Configure swift credentials for workers to push to

This change adds credentials as set up by fungi (2014-04-05T03:16:46)
http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2014-04-05.log

This allows zuul to send signed URL's for workers to push files to on
a per-job basis.

This change will require a zuul restart, not just a reload!

Note this is unreverts the revert in
c1b98eaff618b8c739cc02f089ef6fe6c02cbcc3 but is slightly edited hence
the lack of a proper revert commit. The reason for the revert has been
debugged and was due to rax identity service not providing a catalog
entry for swift when a tenant name is provided.

Change-Id: I04d3207002f7422b9851515ee88a74b19dd2f248

manifests/site.pp

@@ -425,15 +425,24 @@ node 'nodepool.openstack.org' {
 
 node 'zuul.openstack.org' {
   class { 'openstack_project::zuul_prod':
-    gerrit_server        => 'review.openstack.org',
+    gerrit_server                  => 'review.openstack.org',
-    gerrit_user          => 'jenkins',
+    gerrit_user                    => 'jenkins',
-    gerrit_ssh_host_key  => hiera('gerrit_ssh_rsa_pubkey_contents'),
+    gerrit_ssh_host_key            => hiera('gerrit_ssh_rsa_pubkey_contents'),
-    zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents'),
+    zuul_ssh_private_key           => hiera('zuul_ssh_private_key_contents'),
-    url_pattern          => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
+    url_pattern                    => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}',
-    zuul_url             => 'http://zuul.openstack.org/p',
+    swift_authurl                  => 'https://identity.api.rackspacecloud.com/v2.0/',
-    sysadmins            => hiera('sysadmins'),
+    swift_user                     => 'infra-files-rw',
-    statsd_host          => 'graphite.openstack.org',
+    swift_key                      => hiera('infra_files_rw_password'),
-    gearman_workers      => [
+    # Yes, really unset the tenant name. Rax identity can't construct a
+    # proper catalog when we provide the tenant here.
+    swift_tenant_name              => '',
+    swift_region_name              => 'DFW',
+    swift_default_container        => 'infra-files',
+    swift_default_logserver_prefix => 'http://logs.openstack.org/',
+    zuul_url                       => 'http://zuul.openstack.org/p',
+    sysadmins                      => hiera('sysadmins'),
+    statsd_host                    => 'graphite.openstack.org',
+    gearman_workers                => [
       'nodepool.openstack.org',
       'jenkins.openstack.org',
       'jenkins01.openstack.org',

modules/openstack_project/manifests/zuul_prod.pp

@@ -9,6 +9,13 @@ class openstack_project::zuul_prod(
   $zuul_ssh_private_key = '',
   $url_pattern = '',
   $zuul_url = '',
+  $swift_authurl = '',
+  $swift_user = '',
+  $swift_key = '',
+  $swift_tenant_name = '',
+  $swift_region_name = '',
+  $swift_default_container = '',
+  $swift_default_logserver_prefix = '',
   $sysadmins = [],
   $statsd_host = '',
   $gearman_workers = [],
@@ -24,18 +31,25 @@ class openstack_project::zuul_prod(
   }
 
   class { '::zuul':
-    vhost_name           => $vhost_name,
+    vhost_name                     => $vhost_name,
-    gearman_server       => $gearman_server,
+    gearman_server                 => $gearman_server,
-    gerrit_server        => $gerrit_server,
+    gerrit_server                  => $gerrit_server,
-    gerrit_user          => $gerrit_user,
+    gerrit_user                    => $gerrit_user,
-    zuul_ssh_private_key => $zuul_ssh_private_key,
+    zuul_ssh_private_key           => $zuul_ssh_private_key,
-    url_pattern          => $url_pattern,
+    url_pattern                    => $url_pattern,
-    zuul_url             => $zuul_url,
+    zuul_url                       => $zuul_url,
-    job_name_in_report   => true,
+    job_name_in_report             => true,
-    status_url           => 'http://status.openstack.org/zuul/',
+    status_url                     => 'http://status.openstack.org/zuul/',
-    statsd_host          => $statsd_host,
+    statsd_host                    => $statsd_host,
-    git_email            => 'jenkins@openstack.org',
+    git_email                      => 'jenkins@openstack.org',
-    git_name             => 'OpenStack Jenkins',
+    git_name                       => 'OpenStack Jenkins',
+    swift_authurl                  => $swift_authurl,
+    swift_user                     => $swift_user,
+    swift_key                      => $swift_key,
+    swift_tenant_name              => $swift_tenant_name,
+    swift_region_name              => $swift_region_name,
+    swift_default_container        => $swift_default_container,
+    swift_default_logserver_prefix => $swift_default_logserver_prefix,
   }
 
   class { '::zuul::server': }

modules/zuul/manifests/init.pp

@@ -34,6 +34,13 @@ class zuul (
   $statsd_host = '',
   $git_email = '',
   $git_name = '',
+  $swift_authurl = '',
+  $swift_user = '',
+  $swift_key = '',
+  $swift_tenant_name = '',
+  $swift_region_name = '',
+  $swift_default_container = '',
+  $swift_default_logserver_prefix = '',
 ) {
   include apache
   include pip

modules/zuul/templates/zuul.conf.erb

@@ -30,3 +30,21 @@ git_user_email=<%= git_email %>
 <% if git_name != "" -%>
 git_user_name=<%= git_name %>
 <% end -%>
+
+<% if swift_authurl != "" -%>
+[swift]
+authurl=<%= swift_authurl %>
+user=<%= swift_user %>
+key=<%= swift_key %>
+<% if swift_tenant_name != "" -%>
+tenant_name=<%= swift_tenant_name %>
+<% else -%>
+# tenant_name is not provided here as some swift providers
+# do not have identity servers that work when tenant_name
+# is provided. You may set the tenant_name if necessary
+# but otherwise it is unset to accomodate these providers.
+<% end -%>
+region_name=<%= swift_region_name %>
+default_container=<%= swift_default_container %>
+default_logserver_prefix=<%= swift_default_logserver_prefix %>
+<% end -%>