[Qa-jenkins-scm] [jenkins.debian.net] 01/01: add deploy_kgb.py to automatically generate kgb confs. also change owner of /srv/jenkins to jenkins-adm instead of root. Another TODO bullet down!

Thu Apr 16 16:31:23 UTC 2015

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository jenkins.debian.net.

commit 59ca867373215c8490ac0af045254926bba0676e
Author: Mattia Rizzolo <mattia at mapreri.org>
Date:   Thu Apr 16 18:28:31 2015 +0200

    add deploy_kgb.py to automatically generate kgb confs. also change owner of /srv/jenkins to jenkins-adm instead of root. Another TODO bullet down!
---
 TODO          |  1 -
 deploy_kgb.py | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 update_jdn.sh | 17 ++++++++++++++-
 3 files changed, 82 insertions(+), 2 deletions(-)

diff --git a/TODO b/TODO
index 69b46f4..4d870e0 100644
--- a/TODO
+++ b/TODO
@@ -19,7 +19,6 @@ See link:https://jenkins.debian.net/userContent/about.html["about jenkins.debian
 == General ToDo
 
 * replace amd64 in scripts with $HOSTARCH
-* put kgb-client.conf in git and sed passwords from filesystem into it...
 ** alioth... just manually push it
 * *backup*:
 ** gpg encrypted to some keys
diff --git a/deploy_kgb.py b/deploy_kgb.py
new file mode 100755
index 0000000..fe4a5d8
--- /dev/null
+++ b/deploy_kgb.py
@@ -0,0 +1,66 @@
+#!/usr/bin/python3
+# -*- coding: utf-8 -*-
+#
+# Copyright © 2015 Mattia Rizzolo <mattia at mapreri.org>
+# Licensed under GPL-2
+#
+# Depends: python3 python3-yaml
+#
+# Generates the kgb client configuration, using the passwords listed in the
+# file pointed by `secrets`.
+
+import os
+import yaml
+
+secrets = '/srv/jenkins/kgb/secrets.yml'
+outputs = '/srv/jenkins/kgb'
+
+with open(secrets) as fd:
+    passwords = yaml.load(fd)
+
+channels = [
+    {'name': 'debian-boot', 'id': 'jenkins-debian-boot'},
+    {'name': 'debian-bootstrap', 'id': 'jenkins-debian-bootstrap'},
+    {'name': 'debian-cinnamon', 'id': 'jenkins-debian-cinnamon'},
+    {'name': 'debian-edu', 'id': 'jenkins-debian-edu'},
+    {'name': 'debian-haskell', 'id': 'jenkins-debian-haskell'},
+    {'name': 'debian-qa', 'id': 'jenkins-debian-qa'},
+    {'name': 'debian-reproducible', 'id': 'jenkins-debian-reproducible'},
+    {'name': 'debian-ruby', 'id': 'pkg-ruby-extras'},
+    {'name': 'dvswitch', 'id': 'jenkins-dvswitch'},
+]
+
+template = """repo-id: '{repo_id}'
+password: {password}
+use-irc-notices: 1
+servers:
+   # KGB-0, run by dmn at debian.org
+ - uri: http://kgb.ktnx.org:9418/
+   # KGB-1, run by tincho at debian.org
+ - uri: http://kgb.tincho.org:9418/
+   # KGB-2, run by gregoa at debian.org
+ - uri: http://colleen.colgarra.priv.at:8080/
+status-dir: /srv/jenkins/kgb/client-status/
+"""
+
+for chan in channels:
+    print('Producing conf for #' + chan['name'] + '...')
+    conf = template.format(repo_id=chan['id'],
+                           password=passwords[chan['name']])
+    if not os.access(outputs, os.R_OK):
+        try:
+            os.makedirs(outputs, exist_ok=True)
+        except OSError as e:
+            if e.errno == 17:  # that's "file exists" error
+                print('ERROR: the output directory ' + outputs +
+                      ' has bad permissions')
+            raise
+    if not os.access(outputs, os.W_OK):
+            print('ERROR: the output directory ' + outputs +
+                  ' has bad permissions')
+            raise OSError
+    filename = outputs + chan['name'] + '.conf'
+    with open(filename, 'w') as fd:
+        fd.write(conf)
+
+print('All kgb configurations generated successfully')
diff --git a/update_jdn.sh b/update_jdn.sh
index 2fdabad..c2ffb08 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -45,12 +45,14 @@ if ! mountpoint -q /srv/workspace; then
 fi
 
 # make sure needed directories exists
-for directory in  /srv/jenkins /schroots /srv/reproducible-results /srv/d-i /srv/live-build ; do
+for directory in /schroots /srv/reproducible-results /srv/d-i /srv/live-build ; do
 	if [ ! -d $directory ] ; then
 		sudo mkdir $directory
 		sudo chown jenkins.jenkins $directory
 	fi
 done
+sudo mkdir /srv/jenkins
+sudo chown jenkins-adm.jenkins-adm /srv/jenkins
 
 if ! test -h /chroots; then
 	rmdir /chroots || rm -f /chroots # do not recurse
@@ -298,6 +300,19 @@ else
 fi
 
 #
+# generate the kgb-client configurations
+#
+cd $BASEDIR
+KGB_SECRETS="/srv/jenkins/kgb/secrets.yml"
+if [ -f "$KGB_SECRETS" ] && [ $(stat -c "%a:%U:%G" "$KGB_SECRETS") = "640:jenkins-adm:jenkins-adm" ] ; then
+    # to assure the files are owned by the right user/team
+    sudo -u jenkins-adm "$BASEDIR/deploy-kgb"
+else
+    echo "Warning: $KGB_SECRETS either does not exist or has bad permissions. Please fix. KGB configs not generated"
+    echo "We expect the secrets file to be mode 640 and owned by jenkins-adm:jenkins-adm."
+fi
+
+#
 # There's always some work left...
 #	echo FIXME is ignored so check-jobs scripts can output templates requiring manual work
 #

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git

