-
Notifications
You must be signed in to change notification settings - Fork 567
/
Copy pathinit.pp
463 lines (444 loc) · 14.3 KB
/
init.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
#
# This class manages the [Jenkins CI/CD service](https://jenkins.io/index.html).
#
# Note that if different jenkins listening port(s) are configured via
# ``jenkins::port`` and ``jenkins::config_hash`` resource, "bad things" are
# likely to happen. This is a known implementation problem with this module
# that can not be fixed without breaking backwards compatibility.
#
# @param version
# package to install
#
# * ``installed`` (Default)
# do NOT update jenkins to the most recent version.
# * ``latest``
# automatically update the version of jenkins to the current version
# available via your package manager.
#
# @param lts
# use the upstream jenkins "Long Term Support" repos
#
# * ``false``
# Use the most up to date version of jenkins
# * ``true`` (Default)
# Use LTS version of jenkins
#
# @param repo
# configure upstream jenkins package repos
#
# ``false`` means do NOT configure the upstream jenkins package repo. This
# means you'll manage a repo manually outside this module. This can also be
# your distribution's repo.
#
# @param package_name
# Optionally override the package name
#
# @param direct_download
# URL to jenkins package
#
# Ignore repository based package installation and download the package
# directly. Leave as `undef` (the default) to download using your OS package
# manager
#
# @param package_cache_dir
# Directory in which to store a ``direct_download`` package
#
# @param package_provider
# Override the ``package`` resource provider
#
# This *only has effect* when using ``direct_download``.
#
# @param manage_service
# Enable management of ``Service[jenkins]`` resource
#
# When setting to ``false`` please ensure something else defines
# ``Service[jenkins]`` in order for some module functionality (e.g.
# ``jenkins::cli``) to work properly
#
# @param service_enable
# Enable (or not) the jenkins service
#
# @param service_ensure
# Status of the jenkins service
#
# * ``running`` (default)
# * ``stopped``
#
# @param service_override
# Override the jenkins service configuration
#
# @param service_provider
# Override ``Service[jenkins]`` resource provider
#
# Setting this to ``undef`` on platforms with ``systemd`` will force the
# usage of package provider sysv init scripts.
#
# @param config_hash
# options to set in sysconfig/jenkins defaults/jenkins
#
# (see jenkins::sysconf)
#
# @example Bulk sysconf
# class{ 'jenkins':
# config_hash => {
# 'JENKINS_PORT' => { 'value' => '9090' },
# }
# }
#
# @param plugin_hash
# plugins to install
#
# (see jenkins::plugin)
#
# @example Bulk plugin installation (code)
# class{ 'jenkins::plugins':
# plugin_hash => {
# 'git' => { version => '1.1.1' },
# 'parameterized-trigger' => {},
# 'multiple-scms' => {},
# 'git-client' => {},
# 'token-macro' => {},
# }
# }
#
# @example Bulk plugin installation (hiera)
# jenkins::plugin_hash:
# git:
# version: '1.1.1'
# parameterized-trigger: {}
# multiple-scms: {}
# git-client: {}
# token-macro: {}
#
# @param job_hash
# jobs to install
#
# (see jenkins::job)
#
# @param user_hash
# jenkins users to create
#
# @example Bulk user creation (code)
# class{ 'jenkins':
# user_hash => {
# 'user1' => {
# 'password' => 'pass1',
# 'email' => 'user1@example.com',
# }
# }
# }
#
# @example Bulk user creation (hiera)
# jenkins::user_hash:
# user:
# password: 'pass1'
# email: 'user1@example.com'
#
# @param configure_firewall
# For folks that want to manage the puppetlabs firewall module.
#
# * If it's not present in the catalog, nothing happens.
# * If it is, you need to explicitly set this true / false.
# * We didn't want you to have a service opened automatically, or
# unreachable inexplicably.
# * This default changed in v1.0 to be undef.
#
# @param install_java
# use the ``puppetlabs-java`` module to install a JDK
#
# Jenkins requires a JRE. Setting this to ``false`` means that you are
# response for managing a JDK outside of this module.
#
# @param repo_proxy
# proxy to download packages
#
# This parameter is only relevant for ``yum`` repos managed by this module.
#
# @param proxy_host
# proxy hostname for plugin installation via this module and the UpdateCenter
#
# @param proxy_port
# proxy port for plugin installation via this module and the UpdateCenter
#
# @param no_proxy_list
# List of hostname patterns to skip using the proxy.
#
# * Only effective if "proxy_host" and "proxy_port" are set.
# * Only applies to plugins installed via the UpdateCenter
#
# @param cli
# install ``jenkins-cli.jar`` CLI utility
#
# * force installation of the jenkins CLI jar to
# ``$libdir/jenkins-cli.jar``
# * the cli is automatically installed when needed by components that use it,
# such as the user and credentials types, and the security class
#
# @param cli_ssh_keyfile
# Provides the location of an ssh private key file to make authenticated
# connections to the Jenkins CLI.
#
# @param cli_username
# Provides the username for authenticating to Jenkins via username and
# password.
#
# @param cli_password
# Provides the password for authenticating to Jenkins via username and
# password. Needed if cli_username is specified.
#
# @param cli_password_file
# Provides the password file for authenticating to Jenkins via username and
# password. Needed if cli_username is specified and cli_password is undefined.
#
# @param cli_tries
# Retries until giving up talking to jenkins API
#
# @param cli_try_sleep
# Seconds between tries to contact jenkins API
#
# @param port
# Jenkins listening HTTP port
#
# Note that this value is used for CLI communication and firewall
# configuration. It does not configure the port on which the jenkins service
# listens. (see config_hash)
#
# @param libdir
# Path to jenkins core files
#
# @param manage_datadirs
# manage the local state dir, plugins dir and jobs dir
#
# @param localstatedir
# base path, in the ``autoconf`` sense, for jenkins local data including jobs
# and plugins
#
# @param executors
# number of executors on the Jenkins master
#
# @param slaveagentport
# jenkins slave agent
#
# @param manage_user
# manage the system jenkins user
#
# @param user
# system user that owns the jenkins master's files
#
# @param manage_group
# manage the system jenkins group
#
# @param group
# system group that owns the jenkins master's files
#
# @param default_plugins
# List of default plugins installed by this module
#
# The the ``credentials`` plugin is required for this module to properly
# function. No version is specified. Set to ``[]`` if you want to explicitly
# manage all plugins version
#
# @param default_plugins_host
# Provide a way to override plugins host for all plugins
#
# @example Manage version of ``credentials`` plugin (hiera)
# jenkins::default_plugins: []
# jenkins::plugin_hash:
# credentials:
# version: 2.1.5
# digest_string: 7db002e7b053f863e2ce96fb58abb98a9c01b09c
# digest_type: sha1
#
# @param purge_plugins
# Purge *all* plugins not explicitly managed by this module
#
# This will result in plugins manually installed via the UpdateCenter being
# removed. Only enable this option if you want to manage all plugins (and
# plugin dependencies) explicitly.
#
# @example Explicitly manage *all* plugins (hiera)
# jenkins::default_plugins: []
# jenkins::purge_plugins: true
# jenkins::plugin_hash:
# credentials:
# version: '2.1.10'
# support-core:
# version: '2.38'
# # support-core deps
# metrics:
# version: '3.1.2.9'
# jackson2-api:
# version: '2.7.3'
# bouncycastle-api:
# version: '2.16.0'
# # /support-core deps
#
class jenkins (
String $version = 'installed',
Boolean $lts = true,
Boolean $repo = $jenkins::params::repo,
String $package_name = 'jenkins',
Optional[String] $direct_download = undef,
Stdlib::Absolutepath $package_cache_dir = '/var/cache/jenkins_pkgs',
Optional[String] $package_provider = $jenkins::params::package_provider,
Boolean $manage_service = true,
Boolean $service_enable = true,
Enum['running', 'stopped'] $service_ensure = 'running',
Hash[String[1], String] $service_override = {},
Optional[String] $service_provider = undef,
Hash $config_hash = {},
Hash $plugin_hash = {},
Hash $job_hash = {},
Hash $user_hash = {},
Boolean $configure_firewall = false,
Boolean $install_java = true,
Optional[String] $repo_proxy = undef,
Optional[String] $proxy_host = undef,
Optional[Integer] $proxy_port = undef,
Optional[Array] $no_proxy_list = undef,
Boolean $cli = true,
Optional[Stdlib::Absolutepath] $cli_ssh_keyfile = undef,
Optional[String] $cli_username = undef,
Optional[String] $cli_password = undef,
Optional[String] $cli_password_file = undef,
Integer $cli_tries = 10,
Integer $cli_try_sleep = 10,
Integer $port = 8080,
Stdlib::Absolutepath $libdir = '/usr/share/java',
Boolean $manage_datadirs = true,
Stdlib::Absolutepath $localstatedir = '/var/lib/jenkins',
Optional[Integer] $executors = undef,
Optional[Integer] $slaveagentport = undef,
Boolean $manage_user = true,
String $user = 'jenkins',
Boolean $manage_group = true,
String $group = 'jenkins',
Array $default_plugins = $jenkins::params::default_plugins,
String $default_plugins_host = 'https://updates.jenkins.io',
Boolean $purge_plugins = false,
) inherits jenkins::params {
if $purge_plugins and ! $manage_datadirs {
warning('jenkins::purge_plugins has no effect unless jenkins::manage_datadirs is true')
}
# Construct the cli auth argument used in cli and cli_helper
if $cli_ssh_keyfile {
# SSH key auth
if empty($cli_username) {
fail('ERROR: Latest remoting free CLI (see https://issues.jenkins-ci.org/browse/JENKINS-41745) needs username for SSH Access (\$jenkins::cli_username)')
}
$_cli_auth_arg = "-i '${cli_ssh_keyfile}' -ssh -user '${cli_username}'"
} elsif !empty($cli_username) {
# Username / Password auth (needed for AD and other Auth Realms)
if !empty($cli_password) {
$_cli_auth_arg = "-auth '${cli_username}:${cli_password}'"
} elsif !empty($cli_password_file) {
$_cli_auth_arg = "-auth '@${cli_password_file}'"
} else {
fail('ERROR: Need cli_password or cli_password_file if cli_username is specified')
}
} else {
# default = no auth
$_cli_auth_arg = undef
}
$plugin_dir = "${localstatedir}/plugins"
$job_dir = "${localstatedir}/jobs"
# lint:ignore:anchor_resource
anchor { 'jenkins::begin': }
anchor { 'jenkins::end': }
# lint:endignore
if $install_java {
include java
}
if $direct_download {
$repo_ = false
$jenkins_package_class = 'jenkins::direct_download'
} else {
$jenkins_package_class = 'jenkins::package'
if $repo {
$repo_ = true
include jenkins::repo
} else {
$repo_ = false
}
}
include $jenkins_package_class
include jenkins::user_setup
include jenkins::config
include jenkins::plugins
include jenkins::jobs
include jenkins::users
include jenkins::proxy
if $manage_service {
include jenkins::service
if empty($default_plugins) {
notice(sprintf('INFO: make sure you install the following plugins with your code using this module: %s',join($jenkins::params::default_plugins,','))) # lint:ignore:140chars
}
# puppet/jenkins used to implement systemd but Jenkins 2.332 moved to
# systemd and implements this natively. Clean up the old implementation.
$old_libdir = $facts['os']['family'] ? {
'Archlinux' => '/usr/share/java/jenkins/',
'Debian' => '/usr/share/jenkins',
default => '/usr/lib/jenkins',
}
file { "${old_libdir}/jenkins-run":
ensure => absent,
}
file { '/etc/systemd/system/jenkins.service':
ensure => absent,
notify => Service['jenkins'],
}
}
if defined('::firewall') and $configure_firewall {
include jenkins::firewall
}
if $cli {
include jenkins::cli
include jenkins::cli_helper
}
if $executors {
jenkins::cli::exec { 'set_num_executors':
command => ['set_num_executors', $executors],
unless => "[ \$(\$HELPER_CMD get_num_executors) -eq ${executors} ]",
}
Class['jenkins::cli']
-> Jenkins::Cli::Exec['set_num_executors']
-> Class['jenkins::jobs']
}
if ($slaveagentport != undef) {
jenkins::cli::exec { 'set_slaveagent_port':
command => ['set_slaveagent_port', $slaveagentport],
unless => "[ \$(\$HELPER_CMD get_slaveagent_port) -eq ${slaveagentport} ]",
}
Class['jenkins::cli']
-> Jenkins::Cli::Exec['set_slaveagent_port']
-> Class['jenkins::jobs']
}
if $manage_service {
Anchor['jenkins::begin']
-> Class['jenkins::user_setup']
-> Class[$jenkins_package_class]
-> Class['jenkins::config']
-> Class['jenkins::plugins']
~> Class['jenkins::service']
-> Class['jenkins::jobs']
-> Anchor['jenkins::end']
}
if $install_java {
Anchor['jenkins::begin']
-> Class['java']
-> Class[$jenkins_package_class]
-> Anchor['jenkins::end']
}
if $repo_ {
Anchor['jenkins::begin']
-> Class['jenkins::repo']
-> Class['jenkins::package']
-> Anchor['jenkins::end']
}
if ($configure_firewall and $manage_service) {
Class['jenkins::service']
-> Class['jenkins::firewall']
-> Anchor['jenkins::end']
}
}
# vim: ts=2 et sw=2 autoindent