenkins homedir": command => "/bin/su -c \" \ \ rm -rf qtqa.cloning && \ git clone git://code.qt.io/qt/qtqa qtqa.cloning && \ mv -v qtqa.cloning qtqa && \ eval \$(perl -Mlocal::lib) && \ qtqa/scripts/setup.pl --install \ \ \" - jenkins", require => Package[ $qtqa_packages, "jenkins" # jenkins package creates jenkins user ], timeout => 360, # allow 1 hour for installation (can be slow) creates => "/var/lib/jenkins/qtqa/scripts/setup.pl", logoutput => true, } cron { "update qtqa": command => "( \ source \$HOME/.profile && \ cd qtqa && \ git fetch --quiet origin && \ git reset --quiet --hard origin/master && \ git clean -dqffx . \ ) 2>&1 | logger -t jenkins-qtqa-update", user => "jenkins", hour => "*/2", minute => "20", require => Exec["clone qtqa into jenkins homedir"], } # ======================== 'reliable' versions of git, scp ========================= $reliable = "/var/lib/jenkins/qtqa/scripts/generic/reliable.pl" $reliable_bin = "/var/lib/jenkins/reliable-bin" file { $reliable_bin: ensure => directory, mode => 0755, owner => "jenkins", group => "nogroup", ; # currently we don't deploy a reliable ssh because we'll want to run some ssh # commands which read from STDIN and we don't have a decent way to automatically # retry those ["$reliable_bin/git", "$reliable_bin/scp"]: ensure => link, target => $reliable, owner => "jenkins", group => "nogroup", require => [ File[$reliable_bin], Exec["clone qtqa into jenkins homedir"], ], ; } # ======================= ssh setup ================================================ Sshkey { type => "ssh-rsa" } sshkey { "[codereview.qt-project.org]:29418": key => "AAAAB3NzaC1yc2EAAAADAQABAAAAgQCvXdApmCFiAyXDiYU5+z6762Qv8+vrmM3+9YrxDKByyphaxblLJC9txPv3D/w7rzSyiMMHL/5ssCemwz+6QBqnemFl4B+FNv81fpZFsqCg5afrTi62WFllGWIQAiYb2JZmkmSAbxm+sAxLE1ritp+Syxz8Gb8WR27G/3TSHerdBQ==", } sshkey { "[dev-codereview.qt-project.org]:29418": key => "AAAAB3NzaC1yc2EAAAADAQABAAAAgQDSl0SfLVrmQf5lxz8/Xo5IYa8DSymJkc8lNDQx0ZHySzveR5RxLtAqhxKN8HXYyz22xImOkr9Lu8tt4OKx7+SsN/LXV9zARdK9enJk7pEatmD/9GhwhhgKLtCKGuGrSxiTvDyesg6TVL59pdyXom+E8lU/fOhf2Qv6+8+Ow7EGow==", } sshkey { "testresults.qt.io": key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDE6+70RZyZdK4nUwXb5O/IYZjNpHC8OKp7+3NCMqKYIFxzyDrb8BgPu5utqcolJ6rPYppE+PD4ZBKkA4+sebGyJD54kszj9emhpNDB7say1kd7Xdwy2hEjUawdcTkKxVkGXDQQQULCL0tvBPthmj8doWbFarmpxfnpTvwQdaj2aRK1Get2g2CTnmoNGnH4KoSVoa7/Ge+nkCN+Ub8Qfk/UboBRGdSAqSYAuPz/x+bfpNz0spKL2VY2f/Yg3IxjQBTB/Z4Jpj3Hi+ckj4DUiYj7lDnYEw/IsMyU5p0VZzy22ZV7cIkfkeOuYOyvSLLoyXHJrZKte5wuddMtBvnyFqGx", } # make sure ssh_known_hosts is world-readable file { "/etc/ssh/ssh_known_hosts": mode => 0644, } file { "/var/lib/jenkins/.ssh": ensure => directory, mode => 0755, owner => "jenkins", group => "nogroup", require => Package["jenkins"], ; "/var/lib/jenkins/.ssh/config": ensure => present, source => "puppet:///modules/ci_server/ssh_config", mode => 0644, owner => "jenkins", group => "nogroup", require => File["/var/lib/jenkins/.ssh"], ; } # generate a warning each time we are run until this key is set up. $pubkey = 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCx2Xb8YE0AMFF/BEODFQgxVZmJdR5rTukX5PwDweJLik3YUCl9Ja6DMgBCSjuJWSPNlFnJoAUQXE2J/zOcp0RK9n1m1nVcraw5kuHDrnocuL6e+e9OHyBaYMoBFo7VYZgg/pBEuwL1Spn+KYFP60gbZm5aQw81t/jcwrVn60YtbGypsNzLd97knY7eamBEhId9B4CVF79/deUa+SoNiZ46hO7mNtXmTiJBPc4ilsm3Fy99sO5VSY/wJTsiltRWaWxnJrS2Ww29VfPzJksAo4c5S6gBnOLPIs/TLMwYSCEbUnwn/NPE3WGG/psvhy0X1Y/Acjtl/inxhoOVIF1yt+2J' exec { "warn about jenkins ssh key": command => "/bin/echo 'WARNING: manual installation of Jenkins ssh key is required, matching public key: $pubkey'", logoutput => true, require => File["/var/lib/jenkins/.ssh"], unless => "/bin/grep -q -F '$pubkey' /var/lib/jenkins/.ssh/id_rsa.pub", } # ================================= git setup ====================================== Git::Config { require => Package["git","jenkins"], file => "/var/lib/jenkins/.gitconfig", } git::config { "jenkins user.name": key => "user.name", content => "Qt Project Jenkins", user => "jenkins", } git::config { "jenkins user.email": key => "user.email", content => "jenkins@qt-project.org", user => "jenkins", } git::object_cache { "jenkins git object cache": cache_path => "/var/lib/jenkins/git-objects", git_path => [ # default workspace path "/var/lib/jenkins/jobs/*/workspace", # custom shorter workspace path used by some jobs "/var/lib/jenkins/ci/*", "/var/lib/jenkins/ci/*/*", # other repos, not created by jenkins "/var/lib/jenkins/qtqa", ], require => Package["jenkins"], # jenkins package creates jenkins user owner => "jenkins", group => "nogroup", } # ================================= gerrit -> jenkins integrator ============ # environment; warnings and worse go to syslog $env = "/usr/bin/env PERL_ANYEVENT_VERBOSE=5 PERL_ANYEVENT_LOG=log=syslog" # start-stop-daemon base cmd (for /usr/bin/perl) $start_stop_daemon_perl = "start-stop-daemon --chuid jenkins:nogroup --background --user jenkins --exec /usr/bin/perl --make-pidfile --startas /bin/sh" # script cmd $sh_args = "exec perl /var/lib/jenkins/qtqa/scripts/jenkins/qt-jenkins-integrator.pl --config /var/lib/jenkins/ci.cfg" # pid file base $pidfile = "/var/run/qt-jenkins-integrator.pid" exec { "qt-jenkins-integrator": command => "$env $start_stop_daemon_perl --pidfile $pidfile --start -- -l -c '$sh_args'", onlyif => "$env $start_stop_daemon_perl --pidfile $pidfile --test --start", require => Cron["update qtqa"], } # ============================= port forward for remote API ======================== # start-stop-daemon base cmd (for /usr/bin/ssh) $start_stop_daemon_ssh = "start-stop-daemon --chuid jenkins:nogroup --background --user jenkins --exec /usr/bin/ssh --make-pidfile --startas /bin/sh" # ssh base cmd (user@hostname omitted) $sh_args_ssh = "exec ssh -oServerAliveInterval=30 -R 7181:127.0.0.1:7181 -N" # pid file base $pidfile_base_ssh = "/var/run/ssh-qt-ci-remote-api" exec { "ssh fwd for testresults remote API": command => "$env $start_stop_daemon_ssh --pidfile $pidfile_base_ssh-testresults.pid --start -- -l -c '$sh_args_ssh qtintegration@testresults.qt.io'", onlyif => "$env $start_stop_daemon_ssh --pidfile $pidfile_base_ssh-testresults.pid --test --start", } }