master.pp 20.8 KB
Newer Older
1
2
# Manages the Tails Jenkins master.
# Installs extra packages for nice features as well as Jenkins plugins.
intrigeri's avatar
intrigeri committed
3
# If $automatic_iso_jobs_generator is 'present', $jenkins_jobs_repo must be
4
5
6
7
8
9
# set to the URL of a jenkins-jobs git repo where the 'jenkins@jenkins-master'
# SshKey has write access. It depends on $deploy_on_git_push being set to true
# for the pushed configuration to be applied automatically.
# For this to happen, hooks managed in tails::gitolite::hooks::jenkins_jobs
# also need to be installed in the jenkins-jobs repo.

10
class tails::jenkins::master (
intrigeri's avatar
Lint    
intrigeri committed
11
  String $jenkins_jobs_repo,
12
  String $api_token,
13
  String $version                                         = '2.235.1',
14

15
  String $tails_repo                                      = 'https://gitlab.tails.boum.org/tails/tails.git',
16
17
18
19
  Boolean $deploy_jobs_on_git_push                        = true,
  Enum['present', 'absent'] $automatic_iso_jobs_generator = 'present',
  Integer $active_branches_max_age_in_days                = 49,
  String $gitolite_pubkey_name                            = 'gitolite@puppet-git',
20
  String $api_user                                        = 'admin',
21
22
23
24
25
26

  Boolean $manage_mount                                   = false,
  $mount_device                                           = false,
  $mount_fstype                                           = 'ext4',
  $mount_options                                          = 'relatime,user_xattr,acl',

27
  String $monitoring_parent_zone                          = 'Lizard',
28
) {
29

30
31
  ### Sanity checks

intrigeri's avatar
intrigeri committed
32
  if $::operatingsystem != 'Debian' or versioncmp($::operatingsystemmajrelease, '9') < 0 {
33
    fail('This module only supports Debian 9 or newer.')
34
35
  }

36
37
  ### Variables

38
  $mount_point = '/var/lib/jenkins'
39
40
  $ssh_pubkey_name = "jenkins@jenkins-master.${::domain}"

intrigeri's avatar
intrigeri committed
41
42
  ### Resources

Zen Fu's avatar
Zen Fu committed
43
  apt::pin { 'jenkins':
intrigeri's avatar
Lint.    
intrigeri committed
44
45
46
    packages => 'jenkins',
    version  => $version,
    priority => 991,
Zen Fu's avatar
Zen Fu committed
47
48
  }

49
  class { 'jenkins':
50
51
    repo            => true,
    lts             => true,
52
    install_java    => false,
53
    version         => $version,
54
    default_plugins => [],
55
56
57
    require         => [
      Package[$base_packages],
      Apt::Conf['proxy_jenkins_repo'],
Zen Fu's avatar
Zen Fu committed
58
      Apt::Pin['jenkins'],
59
60
61
    ],
  }

62
63
64
65
66
  # Provides the jar command, which is used by Jenkins::Cli/Exec[jenkins-cli]
  package { 'openjdk-8-jdk-headless':
    ensure => installed,
  }

67
68
69
  # apt-cacher-ng does not support HTTPS repositories
  apt::conf { 'proxy_jenkins_repo':
    content  => 'Acquire::HTTP::Proxy::pkg.jenkins.io "DIRECT";',
70
  }
71
72
73
  apt::conf { 'proxy_prodjenkinsreleases_repo':
    content  => 'Acquire::HTTP::Proxy::prodjenkinsreleases.blob.core.windows.net "DIRECT";',
  }
74

75
76
77
78
79
80
81
82
83
84
  apt::pin { 'jenkins-job-builder':
    packages   => [
      'jenkins-job-builder',
      'python3-jenkins-job-builder',
      'python3-jenkins'
    ],
    originator => 'Debian Backports',
    priority   => 991,
  }

85
  $base_packages = [
86
    'git',
intrigeri's avatar
Sort.    
intrigeri committed
87
    'jenkins-job-builder',
88
    'libmockito-java',
intrigeri's avatar
intrigeri committed
89
    'python3-jenkins-job-builder',
intrigeri's avatar
Sort.    
intrigeri committed
90
    'python-pkg-resources',
91
92
93
  ]

  ensure_packages($base_packages)
94

95
96
97
98
99
100
101
  if $manage_mount {
    validate_string($mount_point)
    validate_string($mount_device)
    validate_string($mount_fstype)
    validate_string($mount_options)
    validate_string($monitoring_parent_zone)

intrigeri's avatar
intrigeri committed
102
103
104
    # Needs to be created by hand before applying this, if $manage_mount
    # is true. We cannot manage File[$mount_point] ourselves as this
    # would duplicate the same declaration in jenkins::config.
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
    mount { $mount_point:
      ensure  => mounted,
      device  => $mount_device,
      fstype  => $mount_fstype,
      options => $mount_options,
    }

    Mount[$mount_point] -> Class['jenkins']

    @@::tails::monitoring::service::disk { "jenkins-data-disk@${::fqdn}":
      nodename  => $::fqdn,
      zone      => $::fqdn,
      partition => $mount_point,
      wfree     => '30000',
      cfree     => '20000',
      tag       => $monitoring_parent_zone,
    }
  }

124
125
  include nfs::server

126
127
  Nfs::Export <<| tag == $::fqdn |>>

128
  # lint:ignore:140chars -- SHA512
intrigeri's avatar
Sort.    
intrigeri committed
129
130

  jenkins::plugin { 'apache-httpcomponents-client-4-api':
Zen Fu's avatar
Zen Fu committed
131
132
    version       => '4.5.10-2.0',
    digest_string => '86c85b7dfd07b0cc3c5bbde384e8e867935326a42116ee32bcb83d6b0a999334',
intrigeri's avatar
Sort.    
intrigeri committed
133
134
135
    digest_type   => 'sha256',
  }

136
  jenkins::plugin { 'build-timeout':
137
138
139
140
    version       => '1.19',
    digest_string => 'a92b43adb9c668e3fd0ad307db43c2277cf15ea75c084b5bdc74fb294f80583d',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['token-macro'],
141
  }
142

143
  jenkins::plugin { 'cloudbees-folder':
144
145
    version       => '6.14',
    digest_string => '8b108dd68be1800d502e136dfbdcef123dd2ae35e9026856791fe2bd5875ecf5',
146
147
148
    digest_type   => 'sha256',
  }

149
150
151
152
153
154
  jenkins::plugin { 'cluster-stats':
    version       => '0.4.6',
    digest_string => 'f09b82ccec2afc60c3b9235d804f312c3e5a0a847b4243b1e3546f718f344af1f7a0f26c4d53a02ae360aa6a50a20676910b143011c4eb880daa8ab0bc0fb073',
    digest_type   => 'sha512',
  }

155
156
157
  jenkins::plugin { 'conditional-buildstep':
    version       => '1.3.6',
    digest_string => '4b550bc136fe66bb4eb396605f4036935963327b9c94662f7c441888adb99f77',
Zen Fu's avatar
Zen Fu committed
158
    digest_type   => 'sha256',
159
160
161
162
163
164
165
166
    require       => Jenkins::Plugin[
      'matrix-project',
      'maven-plugin',
      'run-condition',
      'token-macro',
    ],
  }

bertagaz's avatar
bertagaz committed
167
  jenkins::plugin { 'copyartifact':
168
169
170
171
172
173
174
175
    version       => '1.42.1',
    digest_string => 'd7f26e2c17114850668d36c1db0df877c7a26ede519763234f8d5f8dca5de89c',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'apache-httpcomponents-client-4-api',
      'matrix-project',
      'structs',
    ],
bertagaz's avatar
bertagaz committed
176
177
  }

178
  jenkins::plugin { 'credentials':
179
180
    version       => '2.3.11',
    digest_string => 'a50c27b3c506e60519c7976ec5ff0880c0e29685030f31d3e9883bc69eff02e0',
181
182
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
183
184
  }

185
186
187
188
189
190
191
192
193
194
  jenkins::plugin { 'cucumber-reports':
    version       => '4.10.0',
    digest_string => '1218efe4e476019506bb63e812e8ff88dcdd9bcf11b2caac1d3be56bfff929fe',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'structs',
      'token-macro',
    ],
  }

195
  jenkins::plugin { 'cucumber-testresult-plugin':
196
197
198
199
200
201
202
203
    version       => '0.10.1',
    digest_string => '2d2f171a8561ec91a11def39a3f1e75302516f097e86157f5bdd1402f29858bf',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'junit',
      'matrix-project',
      'structs',
    ],
204
205
  }

intrigeri's avatar
Sort.    
intrigeri committed
206
207
208
209
210
211
  jenkins::plugin { 'display-url-api':
    version       => '2.3.2',
    digest_string => 'a4d5f37349930b5dd9a2a5042bd13527b4c2ee316fe49420fe154fa0623a2bb1',
    digest_type   => 'sha256',
  }

212
213
214
215
216
217
  jenkins::plugin { 'downstream-ext':
    version       => '1.8',
    digest_string => '5033490d9b34943488e387d64a3a09cf02a43dced29b0f43e8a68b9d837a1869702f9080831fc80e64e2addebf0553bd5c6a8793b46182ed1535422ca839d27f',
    digest_type   => 'sha512',
  }

Zen Fu's avatar
Zen Fu committed
218
219
220
221
222
223
  jenkins::plugin { 'durable-task':
    version       => '1.30',
    digest_string => '580c22a7218b0f3fcd9a0705bba4b919e08d3e23db478342634d8ed8122bc7ed',
    digest_type   => 'sha256',
  }

224
  jenkins::plugin { 'email-ext':
225
226
227
    version       => '2.66',
    digest_string => '65cac44728f454f89eb60c015a239a9eb765108a8c620e3be935bb22e4e60305',
    digest_type   => 'sha256',
228
    require       => Jenkins::Plugin[
229
230
231
      'junit',
      'mailer',
      'matrix-project',
intrigeri's avatar
intrigeri committed
232
      'script-security',
233
234
      'structs',
      'token-macro',
235
    ],
236
237
  }

238
  jenkins::plugin { 'envinject':
239
240
    version       => '2.3.0',
    digest_string => '161010a696fbe1d74a5e2f846794d79e094fae17e8cfa5ffc78810b822cfbc6e',
241
242
243
244
245
246
247
248
249
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'envinject-api',
      'matrix-project',
      'script-security',
    ],
  }

  jenkins::plugin { 'envinject-api':
250
251
    version       => '1.7',
    digest_string => '0fb5c4d0b0fbc112addedd604a94d94ce5c42dde3cc6b2494bbf706cdb249a9b',
252
    digest_type   => 'sha256',
253
254
  }

bertagaz's avatar
bertagaz committed
255
  jenkins::plugin { 'git':
256
257
    version       => '4.3.0',
    digest_string => 'b85dcef957d7e7a4074b019c36c4e5c4dece1be7cb7af73d641ccf859320e02f',
258
    digest_type   => 'sha256',
259
260
261
    require       => Jenkins::Plugin[
      'credentials',
      'git-client',
262
263
      'mailer',
      'matrix-project',
264
      'scm-api',
265
266
267
268
      'ssh-credentials',
      'structs',
      'workflow-scm-step',
      'workflow-step-api',
bertagaz's avatar
bertagaz committed
269
    ],
270
271
272
  }

  jenkins::plugin { 'git-client':
273
274
    version       => '3.3.0',
    digest_string => 'a60cc8a22b0b3efe42a42ebd9cbe0d2f8d91dd5300bcbcc893e0ce4e424b697c',
275
276
277
278
279
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'apache-httpcomponents-client-4-api',
      'credentials',
      'jsch',
Zen Fu's avatar
Zen Fu committed
280
      'script-security',
281
282
283
      'ssh-credentials',
      'structs',
    ],
284
285
  }

bertagaz's avatar
bertagaz committed
286
  jenkins::plugin { 'global-build-stats':
287
288
289
290
291
292
    version       => '1.5',
    digest_string => '36b1aeecd6f6cd96263baca7143e4e201f93cc4797b814e62527cf58a9fd4b82',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'cloudbees-folder',
    ],
293
294
  }

295
296
297
298
299
300
  jenkins::plugin { 'icon-shim':
    version       => '2.0.3',
    digest_string => 'a83ebce40c28b4bb2474eea3aecfea9c079904b02dee210a70d5ffd7455c437e50ad59b1a9c677a749f9eae84ac702e5d9726a68b63d64ae5c209f5d105418b3',
    digest_type   => 'sha512',
  }

bertagaz's avatar
bertagaz committed
301
  jenkins::plugin { 'javadoc':
302
303
304
    version       => '1.5',
    digest_string => '25514fb702740cbb883fc5c6eeb86177b118517f9b0157f1b2e0c60e8bef1564',
    digest_type   => 'sha256',
305
306
  }

intrigeri's avatar
Sort.    
intrigeri committed
307
  jenkins::plugin { 'jsch':
Zen Fu's avatar
Zen Fu committed
308
309
    version       => '0.1.55.2',
    digest_string => 'cdc74bf8e43eb40ae6ad98ba2f866c8891408038699da9b836518a1d8923fc44',
intrigeri's avatar
Sort.    
intrigeri committed
310
    digest_type   => 'sha256',
Zen Fu's avatar
Zen Fu committed
311
312
313
314
    require       => Jenkins::Plugin[
      'ssh-credentials',
      'trilead-api',
    ],
intrigeri's avatar
Sort.    
intrigeri committed
315
316
317
  }

  jenkins::plugin { 'junit':
318
319
    version       => '1.28',
    digest_string => 'a471c80776b9684c4ee9164ce51e01b9871af664bdfce13b11320020ddc25f33',
intrigeri's avatar
Sort.    
intrigeri committed
320
    digest_type   => 'sha256',
intrigeri's avatar
intrigeri committed
321
322
323
    require       => Jenkins::Plugin[
      'script-security',
      'structs',
324
325
      'workflow-api',
      'workflow-step-api',
intrigeri's avatar
intrigeri committed
326
    ],
intrigeri's avatar
Sort.    
intrigeri committed
327
328
329
  }

  jenkins::plugin { 'mailer':
330
331
    version       => '1.32',
    digest_string => '042862b818c72223f1599ac1b95a81f90c312961649e88a6e639c2af8239e4b7',
intrigeri's avatar
Sort.    
intrigeri committed
332
333
334
335
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['display-url-api'],
  }

bertagaz's avatar
bertagaz committed
336
  jenkins::plugin { 'mapdb-api':
337
338
339
    version       => '1.0.9.0',
    digest_string => '072c11a34cf21f87f9c44bf01b430c5ea77e8096d077e8533de654ef00f3f871',
    digest_type   => 'sha256',
340
341
  }

342
  jenkins::plugin { 'matrix-auth':
343
344
    version       => '2.61',
    digest_string => '5d7dd5ffd60ff691027cbcc17dda63fc2873de2ea2665300f0aa4b2231602f05',
345
346
347
348
349
350
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'cloudbees-folder',
    ],
  }

351
  jenkins::plugin { 'matrix-project':
352
353
    version       => '1.14',
    digest_string => '88d84ef75ea63c3ed826caecb2bc03ed59206fd164288f02bade7ce2685a388a',
354
355
356
357
358
359
360
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'junit',
      'script-security',
    ],
  }

361
  jenkins::plugin { 'maven-plugin':
intrigeri's avatar
Sort.    
intrigeri committed
362
363
364
    version       => '3.4',
    digest_string => 'b554ff3395232ddc78f8bf6dd150e8a0994c32a01e16b661d257c6f95d7b44c3',
    digest_type   => 'sha256',
intrigeri's avatar
intrigeri committed
365
366
367
368
369
370
371
    require       => Jenkins::Plugin[
      'apache-httpcomponents-client-4-api',
      'javadoc',
      'jsch',
      'junit',
      'mailer',
    ],
intrigeri's avatar
Sort.    
intrigeri committed
372
  }
373

374
  jenkins::plugin { 'parameterized-trigger':
375
376
377
378
379
380
381
382
    version       => '2.35.2',
    digest_string => '36228ae6c41cf828cf472deabaeff50f8b4e9b69e742deab38d4a9b9a093fd97',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'conditional-buildstep',
      'matrix-project',
      'script-security',
    ],
383
384
  }

385
  jenkins::plugin { 'postbuildscript':
Zen Fu's avatar
Zen Fu committed
386
387
388
389
    version       => '2.9.0',
    digest_string => '9bd90ecf440ae9f7a2871ae929a8bf309cc078b2f529e4848bb0d0ad66286656',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['matrix-project'],
390
391
  }

bertagaz's avatar
bertagaz committed
392
  jenkins::plugin { 'PrioritySorter':
Zen Fu's avatar
Zen Fu committed
393
394
395
    version       => '3.6.0',
    digest_string => 'a548df16d9a1744c4a5cd2d27c9ed718d14670c346feb916218e2a4960612043',
    digest_type   => 'sha256',
bertagaz's avatar
bertagaz committed
396
397
  }

398
399
400
401
402
403
404
  jenkins::plugin { 'resource-disposer':
    version       => '0.13',
    digest_string => 'f0820b7260b7a22aa0c461d8b76cca2140bc15cbe0003650e4821dc99095bb44',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['token-macro'],
  }

405
406
407
408
409
410
411
412
413
  jenkins::plugin { 'run-condition':
    version       => '1.2',
    digest_string => '1dbfae6b57c4ae0e190354ac273280bba135aaba82c2d8116bd394c4b83d5e5f',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'token-macro',
    ],
  }

bertagaz's avatar
bertagaz committed
414
  jenkins::plugin { 'scm-api':
415
416
417
418
    version       => '2.6.3',
    digest_string => '83262d406862ad55ff90d36020a83f88ebd71e66f49c75c9a5140f43176aba29',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
419
420
421
  }

  jenkins::plugin { 'scm-sync-configuration':
Zen Fu's avatar
Zen Fu committed
422
423
424
425
    version       => '0.0.10',
    digest_string => '84606ed21b72918a5633cf8e438116ab9af3d9010b2651336af92ce8474e0870',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['subversion'],
426
427
  }

bertagaz's avatar
bertagaz committed
428
  jenkins::plugin { 'script-security':
429
430
    version       => '1.74',
    digest_string => '61de31d7aff3c8bac414db9e64e7da7eee0d8a71b80a671a576848a44aa932ad',
431
    digest_type   => 'sha256',
432
433
  }

Zen Fu's avatar
Zen Fu committed
434
435
436
437
438
439
  jenkins::plugin { 'simple-theme-plugin':
    version       => '0.5.1',
    digest_string => 'd823ac7fa1d5861051fc69534f5678c32d10c98a00987a045b0b7836fd733584',
    digest_type   => 'sha256',
  }

bertagaz's avatar
bertagaz committed
440
  jenkins::plugin { 'ssh-credentials':
441
442
    version       => '1.18.1',
    digest_string => '8db908c484737f260cfab6682a42cbeaf390b3b9efd87925375691e45c370492',
443
    digest_type   => 'sha256',
444
445
446
447
    require       => Jenkins::Plugin[
      'credentials',
      'trilead-api',
    ],
448
449
  }

450
451
452
453
454
455
  jenkins::plugin { 'structs':
    version       => '1.20',
    digest_string => '7e7861356a37aa6a727462d7aea716dd9307071252f7349c2726d64a773feb3a',
    digest_type   => 'sha256',
  }

bertagaz's avatar
bertagaz committed
456
  jenkins::plugin { 'subversion':
457
458
    version       => '2.13.1',
    digest_string => 'bc36675699051394d4cd7e663631c3c2bdc4668d4da952d0d9d8cd08a308f63c',
459
460
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
461
462
463
464
465
466
      'credentials',
      'mapdb-api',
      'scm-api',
      'ssh-credentials',
      'structs',
      'workflow-scm-step',
467
    ],
468
469
  }

470
  jenkins::plugin { 'timestamper':
471
472
    version       => '1.11.3',
    digest_string => '8f44dccc653e03f5c87f04ad146e7be998d3b6cf10300ac6c69ef63870f3603b',
Zen Fu's avatar
Zen Fu committed
473
474
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
475
476
      'workflow-api',
      'workflow-step-api',
Zen Fu's avatar
Zen Fu committed
477
    ],
478
479
  }

480
  jenkins::plugin { 'token-macro':
481
482
    version       => '2.12',
    digest_string => '05b650913d8f8f65570bdd5e3f396e0bee88ea067abcd2fd789b81428afcf464',
483
484
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
485
486
  }

487
  jenkins::plugin { 'trilead-api':
488
489
    version       => '1.0.8',
    digest_string => '2560952955a7719cba9068a42bd2bfb97dcad4cf083e8eeaf1a784c909203325',
490
491
492
    digest_type   => 'sha256',
  }

493
  jenkins::plugin { 'workflow-api':
494
495
    version       => '2.40',
    digest_string => 'd704b80b65589b7148b2fad5c5dcc935cb7a154dac835a61755e3ca39321659d',
496
497
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
498
499
500
      'scm-api',
      'structs',
      'workflow-step-api',
501
502
503
    ],
  }

Zen Fu's avatar
Zen Fu committed
504
505
506
507
508
  jenkins::plugin { 'workflow-durable-task-step':
    version       => '2.34',
    digest_string => 'd1a91f9c175e0f1cf17afdf63c264ab8e66e4370ef1d9822243404091d9dc3bf',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
509
510
511
512
513
514
515
      'durable-task',
      'scm-api',
      'script-security',
      'structs',
      'workflow-api',
      'workflow-step-api',
      'workflow-support',
Zen Fu's avatar
Zen Fu committed
516
517
518
    ],
  }

519
  jenkins::plugin { 'workflow-step-api':
520
521
    version       => '2.22',
    digest_string => 'eb9c64a1941d3af320451267e248fe3a0ff9d236e80c3f576f1d3a666d502a33',
522
523
524
525
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
  }

Zen Fu's avatar
Zen Fu committed
526
527
528
529
530
  jenkins::plugin { 'workflow-support':
    version       => '3.3',
    digest_string => '0f2b18d0de9b7c94abc03701e33f660620382dd4fcc83600d6aafcb5888d8f51',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
531
532
533
534
      'scm-api',
      'script-security',
      'workflow-api',
      'workflow-step-api',
Zen Fu's avatar
Zen Fu committed
535
536
537
    ],
  }

538
  jenkins::plugin { 'workflow-scm-step':
539
540
    version       => '2.11',
    digest_string => '7e0b58f22a7579c937f3081c67c249d4ead678e01a954478fdd59b0cbe3a897c',
541
542
543
544
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['workflow-step-api'],
  }

bertagaz's avatar
bertagaz committed
545
  jenkins::plugin { 'ws-cleanup':
Zen Fu's avatar
Zen Fu committed
546
547
548
    version       => '0.37',
    digest_string => '9d74adcc911e1b08c7412c23aa55f6aa6d016f000587d255598ce16754d8a90d',
    digest_type   => 'sha256',
549
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
550
551
      'resource-disposer',
      'workflow-durable-task-step',
552
    ],
553
  }
554
  # lint:endignore
555

556
557
558
559
560
561
562
563
564
565
  ## Uncomment this (or similar) once all this is moved to a proper class,
  ## that inherits jenkins::service and can thus append to its dependencies.
  # Service['jenkins'] {
  #   require +> File_line['jenkins_HTTP_HOST'],
  # }

  file { '/etc/jenkins_jobs/jenkins_jobs.ini':
    owner   => root,
    group   => jenkins,
    mode    => '0640',
566
    content => template('tails/jenkins/orchestrator/jenkins_jobs.ini.erb'),
567
568
569
570
571
572
    require => [
      Package['jenkins'],
      Package['jenkins-job-builder'],
    ],
  }

573
574
575
576
  file { '/etc/jenkins_jobs':
    ensure => directory,
    owner  => root,
    group  => jenkins,
577
    mode   => '0770',
578
579
  }

580
  vcsrepo { '/etc/jenkins_jobs/jobs':
581
    ensure   => present,
582
583
    owner    => jenkins,
    group    => jenkins,
584
585
    user     => jenkins,
    provider => git,
586
    source   => $jenkins_jobs_repo,
587
    require  => [
588
      Sshkeys::Set_client_key_pair[$ssh_pubkey_name],
589
      Package['git'],
590
      File['/etc/jenkins_jobs'],
591
592
593
    ],
  }

594
  if $deploy_jobs_on_git_push {
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
    file { '/var/tmp/jenkins_jobs_test':
      ensure => directory,
      owner  => jenkins,
      group  => jenkins,
      mode   => '0700',
    }

    file { '/usr/local/sbin/deploy_jenkins_jobs':
      ensure  => present,
      source  => 'puppet:///modules/tails/jenkins/master/deploy_jenkins_jobs',
      owner   => root,
      group   => root,
      mode    => '0755',
      require => [
        File['/var/tmp/jenkins_jobs_test'],
610
        Ssh_authorized_key[$gitolite_pubkey_name],
611
612
613
      ],
    }

614
    sshkeys::set_authorized_keys { $gitolite_pubkey_name:
615
      user    => jenkins,
616
      home    => '/var/lib/jenkins',
617
618
      require => Package['jenkins'],
    }
619
620
  }

621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
  file { '/usr/local/bin/clean_old_jenkins_artifacts':
    owner  => root,
    group  => root,
    mode   => '0755',
    source => 'puppet:///modules/tails/jenkins/master/clean_old_jenkins_artifacts',
  }

  file { '/usr/local/bin/clean_old_jenkins_artifacts_wrapper':
    owner   => root,
    group   => root,
    mode    => '0755',
    source  => 'puppet:///modules/tails/jenkins/master/clean_old_jenkins_artifacts_wrapper',
    require => File['/usr/local/bin/clean_old_jenkins_artifacts'],
  }

  cron { 'clean_old_jenkins_artifacts':
637
    command => '/usr/local/bin/clean_old_jenkins_artifacts_wrapper /var/lib/jenkins',
638
639
640
641
642
643
644
    user    => 'jenkins',
    hour    => '23',
    minute  => '50',
    require => [File['/usr/local/bin/clean_old_jenkins_artifacts_wrapper'],
                Package['jenkins']],
  }

645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
  file { '/usr/local/bin/deduplicate_reproducible_build_jobs_upstream_ISOs':
    owner   => root,
    group   => root,
    mode    => '0755',
    source  => 'puppet:///modules/tails/jenkins/master/deduplicate_reproducible_build_jobs_upstream_ISOs',
    require => Package['jenkins'],
  }

  cron { 'deduplicate_reproducible_build_jobs_upstream_ISOs':
    command => '/usr/local/bin/deduplicate_reproducible_build_jobs_upstream_ISOs /var/lib/jenkins/jobs',
    user    => 'jenkins',
    minute  => '*/6',
    require => File['/usr/local/bin/deduplicate_reproducible_build_jobs_upstream_ISOs'],
  }

660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
  file { '/usr/local/bin/manage_latest_iso_symlinks':
    owner   => root,
    group   => root,
    mode    => '0755',
    source  => 'puppet:///modules/tails/jenkins/master/manage_latest_iso_symlinks',
    require => Package['jenkins'],
  }

  cron { 'manage_latest_iso_symlinks':
    command => '/usr/local/bin/manage_latest_iso_symlinks /var/lib/jenkins/jobs',
    user    => 'jenkins',
    minute  => '*/5',
    require => File['/usr/local/bin/manage_latest_iso_symlinks'],
  }

675
676
677
678
  class  { 'tails::jenkins::iso_jobs_generator':
    ensure            => $automatic_iso_jobs_generator,
    tails_repo        => $tails_repo,
    jenkins_jobs_repo => $jenkins_jobs_repo,
679
    active_days       => $active_branches_max_age_in_days,
680
681
682
683
    require           => [
      Class['jenkins'],
      Sshkeys::Set_client_key_pair[$ssh_pubkey_name],
    ],
684
685
  }

686
687
688
689
690
  file { '/var/lib/jenkins/.ssh':
    ensure  => directory,
    owner   => jenkins,
    group   => jenkins,
    mode    => '0700',
691
    require => Class['jenkins'],
692
693
  }

694
695
  sshkeys::set_client_key_pair { $ssh_pubkey_name:
    keyname => $ssh_pubkey_name,
696
697
    user    => 'jenkins',
    home    => '/var/lib/jenkins',
698
    require => File['/var/lib/jenkins/.ssh'],
699
700
  }

701
  postfix::mailalias { 'jenkins':
702
    recipient => 'root',
703
  }
704
}