Add stagingyum vhost to web01 for Copr staging repositories #1862
Conversation
|
This would create the vhost but there is the question of how the content gets to the Vhost. In the case of Koji, web01 rsyncs the repositories to it via a special script. In the case of Copr, where we are generating the repositories on a Jenkins node, I do not think that strategy will work. I think we would need to
|
(if anyone wants to see the "special" script, it's this one: https://github.com/theforeman/foreman-infra/blob/master/puppet/modules/web/files/deploy-yumrepo.sh ) I think rsync-over-SSH is the right answer, because we already have infrastructure for that in place (Debian uses that to push the built packages from the builders to web01). See https://github.com/theforeman/foreman-infra/blob/master/puppet/modules/web/manifests/vhost/deb.pp and https://github.com/theforeman/foreman-infra/blob/master/puppet/modules/web/manifests/vhost/stagingdeb.pp |
ehelms
force-pushed
the
add-stagingyum
branch
3 times, most recently
from
9856e7f
to
8067cb2
Compare
|
Let's see if I got the hang of this with this update. I've also opened up a draft for the Jenkins job in order to align the changes necessary to pull this workflow off (theforeman/jenkins-jobs#349). If I understand this correctly, initiating an rsync from Jenkins will actually initiate the This change will require me to create a user via our Foreman? Or just an SSH key? I assume this gets created via some action in Foreman but then will need to be added to Jenkins. |
|
this is missing something like diff --git puppet/modules/profiles/manifests/web.pp puppet/modules/profiles/manifests/web.pp
index 9383587a..8fa6fa8d 100644
--- puppet/modules/profiles/manifests/web.pp
+++ puppet/modules/profiles/manifests/web.pp
@@ -60,4 +60,9 @@ class profiles::web (
rsync_max_connections => $rsync_max_connections,
}
contain web::vhost::yum
+
+ class { 'web::vhost::stagingyum':
+ stable => $stable,
+ }
+ contain web::vhost::stagingyum
}to actually load that class |
|
overall, this is working (tested by a and then doing an |
|
|
||
| secure_ssh::receiver_setup { $user: | ||
| user => $user, | ||
| foreman_search => '(name = external_ip4 or name = external_ip6)', |
There was a problem hiding this comment.
Probably still good to limit this to Jenkins nodes instead of all machines. You can probably limit it to host ~ node*.jenkins.*.theforeman.org. You can test it out in Foreman since it's just going a search on fact_values.
Though I do worry about pagination:
There was a problem hiding this comment.
There is only 11 nodes, so I think we are OK and this search works.
There was a problem hiding this comment.
If all have both IPv4 and IPv6 then 11 * 2 = 22, so we'd miss 2 IPs. Today we're OK because not all nodes are dual stack.
There was a problem hiding this comment.
Agreed. And this current definition keeps it in line with the yum vhost as well:
|
|
||
| secure_ssh::rsync::uploader_key { 'yumstage': | ||
| user => $user, | ||
| dir => "${workspace}/staging_key", |
There was a problem hiding this comment.
One thing to note: for other things I've also taken the approach of manually adding this key to Jenkins as a real secret and then use the Jenkins built in functionality. Perhaps worth considering here too.
|
I seem to be getting permission denied from Jenkins to web01: |
No description provided.