diff options
| author | Mattia Rizzolo <mattia@mapreri.org> | 2015-04-16 18:28:31 +0200 |
|---|---|---|
| committer | Holger Levsen <holger@layer-acht.org> | 2015-04-16 18:31:04 +0200 |
| commit | 59ca867373215c8490ac0af045254926bba0676e (patch) | |
| tree | 7ea9064d1f952360ba369c98f77646bfb3a6d280 | |
| parent | 36798da6b02677f0d8d3808bb0541148d8e1c314 (diff) | |
| download | jenkins.debian.net-59ca867373215c8490ac0af045254926bba0676e.tar.xz | |
add deploy_kgb.py to automatically generate kgb confs. also change owner of /srv/jenkins to jenkins-adm instead of root. Another TODO bullet down!
| -rw-r--r-- | TODO | 1 | ||||
| -rwxr-xr-x | deploy_kgb.py | 66 | ||||
| -rwxr-xr-x | update_jdn.sh | 17 |
3 files changed, 82 insertions, 2 deletions
@@ -19,7 +19,6 @@ See link:https://jenkins.debian.net/userContent/about.html["about jenkins.debian == General ToDo * replace amd64 in scripts with $HOSTARCH -* put kgb-client.conf in git and sed passwords from filesystem into it... ** alioth... just manually push it * *backup*: ** gpg encrypted to some keys diff --git a/deploy_kgb.py b/deploy_kgb.py new file mode 100755 index 00000000..fe4a5d84 --- /dev/null +++ b/deploy_kgb.py @@ -0,0 +1,66 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# +# Copyright © 2015 Mattia Rizzolo <mattia@mapreri.org> +# Licensed under GPL-2 +# +# Depends: python3 python3-yaml +# +# Generates the kgb client configuration, using the passwords listed in the +# file pointed by `secrets`. + +import os +import yaml + +secrets = '/srv/jenkins/kgb/secrets.yml' +outputs = '/srv/jenkins/kgb' + +with open(secrets) as fd: + passwords = yaml.load(fd) + +channels = [ + {'name': 'debian-boot', 'id': 'jenkins-debian-boot'}, + {'name': 'debian-bootstrap', 'id': 'jenkins-debian-bootstrap'}, + {'name': 'debian-cinnamon', 'id': 'jenkins-debian-cinnamon'}, + {'name': 'debian-edu', 'id': 'jenkins-debian-edu'}, + {'name': 'debian-haskell', 'id': 'jenkins-debian-haskell'}, + {'name': 'debian-qa', 'id': 'jenkins-debian-qa'}, + {'name': 'debian-reproducible', 'id': 'jenkins-debian-reproducible'}, + {'name': 'debian-ruby', 'id': 'pkg-ruby-extras'}, + {'name': 'dvswitch', 'id': 'jenkins-dvswitch'}, +] + +template = """repo-id: '{repo_id}' +password: {password} +use-irc-notices: 1 +servers: + # KGB-0, run by dmn@debian.org + - uri: http://kgb.ktnx.org:9418/ + # KGB-1, run by tincho@debian.org + - uri: http://kgb.tincho.org:9418/ + # KGB-2, run by gregoa@debian.org + - uri: http://colleen.colgarra.priv.at:8080/ +status-dir: /srv/jenkins/kgb/client-status/ +""" + +for chan in channels: + print('Producing conf for #' + chan['name'] + '...') + conf = template.format(repo_id=chan['id'], + password=passwords[chan['name']]) + if not os.access(outputs, os.R_OK): + try: + os.makedirs(outputs, exist_ok=True) + except OSError as e: + if e.errno == 17: # that's "file exists" error + print('ERROR: the output directory ' + outputs + + ' has bad permissions') + raise + if not os.access(outputs, os.W_OK): + print('ERROR: the output directory ' + outputs + + ' has bad permissions') + raise OSError + filename = outputs + chan['name'] + '.conf' + with open(filename, 'w') as fd: + fd.write(conf) + +print('All kgb configurations generated successfully') diff --git a/update_jdn.sh b/update_jdn.sh index 2fdabad9..c2ffb08b 100755 --- a/update_jdn.sh +++ b/update_jdn.sh @@ -45,12 +45,14 @@ if ! mountpoint -q /srv/workspace; then fi # make sure needed directories exists -for directory in /srv/jenkins /schroots /srv/reproducible-results /srv/d-i /srv/live-build ; do +for directory in /schroots /srv/reproducible-results /srv/d-i /srv/live-build ; do if [ ! -d $directory ] ; then sudo mkdir $directory sudo chown jenkins.jenkins $directory fi done +sudo mkdir /srv/jenkins +sudo chown jenkins-adm.jenkins-adm /srv/jenkins if ! test -h /chroots; then rmdir /chroots || rm -f /chroots # do not recurse @@ -298,6 +300,19 @@ else fi # +# generate the kgb-client configurations +# +cd $BASEDIR +KGB_SECRETS="/srv/jenkins/kgb/secrets.yml" +if [ -f "$KGB_SECRETS" ] && [ $(stat -c "%a:%U:%G" "$KGB_SECRETS") = "640:jenkins-adm:jenkins-adm" ] ; then + # to assure the files are owned by the right user/team + sudo -u jenkins-adm "$BASEDIR/deploy-kgb" +else + echo "Warning: $KGB_SECRETS either does not exist or has bad permissions. Please fix. KGB configs not generated" + echo "We expect the secrets file to be mode 640 and owned by jenkins-adm:jenkins-adm." +fi + +# # There's always some work left... # echo FIXME is ignored so check-jobs scripts can output templates requiring manual work # |