-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add stagingyum vhost to web01 for Copr staging repositories #1862
Conversation
This would create the vhost but there is the question of how the content gets to the Vhost. In the case of Koji, web01 rsyncs the repositories to it via a special script. In the case of Copr, where we are generating the repositories on a Jenkins node, I do not think that strategy will work. I think we would need to
|
(if anyone wants to see the "special" script, it's this one: https://github.com/theforeman/foreman-infra/blob/master/puppet/modules/web/files/deploy-yumrepo.sh ) I think rsync-over-SSH is the right answer, because we already have infrastructure for that in place (Debian uses that to push the built packages from the builders to web01). See https://github.com/theforeman/foreman-infra/blob/master/puppet/modules/web/manifests/vhost/deb.pp and https://github.com/theforeman/foreman-infra/blob/master/puppet/modules/web/manifests/vhost/stagingdeb.pp |
9856e7f
to
8067cb2
Compare
Let's see if I got the hang of this with this update. I've also opened up a draft for the Jenkins job in order to align the changes necessary to pull this workflow off (theforeman/jenkins-jobs#349). If I understand this correctly, initiating an rsync from Jenkins will actually initiate the This change will require me to create a user via our Foreman? Or just an SSH key? I assume this gets created via some action in Foreman but then will need to be added to Jenkins. |
this is missing something like diff --git puppet/modules/profiles/manifests/web.pp puppet/modules/profiles/manifests/web.pp
index 9383587a..8fa6fa8d 100644
--- puppet/modules/profiles/manifests/web.pp
+++ puppet/modules/profiles/manifests/web.pp
@@ -60,4 +60,9 @@ class profiles::web (
rsync_max_connections => $rsync_max_connections,
}
contain web::vhost::yum
+
+ class { 'web::vhost::stagingyum':
+ stable => $stable,
+ }
+ contain web::vhost::stagingyum
} to actually load that class |
overall, this is working (tested by a
and then doing an |
|
||
secure_ssh::receiver_setup { $user: | ||
user => $user, | ||
foreman_search => '(name = external_ip4 or name = external_ip6)', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably still good to limit this to Jenkins nodes instead of all machines. You can probably limit it to host ~ node*.jenkins.*.theforeman.org
. You can test it out in Foreman since it's just going a search on fact_values
.
Though I do worry about pagination:
$ip_data = foreman::foreman('fact_values', $foreman_search, '20', lookup('foreman_url'), $api_user, $api_pass) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is only 11 nodes, so I think we are OK and this search works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If all have both IPv4 and IPv6 then 11 * 2 = 22, so we'd miss 2 IPs. Today we're OK because not all nodes are dual stack.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. And this current definition keeps it in line with the yum vhost as well:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is correct now.
|
||
secure_ssh::rsync::uploader_key { 'yumstage': | ||
user => $user, | ||
dir => "${workspace}/staging_key", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One thing to note: for other things I've also taken the approach of manually adding this key to Jenkins as a real secret and then use the Jenkins built in functionality. Perhaps worth considering here too.
I seem to be getting permission denied from Jenkins to web01:
|
No description provided.