add user/group mgt. + localstatedir params to jenkins class

* add `manager_user`, `user`, `manage_group`, `group` params to `jenkins` class. * improve consistency of `file` resouce group ownership throughout the module * add 'localstatedir' param to `jenkins` class and consistently use it to set the 'data' base dir throughout the module * Deprecate/noop `username`, `group`, `create_user` params to `jenkins::plugin` define; replaced by `user`,`group`,etc. params to `jenkins` class * Deprecate/noop `plugin_dir` param to `jenkins::plugin`; replaced by `localstatedir` param to `jenkins` class closes voxpupuli#356 -- alternative approach resolves voxpupuli#365
jhoblitt · Oct 11, 2015 · 740ceba · 740ceba
1 parent 102869d
commit 740ceba
Show file tree

Hide file tree

Showing 13 changed files with 307 additions and 117 deletions.
diff --git a/manifests/cli_helper.pp b/manifests/cli_helper.pp
@@ -20,8 +20,8 @@
   $helper_groovy = "${libdir}/puppet_helper.groovy"
   file {$helper_groovy:
     source  => 'puppet:///modules/jenkins/puppet_helper.groovy',
-    owner   => 'jenkins',
-    group   => 'jenkins',
+    owner   => $::jenkins::user,
+    group   => $::jenkins::group,
     mode    => '0444',
     require => Class['jenkins::cli'],
   }

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -1,14 +1,4 @@
-# Parameters:
-# config_hash = {} (Default)
-# Hash with config options to set in sysconfig/jenkins defaults/jenkins
-#
-# Example use
-#
-# class{ 'jenkins::config':
-#   config_hash => {
-#     'HTTP_PORT' => { 'value' => '9090' }, 'AJP_PORT' => { 'value' => '9009' }
-#   }
-# }
+# This class should be considered private
 #
 class jenkins::config {
 
@@ -17,4 +7,35 @@
   }
 
   create_resources( 'jenkins::sysconfig', $::jenkins::config_hash )
+
+  $dir_params = {
+    ensure => directory,
+    owner  => $::jenkins::user,
+    group  => $::jenkins::group,
+    mode   => '0755',
+  }
+
+  # ensure_resource is used to try to maintain backwards compatiblity with
+  # manifests that were able to external declare resources due to the
+  # old conditional behavior of jenkins::plugin
+  if $::jenkins::manage_user {
+    ensure_resource('user', $::jenkins::user, {
+      ensure     => present,
+      gid        => $::jenkins::group,
+      home       => $::jenkins::localstatedir,
+      managehome => false,
+      system     => true,
+    })
+  }
+
+  if $::jenkins::manage_group {
+    ensure_resource('group', $::jenkins::group, {
+      ensure => present,
+      system => true,
+    })
+  }
+
+  ensure_resource('file', $::jenkins::localstatedir, $dir_params)
+  ensure_resource('file', $::jenkins::plugin_dir, $dir_params)
+  ensure_resource('file', $::jenkins::job_dir, $dir_params)
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -44,12 +44,26 @@
 # config_hash = undef (Default)
 #   Hash with config options to set in sysconfig/jenkins defaults/jenkins
 #
+# localstatedir = '/var/lib/jenkins' (default)
+#   base path, in the autoconf sense, for jenkins local data including jobs and
+#   plugins
+#
 # executors = undef (Default)
 #   Integer number of executors on the Jenkin's master.
 #
 # slaveagentport = undef (Default)
 #   Integer number of portnumber for the slave agent.
 #
+# manage_user = true (default)
+#
+# user = 'jenkins' (default)
+#`  system user that owns the jenkins master's files
+#
+# manage_group = true (default)
+#
+# group = 'jenkins' (default)
+#`  system group that owns the jenkins master's files
+#
 # Example use
 #
 # class{ 'jenkins':
@@ -146,6 +160,10 @@
 #   - Accepts input as array only.
 #   - Only effective if "proxy_host" and "proxy_port" are set.
 #
+# user = 'jenkins' (default)
+#
+# group = 'jenkins' (default)
+#
 #
 class jenkins(
   $version            = $jenkins::params::version,
@@ -173,8 +191,13 @@
   $cli_try_sleep      = $jenkins::params::cli_try_sleep,
   $port               = $jenkins::params::port,
   $libdir             = $jenkins::params::libdir,
+  $localstatedir      = $::jenkins::params::localstatedir,
   $executors          = undef,
   $slaveagentport     = undef,
+  $manage_user        = $::jenkins::params::manage_user,
+  $user               = $::jenkins::params::user,
+  $manage_group       = $::jenkins::params::manage_group,
+  $group              = $::jenkins::params::group,
 ) inherits jenkins::params {
 
   validate_bool($lts, $install_java, $repo)
@@ -184,6 +207,8 @@
     validate_bool($configure_firewall)
   }
 
+  validate_absolute_path($localstatedir)
+
   if $no_proxy_list {
     validate_array($no_proxy_list)
   }
@@ -192,6 +217,14 @@
     validate_integer($executors)
   }
 
+  validate_bool($manage_user)
+  validate_string($user)
+  validate_bool($manage_group)
+  validate_string($group)
+
+  $plugin_dir = "${localstatedir}/plugins"
+  $job_dir = "${localstatedir}/jobs"
+
   anchor {'jenkins::begin':}
   anchor {'jenkins::end':}
 

diff --git a/manifests/job/absent.pp b/manifests/job/absent.pp
@@ -20,7 +20,7 @@
   }
 
   $tmp_config_path  = "/tmp/${jobname}-config.xml"
-  $job_dir          = "/var/lib/jenkins/jobs/${jobname}"
+  $job_dir          = "${::jenkins::job_dir}/${jobname}"
   $config_path      = "${job_dir}/config.xml"
 
   # Temp file to use as stdin for Jenkins CLI executable

diff --git a/manifests/job/present.pp b/manifests/job/present.pp
@@ -27,7 +27,7 @@
 
   $jenkins_cli        = $jenkins::cli::cmd
   $tmp_config_path    = "/tmp/${jobname}-config.xml"
-  $job_dir            = "/var/lib/jenkins/jobs/${jobname}"
+  $job_dir            = "${::jenkins::jobs_dir}/${jobname}"
   $config_path        = "${job_dir}/config.xml"
 
   # Bring variables from Class['::jenkins'] into local scope.

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -16,6 +16,12 @@
   $cli_try_sleep         = 10
   $package_cache_dir     = '/var/cache/jenkins_pkgs'
   $package_name          = 'jenkins'
+  $localstatedir         = '/var/lib/jenkins'
+
+  $manage_user  = true
+  $user         = 'jenkins'
+  $manage_group = true
+  $group        = 'jenkins'
 
   case $::osfamily {
     'Debian': {
@@ -27,7 +33,7 @@
       $package_provider = 'rpm'
     }
     default: {
-      $libdir = '/usr/lib/jenkins'
+      $libdir           = '/usr/lib/jenkins'
       $package_provider = false
     }
   }

diff --git a/manifests/plugin.pp b/manifests/plugin.pp
@@ -21,36 +21,49 @@
   $config_filename = undef,
   $config_content  = undef,
   $update_url      = undef,
-  $plugin_dir      = '/var/lib/jenkins/plugins',
-  $username        = 'jenkins',
-  $group           = 'jenkins',
   $enabled         = true,
-  $create_user     = true,
   $source          = undef,
   $digest_string   = '',
   $digest_type     = 'sha1',
+  # deprecated
+  $plugin_dir      = undef,
+  $username        = undef,
+  $group           = undef,
+  $create_user     = true,
 ) {
-  include ::jenkins::params
+  include ::jenkins
 
-  $plugin_parent_dir = inline_template('<%= @plugin_dir.split(\'/\')[0..-2].join(\'/\') %>')
   validate_bool($manage_config)
   validate_bool($enabled)
   # TODO: validate_str($update_url)
   validate_string($source)
   validate_string($digest_string)
   validate_string($digest_type)
 
+  if $plugin_dir {
+    warning('jenkins::plugin::plugin_dir is deprecated and has no effect -- see jenkins::localstatedir')
+  }
+  if $username {
+    warning('jenkins::plugin::username is deprecated and has no effect -- see jenkins::user')
+  }
+  if $group {
+    warning('jenkins::plugin::group is deprecated and has no effect -- see jenkins::group')
+  }
+  if $create_user {
+    warning('jenkins::plugin::create_user is deprecated and has no effect')
+  }
+
   if ($version != 0) {
     $plugins_host = $update_url ? {
-      undef   => $::jenkins::params::default_plugins_host,
+      undef   => $::jenkins::default_plugins_host,
       default => $update_url,
     }
     $base_url = "${plugins_host}/download/plugins/${name}/${version}/"
     $search   = "${name} ${version}(,|$)"
   }
   else {
     $plugins_host = $update_url ? {
-      undef   => $::jenkins::params::default_plugins_host,
+      undef   => $::jenkins::default_plugins_host,
       default => $update_url,
     }
     $base_url = "${plugins_host}/latest/"
@@ -66,50 +79,6 @@
   $plugin_ext = regsubst($download_url, '^.*\.(hpi|jpi)$', '\1')
   $plugin     = "${name}.${plugin_ext}"
 
-  if (!defined(File[$plugin_dir])) {
-    if (!defined(File[$plugin_parent_dir])) {
-      # ensure ownership only when it's home directory for the new user
-      if $create_user {
-        file { $plugin_parent_dir:
-          ensure => directory,
-          owner  => $username,
-          group  => $group,
-          mode   => '0755',
-        }
-      } else {
-        file { $plugin_parent_dir:
-          ensure => directory,
-        }
-      }
-    }
-
-    file { $plugin_dir:
-      ensure => directory,
-      owner  => $username,
-      group  => $group,
-      mode   => '0755',
-    }
-
-  }
-
-  if $create_user {
-    if (!defined(Group[$group])) {
-      group { $group :
-        ensure  => present,
-        require => Package[$::jenkins::package_name],
-      }
-    }
-    if (!defined(User[$username])) {
-      user { $username :
-        ensure  => present,
-        home    => $plugin_parent_dir,
-        require => Package[$::jenkins::package_name],
-      }
-    }
-    User[$username] -> File[$plugin_dir]
-    Group[$group] -> File[$plugin_dir]
-  }
-
   if (empty(grep([ $::jenkins_plugins ], $search))) {
     if ($jenkins::proxy_host) {
       $proxy_server = "${jenkins::proxy_host}:${jenkins::proxy_port}"
@@ -123,16 +92,18 @@
     }
 
     # Allow plugins that are already installed to be enabled/disabled.
-    file { "${plugin_dir}/${plugin}.disabled":
+    file { "${::jenkins::plugin_dir}/${plugin}.disabled":
       ensure  => $enabled_ensure,
-      owner   => $username,
+      owner   => $::jenkins::user,
+      group   => $::jenkins::group,
       mode    => '0644',
-      require => File["${plugin_dir}/${plugin}"],
+      require => File["${::jenkins::plugin_dir}/${plugin}"],
       notify  => Service['jenkins'],
     }
 
-    file { "${plugin_dir}/${plugin}.pinned":
-      owner   => $username,
+    file { "${::jenkins::plugin_dir}/${plugin}.pinned":
+      owner   => $::jenkins::user,
+      group   => $::jenkins::group,
       require => Archive::Download[$plugin],
     }
 
@@ -144,21 +115,22 @@
 
     archive::download { $plugin:
       url              => $download_url,
-      src_target       => $plugin_dir,
+      src_target       => $::jenkins::plugin_dir,
       allow_insecure   => true,
       follow_redirects => true,
       checksum         => $checksum,
       digest_string    => $digest_string,
       digest_type      => $digest_type,
-      user             => $username,
+      user             => $::jenkins::user,
       proxy_server     => $proxy_server,
       notify           => Service['jenkins'],
-      require          => File[$plugin_dir],
+      require          => File[$::jenkins::plugin_dir],
     }
 
-    file { "${plugin_dir}/${plugin}" :
+    file { "${::jenkins::plugin_dir}/${plugin}" :
       require => Archive::Download[$plugin],
-      owner   => $username,
+      owner   => $::jenkins::user,
+      group   => $::jenkins::group,
       mode    => '0644',
     }
   }
@@ -168,11 +140,11 @@
       fail 'To deploy config file for plugin, you need to specify both $config_filename and $config_content'
     }
 
-    file {"${plugin_parent_dir}/${config_filename}":
+    file {"${::jenkins::localstatedir}/${config_filename}":
       ensure  => present,
       content => $config_content,
-      owner   => $username,
-      group   => $group,
+      owner   => $::jenkins::user,
+      group   => $::jenkins::group,
       mode    => '0644',
       notify  => Service['jenkins']
     }

diff --git a/manifests/proxy.pp b/manifests/proxy.pp
@@ -10,10 +10,10 @@
   $proxy_port = $::jenkins::proxy_port
   $no_proxy_list = $::jenkins::no_proxy_list
 
-  file { '/var/lib/jenkins/proxy.xml':
+  file { "${::jenkins::localstatedir}/proxy.xml":
     content => template('jenkins/proxy.xml.erb'),
-    owner   => 'jenkins',
-    group   => 'jenkins',
+    owner   => $::jenkins::user,
+    group   => $::jenkins::group,
     mode    => '0644'
   }
 

diff --git a/spec/classes/jenkins_cli_helper_spec.rb b/spec/classes/jenkins_cli_helper_spec.rb
@@ -13,5 +13,14 @@
         that_comes_before('Anchor[jenkins::end]')
     end
   end
+
+  it do
+    should contain_file('/usr/lib/jenkins/puppet_helper.groovy').with(
+      :source => 'puppet:///modules/jenkins/puppet_helper.groovy',
+      :owner  => 'jenkins',
+      :group  => 'jenkins',
+      :mode   => '0444',
+    )
+  end
 end
 
diff --git a/spec/classes/jenkins_master_spec.rb b/spec/classes/jenkins_master_spec.rb
@@ -1,6 +1,7 @@
 require 'spec_helper'
 
 describe 'jenkins::master' do
+  let(:facts) {{ :osfamily => 'RedHat', :operatingsystem => 'CentOS' }}
 
   let(:params) { { :version => '1.2.3' } }
   it { should contain_jenkins__plugin('swarm').with_version('1.2.3') }