opendev/puppet-gerrit
Code Issues Proposed changes

Install and manage more of Gerrit.

Browse Source 
Upgrade gerrit to 2.3.0.

Add management of the apache virtualhost.

Remove gerrit body styling (including the javascript hack) in favor
of using the gerrit theme config options for body styling.  Keep header
and top menu changes.  This should make it easier to keep up with new
gerrit versions without chasing weird GWT changes.

Add management of the gerrit init script.

Add management of MySQL.

Add installation and upgrading of Gerrit.

Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
This commit is contained in:
James E. Blair 2012-04-10 01:16:47 +00:00
parent 23fc190929
commit e45e00f4d3
7 changed files with 543 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
files/GerritSite.css
View File

@ -11,20 +11,6 @@ a.gwt-InlineHyperlink {background: none !important}
#gerrit_topmenu tbody tr td table {border: 0}
#gerrit_body table {background: none;}
#gerrit_body:not(.patch) td {border-bottom: 1px solid #C5E2EA; border-right: 1px solid #C5E2EA}
#gerrit_body:not(.patch) tr:nth-child(even) {background: #EEF3F5; color: #353535}
#gerrit_body:not(.patch) tr:nth-child(odd) {background: #FFF; color: #353535}
#gerrit_body.patch tr {background: #FFF; color: #353535}
#gerrit_body:not(.patch) tr:nth-child(even)>td {background: #EEF3F5; color: #353535}
#gerrit_body:not(.patch) tr:nth-child(odd)>td {background: #FFF; color: #353535}
#gerrit_body tr:nth-child(even)>td.header {background: #EEF3F5; font-style: normal; color: #353535; font-weight: bold;}
#gerrit_body tr:nth-child(odd)>td.header {background: #FFF; font-style: normal; color: #353535; font-weight: bold;}
#gerrit_body tr>td div {background-color: transparent; color: #353535}
#gerrit_body tr>td div a {background-color: transparent; color: #353535}
#gerrit_body tr:first-child>td {color: #353535; background: #FFF}
#gerrit_topmenu tbody tr td table.gwt-TabBar {color: #353535; border-bottom: 1px solid #C5E2EA;}
#gerrit_topmenu .gwt-Button {padding: 3px 6px}
.gwt-TabBarItem-selected {color: #CF2F19 !important; border-bottom: 3px solid #CF2F19;}

20
files/GerritSiteHeader.html
View File

@ -1,23 +1,3 @@
<div>
<h1 style="color: #CF2F19"><img src="static/title.png" style="vertical-align:middle;" /> Code Review</h1>
<script type="text/javascript">
function getHash() {
var hash = window.location.hash;
return hash.substring(1); // remove #
}
window.onload = setTimeout(add_patch_tag, 1000)
window.onhashchange = add_patch_tag
function add_patch_tag() {
var hash_arr= getHash().split(",");
var elem = document.getElementById("gerrit_body");
if (hash_arr[0] == 'patch') {
elem.className = elem.className + ' patch';
} else {
elem.className = elem.className.replace(' patch', '');
}
}
</script>
</div>

1
files/gerritcodereview.default Normal file
View File

@ -0,0 +1 @@
GERRIT_SITE=/home/gerrit2/review_site

131
files/my.cnf Normal file
View File

@ -0,0 +1,131 @@
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
default-storage-engine=INNODB
#
# * IMPORTANT
# If you make changes to these settings and your system uses apparmor, you may
# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
#
user = mysql
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
log_error = /var/log/mysql/error.log
# Here you can see queries with especially long duration
#log_slow_queries = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
server-id = 1
log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

407
manifests/init.pp
View File

@ -1,23 +1,73 @@
class gerrit($canonicalweburl='',
$openidssourl="https://login.launchpad.net/+openid",
$email='',
$github_projects = [],
$commentlinks = [ { name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z' },
# Install and maintain Gerrit Code Review.
# params:
# virtual_hostname:
# used in the Apache virtual host, eg., review.example.com
# canonicalweburl:
# Used in the Gerrit config to generate links, eg., https://review.example.com/
# ssl_cert_file:
# ssl_key_file:
# Used in the Apache virtual host to specify the SSL cert and key files.
# ssl_chain_file:
# Optional, if you have an intermediate cert Apache should serve.
# openidssourl:
# The URL to use for OpenID in SSO mode.
# email:
# The email address Gerrit should use when sending mail.
# commentlinks:
# A list of regexes Gerrit should hyperlink.
# logo:
# The name of the image file for the site header.
# war:
# The URL of the Gerrit WAR that should be downloaded and installed.
# Note that only the final component is used for comparing to the most
# recently installed WAR. In other words, if you update the war from:
#
# http://ci.openstack.org/tarballs/gerrit.war
# to:
# http://somewhereelse.example.com/gerrit.war
#
# Gerrit won't be updated unless you delete gerrit.war from
# ~gerrit2/gerrit-wars. But if you change the URL from:
#
# http://ci.openstack.org/tarballs/gerrit-2.2.2.war
# to:
# http://ci.openstack.org/tarballs/gerrit-2.3.0.war
# Gerrit will be upgraded on the next puppet run.
{ name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => 'https://code.launchpad.net/bugs/$2' },
# TODO: move closing github pull requests to another module
# TODO: move gerritbot configuration to another module
# TODO: move apache configuration to another module
# TODO: move mysql configuration to another module
# TODO: make more gerrit options configurable here
{ name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' },
class gerrit($virtual_hostname='',
$canonicalweburl='',
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file='',
$openidssourl="https://login.launchpad.net/+openid",
$email='',
$github_projects = [],
$commentlinks = [ { name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z' },
{ name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => 'https://code.launchpad.net/bugs/$2' },
{ name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' },
],
$logo
$logo,
$war
) {
# Set this to true to disable cron jobs and replication, which can
# interfere with testing.
$testmode = false
user { "gerrit2":
ensure => present,
comment => "Gerrit",
@ -32,62 +82,72 @@ $logo
ensure => present
}
package { "gitweb":
ensure => latest
}
package { "python-dev":
ensure => latest
$packages = ["gitweb",
"python-dev",
"openjdk-6-jre-headless",
"mysql-server",
"apache2"]
package { $packages:
ensure => "latest",
}
package { "python-pip":
ensure => latest,
require => Package[python-dev]
}
package { "github2":
ensure => latest,
provider => pip,
require => Package[python-pip]
}
cron { "gerritupdateci":
user => gerrit2,
minute => "*/15",
command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
}
# Skip cron jobs if we're in test mode
if ($testmode == false) {
cron { "gerritupdateci":
user => gerrit2,
minute => "*/15",
command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
}
cron { "gerritsyncusers":
user => gerrit2,
minute => "*/15",
command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
}
cron { "gerritsyncusers":
user => gerrit2,
minute => "*/15",
command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
}
cron { "gerritclosepull":
user => gerrit2,
minute => "*/5",
command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
}
cron { "gerritclosepull":
user => gerrit2,
minute => "*/5",
command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
}
cron { "expireoldreviews":
user => gerrit2,
hour => 6,
minute => 3,
command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
}
cron { "expireoldreviews":
user => gerrit2,
hour => 6,
minute => 3,
command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
}
cron { "gerrit_repack":
user => gerrit2,
weekday => 0,
hour => 4,
minute => 7,
command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
}
cron { "gerrit_repack":
user => gerrit2,
weekday => 0,
hour => 4,
minute => 7,
command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
}
} # testmode==false
file { "/var/log/gerrit":
ensure => "directory",
owner => 'gerrit2'
}
# directory creation hacks until we can automate gerrit installation
# Prepare gerrit directories. Even though some of these would be created
# by the init command, we can go ahead and create them now and populate them.
# That way the config files are already in place before init runs.
file { "/home/gerrit2/review_site":
ensure => "directory",
@ -101,6 +161,12 @@ $logo
require => File["/home/gerrit2/review_site"]
}
file { "/home/gerrit2/review_site/bin":
ensure => "directory",
owner => "gerrit2",
require => File["/home/gerrit2/review_site"]
}
file { "/home/gerrit2/review_site/hooks":
ensure => "directory",
owner => "gerrit2",
@ -143,14 +209,17 @@ $logo
source => 'puppet:///modules/gerrit/GerritSiteHeader.html'
}
file { '/home/gerrit2/review_site/etc/replication.config':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/gerrit/replication.config',
replace => 'true',
require => File["/home/gerrit2/review_site/etc"]
# Skip replication if we're in test mode
if ($testmode == false) {
file { '/home/gerrit2/review_site/etc/replication.config':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/gerrit/replication.config',
replace => 'true',
require => File["/home/gerrit2/review_site/etc"]
}
}
file { '/home/gerrit2/review_site/etc/gerrit.config':
@ -193,4 +262,228 @@ $logo
require => File["/home/gerrit2/review_site/static"]
}
# Secret files.
# TODO: move the first two into other modules since they aren't for gerrit.
# TODO: move secure.config to a puppet master
file { '/home/gerrit2/github.secure.config':
owner => 'root',
group => 'gerrit2',
mode => 440,
ensure => 'present',
source => 'file:///root/secret-files/github.secure.config',
replace => 'true',
require => User['gerrit2']
}
file { '/home/gerrit2/gerritbot.config':
owner => 'root',
group => 'gerrit2',
mode => 440,
ensure => 'present',
source => 'file:///root/secret-files/gerritbot.config',
replace => 'true',
require => User['gerrit2']
}
file { '/home/gerrit2/review_site/etc/secure.config':
owner => 'root',
group => 'gerrit2',
mode => 440,
ensure => 'present',
source => 'file:///root/secret-files/secure.config',
replace => 'true',
require => File["/home/gerrit2/review_site/etc"]
}
# Set up MySQL.
# We should probably have or use a puppet module to manage mysql, and then
# use that to satisfy the requirements that gerrit has.
exec { "gerrit-mysql":
creates => "/var/lib/mysql/reviewdb/",
command => "/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -e \"\
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY '`grep password /home/gerrit2/review_site/etc/secure.config |cut -d= -f2|sed -e 's/ //'`';\
CREATE DATABASE reviewdb;\
ALTER DATABASE reviewdb charset=latin1;\
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';\
FLUSH PRIVILEGES;\"",
require => [File['/home/gerrit2/review_site/etc/secure.config'], Package["mysql-server"]],
}
file { "/etc/mysql/my.cnf":
source => 'puppet:///modules/gerrit/my.cnf',
owner => 'root',
group => 'root',
ensure => 'present',
replace => 'true',
mode => 444,
require => Package["mysql-server"],
}
# Set up apache. This should also be a separate, generalized module.
file { "/etc/apache2/sites-available/gerrit":
content => template('gerrit/gerrit.vhost.erb'),
owner => 'root',
group => 'root',
ensure => 'present',
replace => 'true',
mode => 444,
require => Package["apache2"],
}
file { "/etc/apache2/sites-enabled/gerrit":
ensure => link,
target => '/etc/apache2/sites-available/gerrit',
require => [
File['/etc/apache2/sites-available/gerrit'],
File['/etc/apache2/mods-enabled/ssl.conf'],
File['/etc/apache2/mods-enabled/ssl.load'],
File['/etc/apache2/mods-enabled/rewrite.load'],
File['/etc/apache2/mods-enabled/proxy.conf'],
File['/etc/apache2/mods-enabled/proxy.load'],
File['/etc/apache2/mods-enabled/proxy_http.load'],
],
}
file { '/etc/apache2/sites-enabled/000-default':
require => File['/etc/apache2/sites-available/gerrit'],
ensure => absent,
}
file { '/etc/apache2/mods-enabled/ssl.conf':
target => '/etc/apache2/mods-available/ssl.conf',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/ssl.load':
target => '/etc/apache2/mods-available/ssl.load',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/rewrite.load':
target => '/etc/apache2/mods-available/rewrite.load',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/proxy.conf':
target => '/etc/apache2/mods-available/proxy.conf',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/proxy.load':
target => '/etc/apache2/mods-available/proxy.load',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/proxy_http.load':
target => '/etc/apache2/mods-available/proxy_http.load',
ensure => link,
require => Package['apache2'],
}
exec { "gracefully restart apache":
subscribe => [ File["/etc/apache2/sites-available/gerrit"]],
refreshonly => true,
path => "/bin:/usr/bin:/usr/sbin",
command => "apache2ctl graceful",
}
# Install Gerrit itself.
# The Gerrit WAR is specified as a url like 'http://ci.openstack.org/tarballs/gerrit-2.2.2-363-gd0a67ce.war'
# Set $basewar so that we can work with filenames like gerrit-2.2.2-363-gd0a67ce.war'.
if $war =~ /.*\/(.*)/ {
$basewar = $1
} else {
$basewar = $war
}
# This directory is used to download and cache gerrit war files.
# That way the download and install steps are kept separate.
file { "/home/gerrit2/gerrit-wars":
ensure => "directory",
require => User["gerrit2"]
}
# If we don't already have the specified WAR, download it.
exec { "download:$war":
command => "/usr/bin/wget $war -O /home/gerrit2/gerrit-wars/$basewar",
creates => "/home/gerrit2/gerrit-wars/$basewar",
require => File["/home/gerrit2/gerrit-wars"],
}
# If gerrit.war isn't the same as $basewar, install it.
file { "/home/gerrit2/review_site/bin/gerrit.war":
source => "file:///home/gerrit2/gerrit-wars/$basewar",
require => Exec["download:$war"],
ensure => present,
replace => 'true',
# user, group, and mode have to be set this way to avoid retriggering gerrit-init on every run
# because gerrit init sets them this way
owner => 'gerrit2',
group => 'gerrit2',
mode => 644,
}
# If gerrit.war was just installed, run the Gerrit "init" command.
# Stop is included here because it may not be running or the init
# script may not exist, and in those cases, we don't care if it fails.
# Running the init script as the gerrit2 user _does_ work.
exec { "gerrit-init":
user => 'gerrit2',
command => "/etc/init.d/gerrit stop; /usr/bin/java -jar /home/gerrit2/review_site/bin/gerrit.war init -d /home/gerrit2/review_site --batch --no-auto-start",
subscribe => File["/home/gerrit2/review_site/bin/gerrit.war"],
refreshonly => true,
require => [Package["openjdk-6-jre-headless"],
User["gerrit2"],
Exec["gerrit-mysql"],
File["/etc/mysql/my.cnf"], # For innodb default tables
File["/home/gerrit2/review_site/etc/gerrit.config"],
File["/home/gerrit2/review_site/etc/secure.config"]],
notify => Exec["gerrit-start"],
}
# Symlink the init script.
file { "/etc/init.d/gerrit":
ensure => link,
target => '/home/gerrit2/review_site/bin/gerrit.sh',
require => Exec['gerrit-init'],
}
# The init script requires the path to gerrit to be set.
file { "/etc/default/gerritcodereview":
source => 'puppet:///modules/gerrit/gerritcodereview.default',
ensure => present,
replace => 'true',
owner => 'root',
group => 'root',
mode => 444,
}
# Make sure the init script starts on boot.
file { ['/etc/rc0.d/K10gerrit',
'/etc/rc1.d/K10gerrit',
'/etc/rc2.d/S90gerrit',
'/etc/rc3.d/S90gerrit',
'/etc/rc4.d/S90gerrit',
'/etc/rc5.d/S90gerrit',
'/etc/rc6.d/K10gerrit']:
ensure => link,
target => '/etc/init.d/gerrit',
require => File['/etc/init.d/gerrit'],
}
exec { "gerrit-start":
command => '/etc/init.d/gerrit start',
require => File['/etc/init.d/gerrit'],
refreshonly => true,
}
}

8
templates/gerrit.config.erb
View File

@ -10,7 +10,7 @@
database = reviewdb
username = gerrit2
poolLimit = 32
connectionpool = true
connectionpool = true
[auth]
type = OPENID_SSO
openIdSsoUrl = <%= openidssourl %>
@ -38,3 +38,9 @@
match = "<%= commentlink['match'] %>"
link = "<%= commentlink['link'] %>"
<% end -%>
[theme]
backgroundColor = ffffff
topMenuColor = ffffff
textColor = 264d69
trimColor = eef3f5
selectionColor = d1e6ea

54
templates/gerrit.vhost.erb Normal file
View File

@ -0,0 +1,54 @@
<VirtualHost *:80>
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
Redirect / <%= canonicalweburl %>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
SSLEngine on
SSLCertificateFile <%= ssl_cert_file %>
SSLCertificateKeyFile <%= ssl_key_file %>
<% if ssl_chain_file != "" %>
SSLCertificateChainFile <%= ssl_chain_file %>
<% end %>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= virtual_hostname %>
RewriteRule ^.*$ <%= canonicalweburl %>
ProxyPassReverse / http://localhost:8081/
<Location />
Order allow,deny
Allow from all
ProxyPass http://localhost:8081/ retry=0
</Location>
</VirtualHost>
</IfModule>