wip: artifactory and required cleanups

Author: adriaanm

.chef/Vagrantfile

@@ -1,12 +1,20 @@
 # TODO: this kind of works, but the cookbook won't run in virtual box:
-#  - (scatter-gather workaround)
 #  - chef-solo can't access the vault on the chef server (passwords etc)
-# to make this work, you need to populate a cookbooks/ directory next to this file,
-# as documented in the README.md (use knife)
+# vagrant box add utopic-daily https://cloud-images.ubuntu.com/vagrant/utopic/current/utopic-server-cloudimg-amd64-vagrant-disk1.box
+# vagrant init utopic-daily
+# vagrant up
+# centos: vagrant box add chef/centos-7.0
 Vagrant.configure("2") do |config|
-  config.vm.box = "hashicorp/precise64"
+  config.vm.box = "utopic-daily"
   config.vm.provision :chef_solo do |chef|
+    chef.cookbooks_path = ["~/git/cookbooks"]
+    chef.node_name = "jenkins-master"
     chef.add_recipe("scala-jenkins-infra::master-init")
+    chef.add_recipe("scala-jenkins-infra::_master-config-proxy")
+  end
+  config.vm.network "public_network"
+  config.vm.provider "virtualbox" do |v|
+    v.memory = 4096
+    v.cpus = 2
   end
-  config.vm.network :forwarded_port, guest: 80, host: 11180
 end

README.md

@@ -169,30 +169,64 @@ Test if knife works correctly by running `knife cookbook list`.
 
 Obtain the organization validation key from Adriaan and put it to `.chef/config/$CHEF_ORG-validator.pem`. (Q: When is this key used exactly? https://docs.chef.io/chef_private_keys.html says it's when a new node runs `chef-client` for the first time.)
 
-## Get cookbooks
+## Clone scala-jenkins-infra cookbook and its dependencies
+
+I think you can safely ignore `ERROR: IOError: Cannot open or read **/metadata.rb!`
 
 ```
-git init .chef/cookbooks
-cd .chef/cookbooks
+cd ~/git/cookbooks
+git init .
 g commit --allow-empty -m"Initial" 
-```
-
-- knife cookbook site install wix 1.0.2 # newer versions don't work for me; also installs windows
-- knife cookbook site install aws
-- knife cookbook site install git
-- knife cookbook site install git_user
-  - knife cookbook site install partial_search
-- knife cookbook site install artifactory
 
-- move to unreleased versions on github:
-  - knife cookbook github install opscode-cookbooks/windows    # fix nosuchmethoderror (#150)
-  - knife cookbook github install adriaanm/java/windows-jdk1.6 # jdk 1.6 installer barfs on re-install -- wipe its INSTALLDIR
-  - knife cookbook github install adriaanm/jenkins/fix305      # ssl fail on windows
-  - knife cookbook github install adriaanm/scala-jenkins-infra
-  - knife cookbook github install adriaanm/chef-sbt
-  - knife cookbook github install gildegoma/chef-sbt-extras
-
-- knife cookbook upload --all
+hub clone scala/scala-jenkins-infra
+cd scala-jenkins-infra
+ln -sh ~/git/cookbooks .chef/
+
+knife site install cron
+knife site install logrotate
+knife site install chef_handler
+knife site install windows
+knife site install chef-client
+knife site install aws
+knife site install delayed_evaluator
+knife site install ebs
+knife site install java
+knife site install apt
+knife site install packagecloud
+knife site install runit
+knife site install yum
+knife site install jenkins
+knife site install 7-zip
+knife site install ark
+knife site install artifactory
+knife site install build-essential
+knife site install dmg
+knife site install yum-epel
+knife site install git
+knife site install user
+knife site install partial_search
+knife site install ssh_known_hosts
+knife site install git_user
+knife site install chef-sbt
+knife site install sbt-extras
+```
+
+### Switch to unreleased versions from github
+```
+//fixed: knife cookbook github install opscode-cookbooks/windows    # fix nosuchmethoderror (#150)
+//knife cookbook github install adriaanm/jenkins/fix305      # ssl fail on windows -- fix pending: https://github.com/opscode-cookbooks/jenkins/pull/313
+knife cookbook github install b-dean/jenkins/http_ca_fixes  # pending fix for above ^^^
+
+knife cookbook github install adriaanm/java/windows-jdk1.6 # jdk 1.6 installer barfs on re-install -- wipe its INSTALLDIR
+knife cookbook github install adriaanm/chef-sbt
+knife cookbook github install gildegoma/chef-sbt-extras
+knife cookbook github install adriaanm/artifactory
+```
+
+### Upload cookbooks to chef server
+```
+knife cookbook upload --all
+```
 
 ## Cache installers locally
 - they are tricky to access, might disappear,...

attributes/master.rb

@@ -1,77 +1,99 @@
-# EBS
-default['ebs']['volumes']['/var/lib/jenkins']['size']      = 100 # size of the volume correlates to speed (in IOPS)
-default['ebs']['volumes']['/var/lib/jenkins']['dev']       = "/dev/sdj"
-default['ebs']['volumes']['/var/lib/jenkins']['fstype']    = "ext4"
-default['ebs']['volumes']['/var/lib/jenkins']['user']      = "jenkins"
-default['ebs']['volumes']['/var/lib/jenkins']['mountopts'] = 'noatime'
+scalaCiHost = "scala-ci.typesafe.com"
+scalaCiPort = 443
 
-default['ebs']['volumes']['/var/lib/artifactory']['size']      = 200 # size of the volume correlates to speed (in IOPS)
-default['ebs']['volumes']['/var/lib/artifactory']['dev']       = "/dev/sdk"
-default['ebs']['volumes']['/var/lib/artifactory']['fstype']    = "ext4"
-default['ebs']['volumes']['/var/lib/artifactory']['user']      = "artifactory"
-default['ebs']['volumes']['/var/lib/artifactory']['mountopts'] = 'noatime'
+# JENKINS WORKER CONFIG
+default['repos']['private']['realm']        = "Artifactory Realm"
+default['repos']['private']['host']         = "private-repo.typesafe.com"
+default['repos']['private']['pr-snap']      = "http://private-repo.typesafe.com/typesafe/scala-pr-validation-snapshots/"
+default['repos']['private']['release-temp'] = "http://private-repo.typesafe.com/typesafe/scala-release-temp/"
+default['s3']['downloads']['host'] = "downloads.typesafe.com.s3.amazonaws.com"
 
-# JENKINS
-override['jenkins']['master']['install_method'] = 'war'
-override['jenkins']['master']['listen_address'] = '127.0.0.1' # external traffic must go through nginx
-override['jenkins']['master']['user']           = 'jenkins'
-override['jenkins']['master']['group']          = 'jenkins'
-override['jenkins']['master']['jvm_options']    = '-server -Xmx4G -XX:MaxPermSize=512M -XX:+HeapDumpOnOutOfMemoryError' # -Dfile.encoding=UTF-8
+if node.name == "jenkins-master"
+  # EBS
+  default['ebs']['volumes']['/var/lib/jenkins']['size']      = 100 # size of the volume correlates to speed (in IOPS)
+  default['ebs']['volumes']['/var/lib/jenkins']['dev']       = "/dev/sdj"
+  default['ebs']['volumes']['/var/lib/jenkins']['fstype']    = "ext4"
+  default['ebs']['volumes']['/var/lib/jenkins']['user']      = "jenkins"
+  default['ebs']['volumes']['/var/lib/jenkins']['mountopts'] = 'noatime'
 
-# To pin the jenkins version, must also override override['jenkins']['master']['source'] !!!
-# override['jenkins']['master']['version']  = '1.555'
-# override['jenkins']['master']['source']   = "#{node['jenkins']['master']['mirror']}/war/#{node['jenkins']['master']['version']}/jenkins.war"
-# override['jenkins']['master']['checksum'] = '31f5c2a3f7e843f7051253d640f07f7c24df5e9ec271de21e92dac0d7ca19431'
+  default['ebs']['volumes']['/var/lib/artifactory']['size']      = 200 # size of the volume correlates to speed (in IOPS)
+  default['ebs']['volumes']['/var/lib/artifactory']['dev']       = "/dev/sdk"
+  default['ebs']['volumes']['/var/lib/artifactory']['fstype']    = "ext4"
+  default['ebs']['volumes']['/var/lib/artifactory']['user']      = "artifactory"
+  default['ebs']['volumes']['/var/lib/artifactory']['mountopts'] = 'noatime'
 
-## GITHUB OAUTH
-default['master']['github']['webUri']                               = 'https://github.com/'
-default['master']['github']['apiUri']                               = 'https://api.github.com'
-default['master']['github']['adminUserNames']                       = 'adriaanm,retronym,lrytz,chef,scala-jenkins'
-default['master']['github']['organizationNames']                    = 'scala'
-default['master']['github']['useRepositoryPermissions']             = 'true'
-default['master']['github']['allowAnonymousReadPermission']         = 'true'
-default['master']['github']['authenticatedUserReadPermission']      = 'true'
-default['master']['github']['allowGithubWebHookPermission']         = 'true'
-default['master']['github']['allowCcTrayPermission']                = 'false'
-default['master']['github']['authenticatedUserCreateJobPermission'] = 'false'
+  # JAVA
+  default['java']['jdk_version']    = '7'
+  default['java']['install_flavor'] = 'openjdk'
 
-## CONTACT INFO
-default['master']['adminAddress'] = "[email protected]"
-default['master']['jenkinsHost']  = "scala-ci.typesafe.com" # duplicated because attributes can't refer to each other...
-default['master']['jenkinsUrl']   = "https://scala-ci.typesafe.com/"
-default['master']['jenkins']['notifyUrl'] = "http://scala-ci.typesafe.com:8888/jenkins"
+  # ARTIFACTORY
+  default['artifactory']['zip_url']            = 'http://dl.bintray.com/content/jfrog/artifactory/artifactory-3.6.0.zip?direct'
+  default['artifactory']['zip_checksum']       = '72c375ab659d302da0b196349e152f3d799c3cada2f4d09f9399281a06d880e8'
+  default['artifactory']['home']               = '/var/lib/artifactory'
+  default['artifactory']['log_dir']            = '/var/lib/artifactory/logs'
+  default['artifactory']['java']['xmx']        = '2g'
+  default['artifactory']['java']['extra_opts'] = '-server'
+  default['artifactory']['user']               = 'artifactory'
+  default['artifactory']['proxyName']          = scalaCiHost
+  default['artifactory']['proxyPort']          = scalaCiPort
+  default['artifactory']['address']            = "localhost"
+  default['artifactory']['port']               = 8282 # internal use over http
+  default['artifactory']['install_java']       = false
 
-## WORKER CONFIG
-default['repos']['private']['realm']        = "Artifactory Realm"
-default['repos']['private']['host']         = "private-repo.typesafe.com"
-default['repos']['private']['pr-snap']      = "http://private-repo.typesafe.com/typesafe/scala-pr-validation-snapshots/"
-default['repos']['private']['release-temp'] = "http://private-repo.typesafe.com/typesafe/scala-release-temp/"
+  # JENKINS
+  override['jenkins']['master']['install_method'] = 'war'
+  override['jenkins']['master']['listen_address'] = '127.0.0.1' # external traffic must go through nginx
+  override['jenkins']['master']['user']           = 'jenkins'
+  override['jenkins']['master']['group']          = 'jenkins'
+  override['jenkins']['master']['jvm_options']    = '-server -Xmx4G -XX:MaxPermSize=512M -XX:+HeapDumpOnOutOfMemoryError' # -Dfile.encoding=UTF-8
 
-default['s3']['downloads']['host'] = "downloads.typesafe.com.s3.amazonaws.com"
+  # To pin the jenkins version, must also override override['jenkins']['master']['source'] !!!
+  # override['jenkins']['master']['version']  = '1.555'
+  # override['jenkins']['master']['source']   = "#{node['jenkins']['master']['mirror']}/war/#{node['jenkins']['master']['version']}/jenkins.war"
+  # override['jenkins']['master']['checksum'] = '31f5c2a3f7e843f7051253d640f07f7c24df5e9ec271de21e92dac0d7ca19431'
+
+  ## GITHUB OAUTH
+  default['master']['github']['webUri']                               = 'https://github.com/'
+  default['master']['github']['apiUri']                               = 'https://api.github.com'
+  default['master']['github']['adminUserNames']                       = 'adriaanm,retronym,lrytz,chef,scala-jenkins'
+  default['master']['github']['organizationNames']                    = 'scala'
+  default['master']['github']['useRepositoryPermissions']             = 'true'
+  default['master']['github']['allowAnonymousReadPermission']         = 'true'
+  default['master']['github']['authenticatedUserReadPermission']      = 'true'
+  default['master']['github']['allowGithubWebHookPermission']         = 'true'
+  default['master']['github']['allowCcTrayPermission']                = 'false'
+  default['master']['github']['authenticatedUserCreateJobPermission'] = 'false'
+
+  ## CONTACT INFO
+  default['master']['adminAddress']         = "[email protected]"
+  default['master']['jenkinsHost']          = scalaCiHost
+  default['master']['jenkinsUrl']           = "https://#{scalaCiHost}/"
+  default['master']['jenkins']['notifyUrl'] = "http://#{scalaCiHost}:8888/jenkins" # scabot listens here
 
-# see below (note that default['master']['env'] can only indirect through node -- workerJavaOpts is not in scope)
-workerJavaOpts = "-Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4"
-default['jenkinsEnv']['JAVA_OPTS']  = workerJavaOpts
-default['jenkinsEnv']['ANT_OPTS']   = workerJavaOpts
-default['jenkinsEnv']['MAVEN_OPTS'] = workerJavaOpts # doesn't technically need the -Dpartest one, but oh well
+  # see below (note that default['master']['env'] can only indirect through node -- workerJavaOpts is not in scope)
+  workerJavaOpts = "-Dfile.encoding=UTF-8 -server -XX:+AggressiveOpts -XX:+UseParNewGC -Xmx2G -Xss1M -XX:MaxPermSize=512M -XX:ReservedCodeCacheSize=128M -Dpartest.threads=4"
+  default['jenkinsEnv']['JAVA_OPTS']  = workerJavaOpts
+  default['jenkinsEnv']['ANT_OPTS']   = workerJavaOpts
+  default['jenkinsEnv']['MAVEN_OPTS'] = workerJavaOpts # doesn't technically need the -Dpartest one, but oh well
 
-# NOTE: This is a string that represents a closure that closes over the worker node for which it computes the environment.
-# (by convention -- see `environment((eval node["master"]["env"])...` in _master-config-workers
-# Since we can't marshall closures, while attributes need to be sent from master to workers, we must encode them as something that can be shipped...
-default['master']['env'] = <<-'EOH'.gsub(/^ {2}/, '')
-  lambda{| node | Chef::Node::ImmutableMash.new({
-    "JAVA_HOME"          => node['java']['java_home'], # we get the jre if we don't do this
-    "JAVA_OPTS"          => node['jenkinsEnv']['JAVA_OPTS'],
-    "ANT_OPTS"           => node['jenkinsEnv']['ANT_OPTS'],
-    "MAVEN_OPTS"         => node['jenkinsEnv']['MAVEN_OPTS'],
-    "prRepoUrl"          => node['repos']['private']['pr-snap'],
-    "releaseTempRepoUrl" => node['repos']['private']['release-temp']
-  })}
-  EOH
+  # NOTE: This is a string that represents a closure that closes over the worker node for which it computes the environment.
+  # (by convention -- see `environment((eval node["master"]["env"])...` in _master-config-workers
+  # Since we can't marshall closures, while attributes need to be sent from master to workers, we must encode them as something that can be shipped...
+  default['master']['env'] = <<-'EOH'.gsub(/^ {2}/, '')
+    lambda{| node | Chef::Node::ImmutableMash.new({
+      "JAVA_HOME"          => node['java']['java_home'], # we get the jre if we don't do this
+      "JAVA_OPTS"          => node['jenkinsEnv']['JAVA_OPTS'],
+      "ANT_OPTS"           => node['jenkinsEnv']['ANT_OPTS'],
+      "MAVEN_OPTS"         => node['jenkinsEnv']['MAVEN_OPTS'],
+      "prRepoUrl"          => node['repos']['private']['pr-snap'],
+      "releaseTempRepoUrl" => node['repos']['private']['release-temp']
+    })}
+    EOH
 
-## PLUGIN
-default['master']['ec2-start-stop']['url'] = 'https://dl.dropboxusercontent.com/u/12862572/ec2-start-stop.hpi'
+  ## PLUGIN
+  default['master']['ec2-start-stop']['url'] = 'https://dl.dropboxusercontent.com/u/12862572/ec2-start-stop.hpi'
 
-# SCABOT
-default['scabot']['jenkins']['user']     = "scala-jenkins"
-default['scabot']['github']['repo_user'] = "scala"
+  # SCABOT
+  default['scabot']['jenkins']['user']     = "scala-jenkins"
+  default['scabot']['github']['repo_user'] = "scala"
+end