master.pp 20.7 KB
Newer Older
1
2
# Manages the Tails Jenkins master.
# Installs extra packages for nice features as well as Jenkins plugins.
intrigeri's avatar
intrigeri committed
3
# If $automatic_iso_jobs_generator is 'present', $jenkins_jobs_repo must be
4
5
6
7
8
9
# set to the URL of a jenkins-jobs git repo where the 'jenkins@jenkins-master'
# SshKey has write access. It depends on $deploy_on_git_push being set to true
# for the pushed configuration to be applied automatically.
# For this to happen, hooks managed in tails::gitolite::hooks::jenkins_jobs
# also need to be installed in the jenkins-jobs repo.

10
class tails::jenkins::master (
intrigeri's avatar
Lint    
intrigeri committed
11
  String $jenkins_jobs_repo,
12
  String $version                                         = '2.222.1',
13

14
15
16
17
18
  String $tails_repo                                      = 'https://git-tails.immerda.ch/tails',
  Boolean $deploy_jobs_on_git_push                        = true,
  Enum['present', 'absent'] $automatic_iso_jobs_generator = 'present',
  Integer $active_branches_max_age_in_days                = 49,
  String $gitolite_pubkey_name                            = 'gitolite@puppet-git',
19
20
21
22
23
24

  Boolean $manage_mount                                   = false,
  $mount_device                                           = false,
  $mount_fstype                                           = 'ext4',
  $mount_options                                          = 'relatime,user_xattr,acl',

25
  String $monitoring_parent_zone                          = 'Lizard',
26
) {
27

28
29
  ### Sanity checks

intrigeri's avatar
intrigeri committed
30
  if $::operatingsystem != 'Debian' or versioncmp($::operatingsystemmajrelease, '9') < 0 {
31
    fail('This module only supports Debian 9 or newer.')
32
33
  }

34
35
  ### Variables

36
  $mount_point = '/var/lib/jenkins'
37
38
  $ssh_pubkey_name = "jenkins@jenkins-master.${::domain}"

intrigeri's avatar
intrigeri committed
39
40
  ### Resources

Zen Fu's avatar
Zen Fu committed
41
  apt::pin { 'jenkins':
intrigeri's avatar
Lint.    
intrigeri committed
42
43
44
    packages => 'jenkins',
    version  => $version,
    priority => 991,
Zen Fu's avatar
Zen Fu committed
45
46
  }

47
  class { 'jenkins':
48
49
    repo            => true,
    lts             => true,
50
    install_java    => false,
51
    version         => $version,
52
    default_plugins => [],
53
54
55
    require         => [
      Package[$base_packages],
      Apt::Conf['proxy_jenkins_repo'],
Zen Fu's avatar
Zen Fu committed
56
      Apt::Pin['jenkins'],
57
58
59
    ],
  }

60
61
62
63
64
  # Provides the jar command, which is used by Jenkins::Cli/Exec[jenkins-cli]
  package { 'openjdk-8-jdk-headless':
    ensure => installed,
  }

65
66
67
  # apt-cacher-ng does not support HTTPS repositories
  apt::conf { 'proxy_jenkins_repo':
    content  => 'Acquire::HTTP::Proxy::pkg.jenkins.io "DIRECT";',
68
  }
69
70
71
  apt::conf { 'proxy_prodjenkinsreleases_repo':
    content  => 'Acquire::HTTP::Proxy::prodjenkinsreleases.blob.core.windows.net "DIRECT";',
  }
72

73
74
75
76
77
78
79
80
81
82
  apt::pin { 'jenkins-job-builder':
    packages   => [
      'jenkins-job-builder',
      'python3-jenkins-job-builder',
      'python3-jenkins'
    ],
    originator => 'Debian Backports',
    priority   => 991,
  }

83
  $base_packages = [
84
    'git',
intrigeri's avatar
Sort.    
intrigeri committed
85
    'jenkins-job-builder',
86
    'libmockito-java',
intrigeri's avatar
intrigeri committed
87
    'python3-jenkins-job-builder',
intrigeri's avatar
Sort.    
intrigeri committed
88
    'python-pkg-resources',
89
90
91
  ]

  ensure_packages($base_packages)
92

93
94
95
96
97
98
99
  if $manage_mount {
    validate_string($mount_point)
    validate_string($mount_device)
    validate_string($mount_fstype)
    validate_string($mount_options)
    validate_string($monitoring_parent_zone)

intrigeri's avatar
intrigeri committed
100
101
102
    # Needs to be created by hand before applying this, if $manage_mount
    # is true. We cannot manage File[$mount_point] ourselves as this
    # would duplicate the same declaration in jenkins::config.
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
    mount { $mount_point:
      ensure  => mounted,
      device  => $mount_device,
      fstype  => $mount_fstype,
      options => $mount_options,
    }

    Mount[$mount_point] -> Class['jenkins']

    @@::tails::monitoring::service::disk { "jenkins-data-disk@${::fqdn}":
      nodename  => $::fqdn,
      zone      => $::fqdn,
      partition => $mount_point,
      wfree     => '30000',
      cfree     => '20000',
      tag       => $monitoring_parent_zone,
    }
  }

122
123
  include nfs::server

124
125
  Nfs::Export <<| tag == $::fqdn |>>

126
  # lint:ignore:140chars -- SHA512
intrigeri's avatar
Sort.    
intrigeri committed
127
128

  jenkins::plugin { 'apache-httpcomponents-client-4-api':
Zen Fu's avatar
Zen Fu committed
129
130
    version       => '4.5.10-2.0',
    digest_string => '86c85b7dfd07b0cc3c5bbde384e8e867935326a42116ee32bcb83d6b0a999334',
intrigeri's avatar
Sort.    
intrigeri committed
131
132
133
    digest_type   => 'sha256',
  }

134
  jenkins::plugin { 'build-timeout':
135
136
137
138
    version       => '1.19',
    digest_string => 'a92b43adb9c668e3fd0ad307db43c2277cf15ea75c084b5bdc74fb294f80583d',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['token-macro'],
139
  }
140

141
  jenkins::plugin { 'cloudbees-folder':
142
143
    version       => '6.11.1',
    digest_string => 'c4926534a20dac0076046abbd98d5f4af0b4b7ba3af71266219d96f794a43e50',
144
145
146
    digest_type   => 'sha256',
  }

147
148
149
150
151
152
  jenkins::plugin { 'cluster-stats':
    version       => '0.4.6',
    digest_string => 'f09b82ccec2afc60c3b9235d804f312c3e5a0a847b4243b1e3546f718f344af1f7a0f26c4d53a02ae360aa6a50a20676910b143011c4eb880daa8ab0bc0fb073',
    digest_type   => 'sha512',
  }

153
154
155
  jenkins::plugin { 'conditional-buildstep':
    version       => '1.3.6',
    digest_string => '4b550bc136fe66bb4eb396605f4036935963327b9c94662f7c441888adb99f77',
Zen Fu's avatar
Zen Fu committed
156
    digest_type   => 'sha256',
157
158
159
160
161
162
163
164
    require       => Jenkins::Plugin[
      'matrix-project',
      'maven-plugin',
      'run-condition',
      'token-macro',
    ],
  }

bertagaz's avatar
bertagaz committed
165
  jenkins::plugin { 'copyartifact':
166
167
168
169
170
171
172
173
    version       => '1.42.1',
    digest_string => 'd7f26e2c17114850668d36c1db0df877c7a26ede519763234f8d5f8dca5de89c',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'apache-httpcomponents-client-4-api',
      'matrix-project',
      'structs',
    ],
bertagaz's avatar
bertagaz committed
174
175
  }

176
  jenkins::plugin { 'credentials':
177
178
    version       => '2.3.5',
    digest_string => 'b60548f1c7cc73f9a4f13cf13fbcb351e2945e1b9d1e6a30e6a3b29be0af3b94',
179
180
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
181
182
  }

183
184
185
186
187
188
189
190
191
192
  jenkins::plugin { 'cucumber-reports':
    version       => '4.10.0',
    digest_string => '1218efe4e476019506bb63e812e8ff88dcdd9bcf11b2caac1d3be56bfff929fe',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'structs',
      'token-macro',
    ],
  }

193
  jenkins::plugin { 'cucumber-testresult-plugin':
194
195
196
197
198
199
200
201
    version       => '0.10.1',
    digest_string => '2d2f171a8561ec91a11def39a3f1e75302516f097e86157f5bdd1402f29858bf',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'junit',
      'matrix-project',
      'structs',
    ],
202
203
  }

intrigeri's avatar
Sort.    
intrigeri committed
204
205
206
207
208
209
  jenkins::plugin { 'display-url-api':
    version       => '2.3.2',
    digest_string => 'a4d5f37349930b5dd9a2a5042bd13527b4c2ee316fe49420fe154fa0623a2bb1',
    digest_type   => 'sha256',
  }

210
211
212
213
214
215
  jenkins::plugin { 'downstream-ext':
    version       => '1.8',
    digest_string => '5033490d9b34943488e387d64a3a09cf02a43dced29b0f43e8a68b9d837a1869702f9080831fc80e64e2addebf0553bd5c6a8793b46182ed1535422ca839d27f',
    digest_type   => 'sha512',
  }

Zen Fu's avatar
Zen Fu committed
216
217
218
219
220
221
  jenkins::plugin { 'durable-task':
    version       => '1.30',
    digest_string => '580c22a7218b0f3fcd9a0705bba4b919e08d3e23db478342634d8ed8122bc7ed',
    digest_type   => 'sha256',
  }

222
  jenkins::plugin { 'email-ext':
223
224
225
    version       => '2.66',
    digest_string => '65cac44728f454f89eb60c015a239a9eb765108a8c620e3be935bb22e4e60305',
    digest_type   => 'sha256',
226
    require       => Jenkins::Plugin[
227
228
229
      'junit',
      'mailer',
      'matrix-project',
intrigeri's avatar
intrigeri committed
230
      'script-security',
231
232
      'structs',
      'token-macro',
233
    ],
234
235
  }

236
  jenkins::plugin { 'envinject':
237
238
    version       => '2.3.0',
    digest_string => '161010a696fbe1d74a5e2f846794d79e094fae17e8cfa5ffc78810b822cfbc6e',
239
240
241
242
243
244
245
246
247
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'envinject-api',
      'matrix-project',
      'script-security',
    ],
  }

  jenkins::plugin { 'envinject-api':
248
249
    version       => '1.7',
    digest_string => '0fb5c4d0b0fbc112addedd604a94d94ce5c42dde3cc6b2494bbf706cdb249a9b',
250
    digest_type   => 'sha256',
251
252
  }

bertagaz's avatar
bertagaz committed
253
  jenkins::plugin { 'git':
Zen Fu's avatar
Zen Fu committed
254
255
    version       => '4.2.2',
    digest_string => '0ea20fe0e1735c4188826b9ad65d6c47f1043fc795e54d96b496dfce9847807d',
256
    digest_type   => 'sha256',
257
258
259
    require       => Jenkins::Plugin[
      'credentials',
      'git-client',
260
261
      'mailer',
      'matrix-project',
262
      'scm-api',
263
264
265
266
      'ssh-credentials',
      'structs',
      'workflow-scm-step',
      'workflow-step-api',
bertagaz's avatar
bertagaz committed
267
    ],
268
269
270
  }

  jenkins::plugin { 'git-client':
Zen Fu's avatar
Zen Fu committed
271
272
    version       => '3.2.1',
    digest_string => '4fc73abfd087f473a673dff17257ac0fec9d6cf7f45cce14a1a331de6750dc89',
273
274
275
276
277
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'apache-httpcomponents-client-4-api',
      'credentials',
      'jsch',
Zen Fu's avatar
Zen Fu committed
278
      'script-security',
279
280
281
      'ssh-credentials',
      'structs',
    ],
282
283
  }

bertagaz's avatar
bertagaz committed
284
  jenkins::plugin { 'global-build-stats':
285
286
287
288
289
290
    version       => '1.5',
    digest_string => '36b1aeecd6f6cd96263baca7143e4e201f93cc4797b814e62527cf58a9fd4b82',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'cloudbees-folder',
    ],
291
292
  }

293
294
295
296
297
298
  jenkins::plugin { 'icon-shim':
    version       => '2.0.3',
    digest_string => 'a83ebce40c28b4bb2474eea3aecfea9c079904b02dee210a70d5ffd7455c437e50ad59b1a9c677a749f9eae84ac702e5d9726a68b63d64ae5c209f5d105418b3',
    digest_type   => 'sha512',
  }

bertagaz's avatar
bertagaz committed
299
  jenkins::plugin { 'javadoc':
300
301
302
    version       => '1.5',
    digest_string => '25514fb702740cbb883fc5c6eeb86177b118517f9b0157f1b2e0c60e8bef1564',
    digest_type   => 'sha256',
303
304
  }

intrigeri's avatar
Sort.    
intrigeri committed
305
  jenkins::plugin { 'jsch':
Zen Fu's avatar
Zen Fu committed
306
307
    version       => '0.1.55.2',
    digest_string => 'cdc74bf8e43eb40ae6ad98ba2f866c8891408038699da9b836518a1d8923fc44',
intrigeri's avatar
Sort.    
intrigeri committed
308
    digest_type   => 'sha256',
Zen Fu's avatar
Zen Fu committed
309
310
311
312
    require       => Jenkins::Plugin[
      'ssh-credentials',
      'trilead-api',
    ],
intrigeri's avatar
Sort.    
intrigeri committed
313
314
315
  }

  jenkins::plugin { 'junit':
316
317
    version       => '1.28',
    digest_string => 'a471c80776b9684c4ee9164ce51e01b9871af664bdfce13b11320020ddc25f33',
intrigeri's avatar
Sort.    
intrigeri committed
318
    digest_type   => 'sha256',
intrigeri's avatar
intrigeri committed
319
320
321
    require       => Jenkins::Plugin[
      'script-security',
      'structs',
322
323
      'workflow-api',
      'workflow-step-api',
intrigeri's avatar
intrigeri committed
324
    ],
intrigeri's avatar
Sort.    
intrigeri committed
325
326
327
  }

  jenkins::plugin { 'mailer':
Zen Fu's avatar
Zen Fu committed
328
329
    version       => '1.30',
    digest_string => '713fa73d8684f17f66b8f09c3f742ac53d7b5a698c0d9af0867318f642211090',
intrigeri's avatar
Sort.    
intrigeri committed
330
331
332
333
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['display-url-api'],
  }

bertagaz's avatar
bertagaz committed
334
  jenkins::plugin { 'mapdb-api':
335
336
337
    version       => '1.0.9.0',
    digest_string => '072c11a34cf21f87f9c44bf01b430c5ea77e8096d077e8533de654ef00f3f871',
    digest_type   => 'sha256',
338
339
  }

340
341
342
343
344
345
346
347
348
  jenkins::plugin { 'matrix-auth':
    version       => '2.5',
    digest_string => 'db99c3ecb22931ad49a81f7209c4187f2ad867f5d09ec4b4e7d19a915f543d63',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'cloudbees-folder',
    ],
  }

349
  jenkins::plugin { 'matrix-project':
350
351
    version       => '1.14',
    digest_string => '88d84ef75ea63c3ed826caecb2bc03ed59206fd164288f02bade7ce2685a388a',
352
353
354
355
356
357
358
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'junit',
      'script-security',
    ],
  }

359
  jenkins::plugin { 'maven-plugin':
intrigeri's avatar
Sort.    
intrigeri committed
360
361
362
    version       => '3.4',
    digest_string => 'b554ff3395232ddc78f8bf6dd150e8a0994c32a01e16b661d257c6f95d7b44c3',
    digest_type   => 'sha256',
intrigeri's avatar
intrigeri committed
363
364
365
366
367
368
369
    require       => Jenkins::Plugin[
      'apache-httpcomponents-client-4-api',
      'javadoc',
      'jsch',
      'junit',
      'mailer',
    ],
intrigeri's avatar
Sort.    
intrigeri committed
370
  }
371

372
  jenkins::plugin { 'parameterized-trigger':
373
374
375
376
377
378
379
380
    version       => '2.35.2',
    digest_string => '36228ae6c41cf828cf472deabaeff50f8b4e9b69e742deab38d4a9b9a093fd97',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'conditional-buildstep',
      'matrix-project',
      'script-security',
    ],
381
382
  }

383
  jenkins::plugin { 'postbuildscript':
Zen Fu's avatar
Zen Fu committed
384
385
386
387
    version       => '2.9.0',
    digest_string => '9bd90ecf440ae9f7a2871ae929a8bf309cc078b2f529e4848bb0d0ad66286656',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['matrix-project'],
388
389
  }

bertagaz's avatar
bertagaz committed
390
  jenkins::plugin { 'PrioritySorter':
Zen Fu's avatar
Zen Fu committed
391
392
393
    version       => '3.6.0',
    digest_string => 'a548df16d9a1744c4a5cd2d27c9ed718d14670c346feb916218e2a4960612043',
    digest_type   => 'sha256',
bertagaz's avatar
bertagaz committed
394
395
  }

396
397
398
399
400
401
402
  jenkins::plugin { 'resource-disposer':
    version       => '0.13',
    digest_string => 'f0820b7260b7a22aa0c461d8b76cca2140bc15cbe0003650e4821dc99095bb44',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['token-macro'],
  }

403
404
405
406
407
408
409
410
411
  jenkins::plugin { 'run-condition':
    version       => '1.2',
    digest_string => '1dbfae6b57c4ae0e190354ac273280bba135aaba82c2d8116bd394c4b83d5e5f',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
      'token-macro',
    ],
  }

bertagaz's avatar
bertagaz committed
412
  jenkins::plugin { 'scm-api':
413
414
415
416
    version       => '2.6.3',
    digest_string => '83262d406862ad55ff90d36020a83f88ebd71e66f49c75c9a5140f43176aba29',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
417
418
419
  }

  jenkins::plugin { 'scm-sync-configuration':
Zen Fu's avatar
Zen Fu committed
420
421
422
423
    version       => '0.0.10',
    digest_string => '84606ed21b72918a5633cf8e438116ab9af3d9010b2651336af92ce8474e0870',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['subversion'],
424
425
  }

bertagaz's avatar
bertagaz committed
426
  jenkins::plugin { 'script-security':
427
428
    version       => '1.71',
    digest_string => 'cff2473fa3c306a89be9a7044ea665cc53e7b6338bc6311dde76739bee598072',
429
    digest_type   => 'sha256',
430
431
  }

Zen Fu's avatar
Zen Fu committed
432
433
434
435
436
437
  jenkins::plugin { 'simple-theme-plugin':
    version       => '0.5.1',
    digest_string => 'd823ac7fa1d5861051fc69534f5678c32d10c98a00987a045b0b7836fd733584',
    digest_type   => 'sha256',
  }

bertagaz's avatar
bertagaz committed
438
  jenkins::plugin { 'ssh-credentials':
439
440
    version       => '1.18.1',
    digest_string => '8db908c484737f260cfab6682a42cbeaf390b3b9efd87925375691e45c370492',
441
    digest_type   => 'sha256',
442
443
444
445
    require       => Jenkins::Plugin[
      'credentials',
      'trilead-api',
    ],
446
447
  }

448
449
450
451
452
453
  jenkins::plugin { 'structs':
    version       => '1.20',
    digest_string => '7e7861356a37aa6a727462d7aea716dd9307071252f7349c2726d64a773feb3a',
    digest_type   => 'sha256',
  }

bertagaz's avatar
bertagaz committed
454
  jenkins::plugin { 'subversion':
455
456
    version       => '2.13.1',
    digest_string => 'bc36675699051394d4cd7e663631c3c2bdc4668d4da952d0d9d8cd08a308f63c',
457
458
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
459
460
461
462
463
464
      'credentials',
      'mapdb-api',
      'scm-api',
      'ssh-credentials',
      'structs',
      'workflow-scm-step',
465
    ],
466
467
  }

468
  jenkins::plugin { 'timestamper':
469
470
    version       => '1.11.2',
    digest_string => '2a9e7627f47447a85b58856c9ee055e26e1785338da795cdf9240719842bf318',
Zen Fu's avatar
Zen Fu committed
471
472
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
473
474
      'workflow-api',
      'workflow-step-api',
Zen Fu's avatar
Zen Fu committed
475
    ],
476
477
  }

478
  jenkins::plugin { 'token-macro':
479
480
481
482
    version       => '2.8',
    digest_string => '5b068a58d8bbc91a74cffd137eaa19602d7d8d5ce9018cc00ad67e33b7c3283c',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
483
484
  }

485
486
487
488
489
490
  jenkins::plugin { 'trilead-api':
    version       => '1.0.6',
    digest_string => '61aa209947202d2b1aa9dbd37d7d67f09488d9f21c19c91c10ffdb70a791f729',
    digest_type   => 'sha256',
  }

491
  jenkins::plugin { 'workflow-api':
492
493
    version       => '2.40',
    digest_string => 'd704b80b65589b7148b2fad5c5dcc935cb7a154dac835a61755e3ca39321659d',
494
495
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
496
497
498
      'scm-api',
      'structs',
      'workflow-step-api',
499
500
501
    ],
  }

Zen Fu's avatar
Zen Fu committed
502
503
504
505
506
  jenkins::plugin { 'workflow-durable-task-step':
    version       => '2.34',
    digest_string => 'd1a91f9c175e0f1cf17afdf63c264ab8e66e4370ef1d9822243404091d9dc3bf',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
507
508
509
510
511
512
513
      'durable-task',
      'scm-api',
      'script-security',
      'structs',
      'workflow-api',
      'workflow-step-api',
      'workflow-support',
Zen Fu's avatar
Zen Fu committed
514
515
516
    ],
  }

517
  jenkins::plugin { 'workflow-step-api':
518
519
    version       => '2.22',
    digest_string => 'eb9c64a1941d3af320451267e248fe3a0ff9d236e80c3f576f1d3a666d502a33',
520
521
522
523
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['structs'],
  }

Zen Fu's avatar
Zen Fu committed
524
525
526
527
528
  jenkins::plugin { 'workflow-support':
    version       => '3.3',
    digest_string => '0f2b18d0de9b7c94abc03701e33f660620382dd4fcc83600d6aafcb5888d8f51',
    digest_type   => 'sha256',
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
529
530
531
532
      'scm-api',
      'script-security',
      'workflow-api',
      'workflow-step-api',
Zen Fu's avatar
Zen Fu committed
533
534
535
    ],
  }

536
  jenkins::plugin { 'workflow-scm-step':
537
538
    version       => '2.10',
    digest_string => 'a85564ffb74da04dd177a733b2b86a32e702cc78d6023e675dc9240c7809b6bc',
539
540
541
542
    digest_type   => 'sha256',
    require       => Jenkins::Plugin['workflow-step-api'],
  }

bertagaz's avatar
bertagaz committed
543
  jenkins::plugin { 'ws-cleanup':
Zen Fu's avatar
Zen Fu committed
544
545
546
    version       => '0.37',
    digest_string => '9d74adcc911e1b08c7412c23aa55f6aa6d016f000587d255598ce16754d8a90d',
    digest_type   => 'sha256',
547
    require       => Jenkins::Plugin[
intrigeri's avatar
Lint.    
intrigeri committed
548
549
      'resource-disposer',
      'workflow-durable-task-step',
550
    ],
551
  }
552
  # lint:endignore
553

554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
  ## Uncomment this (or similar) once all this is moved to a proper class,
  ## that inherits jenkins::service and can thus append to its dependencies.
  # Service['jenkins'] {
  #   require +> File_line['jenkins_HTTP_HOST'],
  # }

  file { '/etc/jenkins_jobs/jenkins_jobs.ini':
    owner   => root,
    group   => jenkins,
    mode    => '0640',
    source  => 'puppet:///modules/tails/jenkins/master/jenkins_jobs.ini',
    require => [
      Package['jenkins'],
      Package['jenkins-job-builder'],
    ],
  }

571
572
573
574
  file { '/etc/jenkins_jobs':
    ensure => directory,
    owner  => root,
    group  => jenkins,
575
    mode   => '0770',
576
577
  }

578
  vcsrepo { '/etc/jenkins_jobs/jobs':
579
    ensure   => present,
580
581
    owner    => jenkins,
    group    => jenkins,
582
583
    user     => jenkins,
    provider => git,
584
    source   => $jenkins_jobs_repo,
585
    require  => [
586
      Sshkeys::Set_client_key_pair[$ssh_pubkey_name],
587
      Package['git'],
588
      File['/etc/jenkins_jobs'],
589
590
591
    ],
  }

592
  if $deploy_jobs_on_git_push {
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
    file { '/var/tmp/jenkins_jobs_test':
      ensure => directory,
      owner  => jenkins,
      group  => jenkins,
      mode   => '0700',
    }

    file { '/usr/local/sbin/deploy_jenkins_jobs':
      ensure  => present,
      source  => 'puppet:///modules/tails/jenkins/master/deploy_jenkins_jobs',
      owner   => root,
      group   => root,
      mode    => '0755',
      require => [
        File['/var/tmp/jenkins_jobs_test'],
608
        Ssh_authorized_key[$gitolite_pubkey_name],
609
610
611
      ],
    }

612
    sshkeys::set_authorized_keys { $gitolite_pubkey_name:
613
      user    => jenkins,
614
      home    => '/var/lib/jenkins',
615
616
      require => Package['jenkins'],
    }
617
618
  }

619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
  file { '/usr/local/bin/clean_old_jenkins_artifacts':
    owner  => root,
    group  => root,
    mode   => '0755',
    source => 'puppet:///modules/tails/jenkins/master/clean_old_jenkins_artifacts',
  }

  file { '/usr/local/bin/clean_old_jenkins_artifacts_wrapper':
    owner   => root,
    group   => root,
    mode    => '0755',
    source  => 'puppet:///modules/tails/jenkins/master/clean_old_jenkins_artifacts_wrapper',
    require => File['/usr/local/bin/clean_old_jenkins_artifacts'],
  }

  cron { 'clean_old_jenkins_artifacts':
635
    command => '/usr/local/bin/clean_old_jenkins_artifacts_wrapper /var/lib/jenkins',
636
637
638
639
640
641
642
    user    => 'jenkins',
    hour    => '23',
    minute  => '50',
    require => [File['/usr/local/bin/clean_old_jenkins_artifacts_wrapper'],
                Package['jenkins']],
  }

643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
  file { '/usr/local/bin/deduplicate_reproducible_build_jobs_upstream_ISOs':
    owner   => root,
    group   => root,
    mode    => '0755',
    source  => 'puppet:///modules/tails/jenkins/master/deduplicate_reproducible_build_jobs_upstream_ISOs',
    require => Package['jenkins'],
  }

  cron { 'deduplicate_reproducible_build_jobs_upstream_ISOs':
    command => '/usr/local/bin/deduplicate_reproducible_build_jobs_upstream_ISOs /var/lib/jenkins/jobs',
    user    => 'jenkins',
    minute  => '*/6',
    require => File['/usr/local/bin/deduplicate_reproducible_build_jobs_upstream_ISOs'],
  }

658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
  file { '/usr/local/bin/manage_latest_iso_symlinks':
    owner   => root,
    group   => root,
    mode    => '0755',
    source  => 'puppet:///modules/tails/jenkins/master/manage_latest_iso_symlinks',
    require => Package['jenkins'],
  }

  cron { 'manage_latest_iso_symlinks':
    command => '/usr/local/bin/manage_latest_iso_symlinks /var/lib/jenkins/jobs',
    user    => 'jenkins',
    minute  => '*/5',
    require => File['/usr/local/bin/manage_latest_iso_symlinks'],
  }

673
674
675
676
  class  { 'tails::jenkins::iso_jobs_generator':
    ensure            => $automatic_iso_jobs_generator,
    tails_repo        => $tails_repo,
    jenkins_jobs_repo => $jenkins_jobs_repo,
677
    active_days       => $active_branches_max_age_in_days,
678
679
680
681
    require           => [
      Class['jenkins'],
      Sshkeys::Set_client_key_pair[$ssh_pubkey_name],
    ],
682
683
  }

684
685
686
687
688
  file { '/var/lib/jenkins/.ssh':
    ensure  => directory,
    owner   => jenkins,
    group   => jenkins,
    mode    => '0700',
689
    require => Class['jenkins'],
690
691
  }

692
693
  sshkeys::set_client_key_pair { $ssh_pubkey_name:
    keyname => $ssh_pubkey_name,
694
695
    user    => 'jenkins',
    home    => '/var/lib/jenkins',
696
    require => File['/var/lib/jenkins/.ssh'],
697
698
  }

699
  postfix::mailalias { 'jenkins':
700
    recipient => 'root',
701
  }
702
}