m 3 buildbot/master: add secrets
This commit is contained in:
parent
81badfd47e
commit
d574c0ef78
|
@ -132,6 +132,16 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
secrets = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf types.str;
|
||||||
|
example = [ "cac.json" ];
|
||||||
|
description = ''
|
||||||
|
List of all the secrets in <secrets> which should be copied into the
|
||||||
|
buildbot master directory.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
slaves = mkOption {
|
slaves = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
type = types.attrsOf types.str;
|
type = types.attrsOf types.str;
|
||||||
|
@ -344,10 +354,10 @@ let
|
||||||
fi
|
fi
|
||||||
# always override the master.cfg
|
# always override the master.cfg
|
||||||
cp ${buildbot-master-config} ${workdir}/master.cfg
|
cp ${buildbot-master-config} ${workdir}/master.cfg
|
||||||
|
|
||||||
# copy secrets
|
# copy secrets
|
||||||
cp ${secretsdir}/cac.json ${workdir}
|
${ concatMapStringsSep "\n"
|
||||||
cp ${secretsdir}/retiolum-ci.rsa_key.priv \
|
(f: "cp ${secretsdir}/${f} ${workdir}/${f}" ) cfg.secrets }
|
||||||
${workdir}/retiolum.rsa_key.priv
|
|
||||||
# sanity
|
# sanity
|
||||||
${buildbot}/bin/buildbot checkconfig ${workdir}
|
${buildbot}/bin/buildbot checkconfig ${workdir}
|
||||||
|
|
||||||
|
|
|
@ -8,6 +8,9 @@ in {
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
networking.firewall.allowedTCPPorts = [ 8010 9989 ];
|
||||||
krebs.buildbot.master = {
|
krebs.buildbot.master = {
|
||||||
|
secrets = [
|
||||||
|
"cac.json"
|
||||||
|
];
|
||||||
slaves = {
|
slaves = {
|
||||||
testslave = "krebspass";
|
testslave = "krebspass";
|
||||||
omo = "krebspass";
|
omo = "krebspass";
|
||||||
|
@ -93,9 +96,8 @@ in {
|
||||||
# slave needs 2 files:
|
# slave needs 2 files:
|
||||||
# * cac.json
|
# * cac.json
|
||||||
# * retiolum
|
# * retiolum
|
||||||
for file in ["cac.json", "retiolum.rsa_key.priv"]:
|
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/cac.json", slavedest="cac.json"))
|
||||||
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/{}".format(file),
|
s.addStep(steps.FileDownload(mastersrc="${config.krebs.buildbot.master.workDir}/retiolum-ci.rsa_key.priv", slavedest="retiolum.rsa_key.priv"))
|
||||||
slavedest=file))
|
|
||||||
|
|
||||||
addShell(s, name="infest-cac-centos7",env=env,
|
addShell(s, name="infest-cac-centos7",env=env,
|
||||||
sigtermTime=60, # SIGTERM 1 minute before SIGKILL
|
sigtermTime=60, # SIGTERM 1 minute before SIGKILL
|
||||||
|
|
Loading…
Reference in New Issue
Block a user