opendev/system-config
Code Issues Proposed changes
096b74896a
system-config/modules/gerrit/manifests/init.pp

696 lines
21 KiB
ObjectPascal
Raw Normal View History

Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# Install and maintain Gerrit Code Review.
# params:
Support configurable mysql host in gerrit In further support of using a trove db, remove the gerrit::mysql module from review-dev. Plumb mysql_host throughout and remove the no longer necessary mysql_root_password. Configure review-dev to use mysql_host from hiera, but configure review to use 'localhost'. Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
2014-04-23 10:29:25 -07:00
# mysql_host:
# The mysql host to which gerrit should connect.
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# mysql_password:
# The password with which gerrit connects to mysql.
Align all web server usage on apache module. Change-Id: Idd712a8ee5ec81c6b88b7d3e2270dce4da254927 Reviewed-on: https://review.openstack.org/10838 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-04 13:10:26 -05:00
# vhost_name:
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# used in the Apache virtual host, eg., review.example.com
# canonicalweburl:
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
# Used in the Gerrit config to generate links,
# eg., https://review.example.com/
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# ssl_cert_file:
# ssl_key_file:
# Used in the Apache virtual host to specify the SSL cert and key files.
# ssl_chain_file:
# Optional, if you have an intermediate cert Apache should serve.
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
# ssl_*_file_contents:
# Optional, the contents of the respective cert files as a string. Will be
# used to have Puppet ensure the contents of these files. Default value of
# '' means Puppet should not manage these files.
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# openidssourl:
# The URL to use for OpenID in SSO mode.
# email:
# The email address Gerrit should use when sending mail.
Un-Revert "Make gerrit email server configurable" This time, make the default value false instead of empty string. This reverts commit 99d3283dc246da4b4d2d26ecfb193b308881f05d Change-Id: I88108ff75f1c2bd3aa78856c186312340258ec3c
2013-10-08 22:11:32 +00:00
# smtpserver:
# The smtp server that Gerrit should send mail through.
# sendemail_from:
# gerrit.conf value for sendemail.from.
More gerrit tuning. Increase the heap size and dramatically increase the ssh threads. Add some more recommended parameters (see site manifest for details). Parameterize tunables in gerrit config file. Change-Id: Ia6446b29426f56a77425eed93a7f0e448c3cd7b1
2012-05-29 18:12:35 +00:00
# database_poollimit:
# container_heaplimit:
# core_packedgitopenfiles:
# core_packedgitlimit:
# core_packedgitwindowsize:
# sshd_threads:
Add support for parameterized gerrit ports. Actually, it's support for parameterized listen_address, but the real thing you want it for is setting the port. Change-Id: If75fedce32f35a8f72c92fc709d5c9e8b2d35235 Reviewed-on: https://review.openstack.org/33925 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-06-20 22:09:09 -07:00
# sshd_listen_address:
More gerrit tuning. Increase the heap size and dramatically increase the ssh threads. Add some more recommended parameters (see site manifest for details). Parameterize tunables in gerrit config file. Change-Id: Ia6446b29426f56a77425eed93a7f0e448c3cd7b1
2012-05-29 18:12:35 +00:00
# httpd_acceptorthreads:
# httpd_minthreads:
# httpd_maxthreads:
Add httpd_maxwait parameter to gerrit module. Was missing from earlier change that added it to the invocation. Change-Id: I71d9b62e1b959fbd9d87f21800d47606be31d95a
2012-07-03 06:38:51 -07:00
# httpd_maxwait:
More gerrit tuning. Increase the heap size and dramatically increase the ssh threads. Add some more recommended parameters (see site manifest for details). Parameterize tunables in gerrit config file. Change-Id: Ia6446b29426f56a77425eed93a7f0e448c3cd7b1
2012-05-29 18:12:35 +00:00
# Gerrit configuration options; see Gerrit docs.
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# commentlinks:
# A list of regexes Gerrit should hyperlink.
# war:
# The URL of the Gerrit WAR that should be downloaded and installed.
# Note that only the final component is used for comparing to the most
# recently installed WAR. In other words, if you update the war from:
#
Tarballs site has moved. Change-Id: I9bca1fcb1692d139a397f77edbb11e231057054b
2012-07-06 12:48:38 -05:00
# http://tarballs.openstack.org/ci/gerrit.war
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# to:
# http://somewhereelse.example.com/gerrit.war
#
# Gerrit won't be updated unless you delete gerrit.war from
# ~gerrit2/gerrit-wars. But if you change the URL from:
#
Tarballs site has moved. Change-Id: I9bca1fcb1692d139a397f77edbb11e231057054b
2012-07-06 12:48:38 -05:00
# http://tarballs.openstack.org/ci/gerrit-2.2.2.war
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# to:
Tarballs site has moved. Change-Id: I9bca1fcb1692d139a397f77edbb11e231057054b
2012-07-06 12:48:38 -05:00
# http://tarballs.openstack.org/ci/gerrit-2.3.0.war
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# Gerrit will be upgraded on the next puppet run.
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
# contactstore:
# A boolean enabling the contact store feature
# contactstore_appsec:
# An application shared secret for the contact store protocol
# contactstore_pubkey:
# A public key with which to encrypt contact information
# contactstore_url:
# A URL for the remote contact store application
Added an option to toggle replication choices. New options for github replication and local replication. Change-Id: I06a6ca5347232ec80e26f6116742ab0007435ffe
2012-07-28 11:47:32 -05:00
# replicate_local:
# A boolean enabling local replication for apache acceleration
Make gerrit git replica and jeepyb paths configurable * Gerrit: make the path to the local replica configurable (default to /var/lib/git) * Set the local replica path on review-dev to /opt/lib/git * Gerrit: make the jeepyb cache dir configurable (default to /opt/lib/jeepyb) Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
2014-04-24 08:51:56 -07:00
# replicate_path:
# The path to the local git replica if replicate_local is enabled
Make gitweb a boolean option. Change-Id: Iff55f35c0d9888f1029115c17d4644a68d4e8b4c Reviewed-on: https://review.openstack.org/10727 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-02 12:57:15 -05:00
# gitweb:
# A boolean enabling gitweb
Make the gitweb links in gerrit point to git.o.o Gerrit has builtin support for cgit links. Use it - but test it out on review-dev first. Change-Id: I8ea38e08258cdc8eb95e2fc3c1da5a4dc8faee57
2013-08-19 13:40:08 -04:00
# cgit:
# A boolean enabling cgit
# web_repo_url:
# Url for setting the location of an external git browser
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
# testmode:
# Set this to true to disable cron jobs and replication,
# which can interfere with testing.
Gerrit-2.8: Add secondary index support This rebuilds secondary indexes on gerrit initial-init and init. They are optional in gerrit 2.8, and mandatory in gerrit 2.9. A few common strings are refactored into variables to make this more concise, and less likely to get fat fingered. If desired, further symbolic refactoring can be done here as well. Question remains if we need to make this 2.8 conditional, and how we can get access to the gerrit revision in this part of puppet. Partial-Bug: #1082781 Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
2013-12-04 23:26:42 +01:00
# secondary_index:
# Set this to true to enable secondary index support
# secondary_index_type:
# which secondary index to use: SQL (no secondary index),
# LUCENE (recommended), SOLR (experimental). Note: as of
# Gerrit 2.9 LUCENE is default secondary index and SQL is
# removed.
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# TODO: make more gerrit options configurable here
Additional puppet-lint formatting Change-Id: I6e5fa77a301eec30cff8e16bad33a91bfd95b13f Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-on: https://review.openstack.org/17176 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-29 19:40:14 -05:00
#
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
class gerrit(
Support configurable mysql host in gerrit In further support of using a trove db, remove the gerrit::mysql module from review-dev. Plumb mysql_host throughout and remove the no longer necessary mysql_root_password. Configure review-dev to use mysql_host from hiera, but configure review to use 'localhost'. Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
2014-04-23 10:29:25 -07:00
$mysql_host = 'localhost',
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
$mysql_password,
Clean up of minor puppet-lint warnings. Mostly documentation and parameterised class parameter complaints. Change-Id: Idbfd348a5befb041ce6eb36f9c6b195fc0c6799f Reviewed-on: https://review.openstack.org/16685 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-21 14:53:55 -05:00
$war = '',
$email_private_key = '',
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
$vhost_name = $::fqdn,
$canonicalweburl = "https://${::fqdn}/",
Add robots.txt to gerrit. And slow down bing (msnbot). Change-Id: Id8361047abc2cfb52260b3d0ef01275ec3a923f5 Reviewed-on: https://review.openstack.org/32435 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com> Reviewed-by: Anita Kuno <anita.kuno@enovance.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-06-10 09:39:47 -07:00
$robots_txt_source = '', # If left empty, the gerrit default will be used.
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
$serveradmin = "webmaster@${::fqdn}",
$ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$ssh_dsa_key_contents = '', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_rsa_key_contents = '', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
Clean up of minor puppet-lint warnings. Mostly documentation and parameterised class parameter complaints. Change-Id: Idbfd348a5befb041ce6eb36f9c6b195fc0c6799f Reviewed-on: https://review.openstack.org/16685 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-21 14:53:55 -05:00
$ssh_project_rsa_key_contents = '', # If left empty will not create file.
$ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
$ssh_replication_rsa_key_contents = '', # If left emptry will not create files.
$ssh_replication_rsa_pubkey_contents = '', # If left emptry will not create files.
Parameterize server OpenStack-isms Make it possible to configure with LDAP or OPENID_SSO. Also, it's possible to not want to need CLAs. Change-Id: Ie6660c819f4078dd4dd5be052e74aaa98c54cab4
2013-10-06 15:26:15 -04:00
$gerrit_auth_type = 'OPENID_SSO',
$gerrit_contributor_agreement = true,
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
$openidssourl = 'https://login.launchpad.net/+openid',
Parameterize server OpenStack-isms Make it possible to configure with LDAP or OPENID_SSO. Also, it's possible to not want to need CLAs. Change-Id: Ie6660c819f4078dd4dd5be052e74aaa98c54cab4
2013-10-06 15:26:15 -04:00
$ldap_server = '',
$ldap_account_base = '',
$ldap_username = '',
$ldap_password = '',
$ldap_account_pattern = '',
$ldap_account_email_address = '',
Expands ldap to deal with nonstandard ldap configs. This patch addresses: LDAP not requiring username or password (anonymous bind) This is required to support configurations where LDAP is on a secure network, and anonymous bind is enabled. LDAP using a self signed SSL cert (verify ssl on or off) This is required to support configurations where LDAP requires SSL, but ssl is using an internal or self signed certificate, and therefore fails cert checks. This also covers testing conditions where a consumer might use OS with LDAP+ssl unsigned. LDAP using a nonstandard cn naming convention (ie email address). This is required to deal with an edge case where 'cn' in ldap might be something other than a bare username. Gerrit pulls the ssh username from that value and will not accept a non-alphanumeric address. By setting 'accountSshUserName' in puppet, that is setable. LDAP prepopulating account Full name. Gerrit has a configuration option to pull Full Name from LDAP, this change exposes that option. Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58
2013-12-30 10:33:58 -08:00
$ldap_sslverify = true,
$ldap_ssh_account_name = '',
$ldap_accountfullname = '',
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
$email = '',
Un-Revert "Make gerrit email server configurable" This time, make the default value false instead of empty string. This reverts commit 99d3283dc246da4b4d2d26ecfb193b308881f05d Change-Id: I88108ff75f1c2bd3aa78856c186312340258ec3c
2013-10-08 22:11:32 +00:00
$smtpserver = 'localhost',
$sendemail_from = 'MIXED',
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
$database_poollimit = '',
$container_heaplimit = '',
$core_packedgitopenfiles = '',
$core_packedgitlimit = '',
$core_packedgitwindowsize = '',
$sshd_threads = '',
Add support for parameterized gerrit ports. Actually, it's support for parameterized listen_address, but the real thing you want it for is setting the port. Change-Id: If75fedce32f35a8f72c92fc709d5c9e8b2d35235 Reviewed-on: https://review.openstack.org/33925 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-06-20 22:09:09 -07:00
$sshd_listen_address = '*:29418',
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
$httpd_acceptorthreads = '',
$httpd_minthreads = '',
$httpd_maxthreads = '',
$httpd_maxwait = '',
$commentlinks = [],
$contactstore = false,
$contactstore_appsec = '',
$contactstore_pubkey = '',
$contactstore_url = '',
$enable_melody = false,
$melody_session = false,
Missing variable Change-Id: If87b0242c9203175335842832d13ebc6dfec2950 Reviewed-on: https://review.openstack.org/25119 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-22 10:11:51 +00:00
$replicate_local = false,
Move local git replica on review to /opt Merge after it has been created there manually to avoid downtime. Will require a gerrit restart to pick up the replication change. Change-Id: I6b55d16d731725548b8da46f5438e296b6dc6485
2014-04-24 09:00:13 -07:00
$replicate_path = '/opt/lib/git',
Add replication of git from gerrit to git.o.o Modify gerrit's git replication configuration so that it pulls in from a list of replication targets defined in puppet rather than individually added stanzas. Pull the replicate_github variable from files, since it is no longer required. The replicate_local variable remains because it's used in the apache configuration and for setup of the local replication space for git. Also add the cgit server to the list of servers. Change-Id: I68de89bb216565f1754eb9b192bd437adcbf768b
2013-07-18 15:19:07 -07:00
$replication = [],
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
$gitweb = true,
Make the gitweb links in gerrit point to git.o.o Gerrit has builtin support for cgit links. Use it - but test it out on review-dev first. Change-Id: I8ea38e08258cdc8eb95e2fc3c1da5a4dc8faee57
2013-08-19 13:40:08 -04:00
$cgit = false,
$web_repo_url = '',
Gerrit-2.8: Add secondary index support This rebuilds secondary indexes on gerrit initial-init and init. They are optional in gerrit 2.8, and mandatory in gerrit 2.9. A few common strings are refactored into variables to make this more concise, and less likely to get fat fingered. If desired, further symbolic refactoring can be done here as well. Question remains if we need to make this 2.8 conditional, and how we can get access to the gerrit revision in this part of puppet. Partial-Bug: #1082781 Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
2013-12-04 23:26:42 +01:00
$testmode = false,
$secondary_index = false,
$secondary_index_type = 'LUCENE',
Add configuration option to disable top level menu for javamelody plugin Change-Id: I696db6a16b1ba57000951186367501c376f321de
2014-04-30 00:18:20 +02:00
$enable_javamelody_top_menu = false,
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
) {
Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:14:31 +00:00
include apache
Consume jeepyb. Instead of keeping many of these files directly in the tree, use them from the out-of-tree jeepyb project, which makes them easier to consume for other people who are not us. Change-Id: Id704f2e17dd80709ef63cbbf2c5475a08a835f91 Reviewed-on: https://review.openstack.org/16777 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-11-22 10:45:10 -08:00
include jeepyb
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
include pip
Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:14:31 +00:00
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
$java_home = $::lsbdistcodename ? {
Use OpenJDK 7 instead of OpenJDK 6 with Gerrit. Oracle has EOLed Java 6. While OpenJDK 6 is still supported, development on it has slowed. Upgrade to OpenJDK 7 and run Gerrit on this newer platform. Change-Id: Id5867a0269bc6af3e7f6214112e91c8848ffbbe4
2013-07-16 16:33:19 -07:00
'precise' => '/usr/lib/jvm/java-7-openjdk-amd64/jre',
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
}
Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:14:31 +00:00
Gerrit-2.8: Add secondary index support This rebuilds secondary indexes on gerrit initial-init and init. They are optional in gerrit 2.8, and mandatory in gerrit 2.9. A few common strings are refactored into variables to make this more concise, and less likely to get fat fingered. If desired, further symbolic refactoring can be done here as well. Question remains if we need to make this 2.8 conditional, and how we can get access to the gerrit revision in this part of puppet. Partial-Bug: #1082781 Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
2013-12-04 23:26:42 +01:00
$gerrit_war = '/home/gerrit2/review_site/bin/gerrit.war'
$gerrit_site = '/home/gerrit2/review_site'
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
user { 'gerrit2':
ensure => present,
comment => 'Gerrit',
home => '/home/gerrit2',
shell => '/bin/bash',
gid => 'gerrit2',
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
managehome => true,
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
require => Group['gerrit2'],
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
group { 'gerrit2':
ensure => present,
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
}
Make gitweb a boolean option. Change-Id: Iff55f35c0d9888f1029115c17d4644a68d4e8b4c Reviewed-on: https://review.openstack.org/10727 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-02 12:57:15 -05:00
if ($gitweb) {
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
package { 'gitweb':
ensure => present,
}
Make gitweb a boolean option. Change-Id: Iff55f35c0d9888f1029115c17d4644a68d4e8b4c Reviewed-on: https://review.openstack.org/10727 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-02 12:57:15 -05:00
}
install gerrit core plugins This change configures puppet to install core plugins which are packaged with the released gerrit.war file. The method to install the plugins is to just extract them from the war file and place them into review_site/plugins folder. This method seemed easier than using the 'init --install-plugin' option because the --install-plugin option requires listing every plugin by name. Change-Id: I08335f970cee9e88d41c3695fccb370d05d1a4d1
2014-01-07 13:02:44 -08:00
package { 'unzip':
ensure => present,
}
Use OpenJDK 7 instead of OpenJDK 6 with Gerrit. Oracle has EOLed Java 6. While OpenJDK 6 is still supported, development on it has slowed. Upgrade to OpenJDK 7 and run Gerrit on this newer platform. Change-Id: Id5867a0269bc6af3e7f6214112e91c8848ffbbe4
2013-07-16 16:33:19 -07:00
package { 'openjdk-7-jre-headless':
Use unattended upgrades. Stop using latest for packages installed by puppet. This way, all system packages get updated, not just some random ones. The unattended-upgrades config will email root. It is configured for openstack servers and jenkins slaves, but not template hosts so that it doesn't interfere with spin-up. Also, fix some bits in the gerrit module that were causing continuous restarts on gerrit-dev. Install emacs. Change-Id: I51c9083ccd3669f284fce4b50c36a37a0cac92d8
2012-06-05 22:59:46 +00:00
ensure => present,
Add cron job for closing pull requests. Also move the launchpad sync cron into puppet. Create config file for github pull close script. This change depends on https://review.openstack.org/#change,224 Change-Id: I1b7ad599a6c7542614780ea0ce46a42a8995d15b Reviewed-on: https://review.openstack.org/225 Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2011-08-12 22:16:46 +00:00
}
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
Use OpenJDK 7 instead of OpenJDK 6 with Gerrit. Oracle has EOLed Java 6. While OpenJDK 6 is still supported, development on it has slowed. Upgrade to OpenJDK 7 and run Gerrit on this newer platform. Change-Id: Id5867a0269bc6af3e7f6214112e91c8848ffbbe4
2013-07-16 16:33:19 -07:00
package { 'openjdk-6-jre-headless':
ensure => purged,
require => Package['openjdk-7-jre-headless'],
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/var/log/gerrit':
ensure => directory,
owner => 'gerrit2',
Revert "Move gerrit scripts into puppet module" This reverts commit 428ec0b42dd0a33eba9752aa0e5f475044be5508
2012-04-05 20:15:19 +00:00
}
Gerrit: Ensure /opt/lib exists if used /opt/lib/git is about to become the new default path for the local replica. If it is used, we should make sure /opt/lib exists. Change-Id: I4accdfefce9ef4f98c435c11f08fded1481e3ee6
2014-04-24 09:55:35 -07:00
if ((!defined(File['/opt/lib']))
and ($replicate_path =~ /^\/opt\/lib\/.*$/)) {
file { '/opt/lib':
ensure => directory,
owner => root,
}
}
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# Prepare gerrit directories. Even though some of these would be created
# by the init command, we can go ahead and create them now and populate them.
# That way the config files are already in place before init runs.
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/home/gerrit2/review_site':
ensure => directory,
owner => 'gerrit2',
require => User['gerrit2'],
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
}
Make the plugins dir so that we can put stuff in it The plugin extraction depends on a plugins dir - but nothing makes said dir. Make the dir. Change-Id: I96d20140b1872cec3b1fc38a579e970596bc7e53
2014-02-22 21:59:16 -08:00
file { '/home/gerrit2/review_site/plugins':
ensure => directory,
owner => 'gerrit2',
require => [User['gerrit2'], File['/home/gerrit2/review_site']],
}
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
file { '/home/gerrit2/.ssh':
ensure => directory,
owner => 'gerrit2',
mode => '0700',
require => User['gerrit2'],
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/home/gerrit2/review_site/etc':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
Revert "Move gerrit scripts into puppet module" This reverts commit 428ec0b42dd0a33eba9752aa0e5f475044be5508
2012-04-05 20:15:19 +00:00
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/home/gerrit2/review_site/bin':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/home/gerrit2/review_site/static':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
Revert "Move gerrit scripts into puppet module" This reverts commit 428ec0b42dd0a33eba9752aa0e5f475044be5508
2012-04-05 20:15:19 +00:00
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/home/gerrit2/review_site/hooks':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
}
Ensure destination dir for bcpg link is present. The destination dir for the bcpg link needs to be present before the link can be made. Add that dir to the gerrit init manifest and require it in the link file resource. Change-Id: I462cc96dcd0eafa814e3e3599a96eacc64665bcf Reviewed-on: https://review.openstack.org/14319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-10 18:01:29 -07:00
file { '/home/gerrit2/review_site/lib':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# Skip replication if we're in test mode
if ($testmode == false) {
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# Template uses $replication
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
file { '/home/gerrit2/review_site/etc/replication.config':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
Added an option to toggle replication choices. New options for github replication and local replication. Change-Id: I06a6ca5347232ec80e26f6116742ab0007435ffe
2012-07-28 11:47:32 -05:00
content => template('gerrit/replication.config.erb'),
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
replace => true,
require => File['/home/gerrit2/review_site/etc'],
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
}
Fix gerrit config file permissions. Match what gerrit init creates; otherwise, gerrit init will delete and recreate the secure config file, losing the database password in the process. Change-Id: Ic1632fe3b24a0e4498b2415029e8a1db0fd1dfe2
2012-04-24 07:36:24 -07:00
# Gerrit sets these permissions in 'init'; don't fight them.
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# Template uses:
Support configurable mysql host in gerrit In further support of using a trove db, remove the gerrit::mysql module from review-dev. Plumb mysql_host throughout and remove the no longer necessary mysql_root_password. Configure review-dev to use mysql_host from hiera, but configure review to use 'localhost'. Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
2014-04-23 10:29:25 -07:00
# - $mysql_host
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# - $canonicalweburl
# - $database_poollimit
# - $gerrit_contributor_agreement
# - $gerrit_auth_type
# - $openidssourl
# - $ldap_server
# - $ldap_username
# - $ldap_password
# - $ldap_account_base
# - $ldap_account_pattern
# - $ldap_account_email_address
# - $smtpserver
# - $sendmail_from
# - $java_home
# - $container_heaplimit
# - $core_packedgitopenfiles
# - $core_packedgitlimit
# - $core_packedgitwindowsize
# - $sshd_listen_address
# - $sshd_threads
# - $httpd_maxwait
# - $httpd_acceptorthreads
# - $httpd_minthreads
# - $httpd_maxthreads
# - $commentlinks
# - $enable_melody
# - $melody_session
# - $gitweb
# - $contactstore_appsec
# - $contactstore_url
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
file { '/home/gerrit2/review_site/etc/gerrit.config':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
content => template('gerrit/gerrit.config.erb'),
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
replace => true,
require => File['/home/gerrit2/review_site/etc'],
Modify puppet repo to work with stackforge Add stackforge manifest (can be pointed to in puppet.ini) Remove gerrit_installed lib (doesn't work with puppet master) Make jenkins_master module more generic Have an SSH key for different jenkins_slave setups Change-Id: Ic52f06d150210038aaf47c48aeb7c991b94c6fc8
2012-03-06 13:37:46 +00:00
}
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# Secret files.
Fix gerrit config file permissions. Match what gerrit init creates; otherwise, gerrit init will delete and recreate the secure config file, losing the database password in the process. Change-Id: Ic1632fe3b24a0e4498b2415029e8a1db0fd1dfe2
2012-04-24 07:36:24 -07:00
# Gerrit sets these permissions in 'init'; don't fight them. If
# these permissions aren't set correctly, gerrit init will write a
# new secure.config file and lose the mysql password.
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# Template uses $mysql_password, $email_private_key
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
file { '/home/gerrit2/review_site/etc/secure.config':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
First pass at parameterizing secret infos. Change-Id: Iee56a7e65be51ebf19a61eefd60cc93de6a764bf
2012-07-19 17:17:29 -07:00
content => template('gerrit/secure.config.erb'),
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
replace => true,
require => File['/home/gerrit2/review_site/etc'],
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
# Set up apache.
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# Template uses:
# - $vhost_name
# - $serveradmin
# - $ssl_cert_file
# - $ssl_key_file
# - $ssl_chain_file
# - $canonicalweburl
# - $replicate_local
Make gerrit git replica and jeepyb paths configurable * Gerrit: make the path to the local replica configurable (default to /var/lib/git) * Set the local replica path on review-dev to /opt/lib/git * Gerrit: make the jeepyb cache dir configurable (default to /opt/lib/jeepyb) Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
2014-04-24 08:51:56 -07:00
# - $replicate_path
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# - $contactstore
# - $robots_txt_source
Align all web server usage on apache module. Change-Id: Idd712a8ee5ec81c6b88b7d3e2270dce4da254927 Reviewed-on: https://review.openstack.org/10838 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-04 13:10:26 -05:00
apache::vhost { $vhost_name:
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
port => 443,
Revert "Revert "Downgrade puppetlabs-apache to version 0.0.4."" This reverts commit 3afc75132aa3a7d3cae911ae5e7166383b9ee4ba. The new apache module has started managing /etc/httpd/conf/httpd.conf with a template that has some significant differences than our template in the cgit module. Change-Id: I99795d35596f35dfc34e89891155dd2b83e465fe
2014-07-01 17:35:00 -07:00
docroot => 'MEANINGLESS ARGUMENT',
Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:14:31 +00:00
priority => '50',
template => 'gerrit/gerrit.vhost.erb',
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
ssl => true,
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:14:31 +00:00
a2mod { 'rewrite':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:14:31 +00:00
a2mod { 'proxy':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:14:31 +00:00
a2mod { 'proxy_http':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
Set ssl keys group to ssl-cert. Recent ssl cert management changed the group on the ssl keys to root from ssl-cert. Change it back. Change-Id: I6dcbeca364fa9c435aee520248a59f0917cd02a8 Reviewed-on: https://review.openstack.org/14116 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-05 16:20:53 -07:00
group => 'ssl-cert',
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
mode => '0640',
content => $ssl_key_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$vhost_name],
}
Add robots.txt to gerrit. And slow down bing (msnbot). Change-Id: Id8361047abc2cfb52260b3d0ef01275ec3a923f5 Reviewed-on: https://review.openstack.org/32435 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com> Reviewed-by: Anita Kuno <anita.kuno@enovance.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-06-10 09:39:47 -07:00
}
if $robots_txt_source != '' {
file { '/home/gerrit2/review_site/static/robots.txt':
owner => 'root',
group => 'root',
mode => '0444',
source => $robots_txt_source,
require => File['/home/gerrit2/review_site/static'],
}
Pass review.o.o SSL certs in from Hiera. Use Hiera to store the review.o.o SSL certs and pass them down to the gerrit module. While modifying these files fix indentation and rocket ship alignment according to puppet lint in the sections touched. Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315 Reviewed-on: https://review.openstack.org/13975 Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-02 15:49:18 -07:00
}
Have hiera and puppet manage gerrit ssh:29418 keys Have hiera and puppet manage gerrits ssh:29418 keys (RSA and DSA). These keys go in /home/gerrit2/review_site/etc. Change-Id: If8cb3ec5a2e2c582b7fa6d87c520fc0cb7c2f205 Reviewed-on: https://review.openstack.org/14365 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-11 16:03:31 -07:00
if $ssh_dsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_dsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_dsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_dsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
if $ssh_project_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_project_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_project_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
Clean up of minor puppet-lint warnings. Mostly documentation and parameterised class parameter complaints. Change-Id: Idbfd348a5befb041ce6eb36f9c6b195fc0c6799f Reviewed-on: https://review.openstack.org/16685 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-21 14:53:55 -05:00
content => $ssh_project_rsa_pubkey_contents,
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
if $ssh_replication_rsa_key_contents != '' {
file { '/home/gerrit2/.ssh/id_rsa':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_replication_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/.ssh']
}
}
if $ssh_replication_rsa_pubkey_contents != '' {
file { '/home/gerrit2/id_rsa.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_replication_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/.ssh']
}
}
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# Install Gerrit itself.
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
# The Gerrit WAR is specified as a url like
# 'http://tarballs.openstack.org/ci/gerrit-2.2.2-363-gd0a67ce.war'
# Set $basewar so that we can work with filenames like
# gerrit-2.2.2-363-gd0a67ce.war'.
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
if $war =~ /.*\/(.*)/ {
$basewar = $1
} else {
$basewar = $war
}
# This directory is used to download and cache gerrit war files.
# That way the download and install steps are kept separate.
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/home/gerrit2/gerrit-wars':
ensure => directory,
require => User['gerrit2'],
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
# If we don't already have the specified WAR, download it.
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
exec { "download:${war}":
command => "/usr/bin/wget ${war} -O /home/gerrit2/gerrit-wars/${basewar}",
creates => "/home/gerrit2/gerrit-wars/${basewar}",
require => File['/home/gerrit2/gerrit-wars'],
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
# If gerrit.war isn't the same as $basewar, install it.
Gerrit-2.8: Add secondary index support This rebuilds secondary indexes on gerrit initial-init and init. They are optional in gerrit 2.8, and mandatory in gerrit 2.9. A few common strings are refactored into variables to make this more concise, and less likely to get fat fingered. If desired, further symbolic refactoring can be done here as well. Question remains if we need to make this 2.8 conditional, and how we can get access to the gerrit revision in this part of puppet. Partial-Bug: #1082781 Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
2013-12-04 23:26:42 +01:00
file { $gerrit_war:
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
source => "file:///home/gerrit2/gerrit-wars/${basewar}",
require => Exec["download:${war}"],
replace => true,
Cleanup gerrit manifest lint errors. Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066 Reviewed-on: https://review.openstack.org/14910 Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-26 15:13:47 -04:00
# user, group, and mode have to be set this way to avoid retriggering
# gerrit-init on every run because gerrit init sets them this way
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Add in final two steps for initial install. With these applied, initial install actually works 100% through. Change-Id: I6587a537beb5703bf11783f3df79278ea1c7aca5 Reviewed-on: https://review.openstack.org/10718 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-02 11:02:21 -05:00
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# If gerrit.war was just installed, run the Gerrit "init" command.
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
exec { 'gerrit-initial-init':
Stop trying to start gerrit every time We only want to start it when we've installed or upgraded. The initial-init and init are designed to either one of them run, one if there is no init script (initial install) the other if there is (upgrade). The things they trigger should only run in response to those actions. Change-Id: I3bcaaed07bcf6239e053789b9b6241cbf652e7d4
2014-04-18 11:35:46 -07:00
user => 'gerrit2',
Gerrit-2.8: Add secondary index support This rebuilds secondary indexes on gerrit initial-init and init. They are optional in gerrit 2.8, and mandatory in gerrit 2.9. A few common strings are refactored into variables to make this more concise, and less likely to get fat fingered. If desired, further symbolic refactoring can be done here as well. Question remains if we need to make this 2.8 conditional, and how we can get access to the gerrit revision in this part of puppet. Partial-Bug: #1082781 Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
2013-12-04 23:26:42 +01:00
command => "/usr/bin/java -jar ${gerrit_war} init -d ${gerrit_site} --batch --no-auto-start; /usr/bin/java -jar ${gerrit_war} reindex -d ${gerrit_site}",
Stop trying to start gerrit every time We only want to start it when we've installed or upgraded. The initial-init and init are designed to either one of them run, one if there is no init script (initial install) the other if there is (upgrade). The things they trigger should only run in response to those actions. Change-Id: I3bcaaed07bcf6239e053789b9b6241cbf652e7d4
2014-04-18 11:35:46 -07:00
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
refreshonly => true,
require => [Package['openjdk-7-jre-headless'],
User['gerrit2'],
File['/home/gerrit2/review_site/etc/gerrit.config'],
File['/home/gerrit2/review_site/etc/secure.config']],
notify => Exec['install-core-plugins'],
unless => '/usr/bin/test -f /etc/init.d/gerrit',
logoutput => true,
Add in final two steps for initial install. With these applied, initial install actually works 100% through. Change-Id: I6587a537beb5703bf11783f3df79278ea1c7aca5 Reviewed-on: https://review.openstack.org/10718 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-02 11:02:21 -05:00
}
# If a new gerrit.war was just installed, run the Gerrit "init" command.
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
# Stop is included here because it may not be running or the init
# script may not exist, and in those cases, we don't care if it fails.
# Running the init script as the gerrit2 user _does_ work.
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
exec { 'gerrit-init':
user => 'gerrit2',
Gerrit-2.8: Add secondary index support This rebuilds secondary indexes on gerrit initial-init and init. They are optional in gerrit 2.8, and mandatory in gerrit 2.9. A few common strings are refactored into variables to make this more concise, and less likely to get fat fingered. If desired, further symbolic refactoring can be done here as well. Question remains if we need to make this 2.8 conditional, and how we can get access to the gerrit revision in this part of puppet. Partial-Bug: #1082781 Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
2013-12-04 23:26:42 +01:00
command => "/etc/init.d/gerrit stop; /usr/bin/java -jar ${gerrit_war} init -d ${gerrit_site} --batch --no-auto-start; /usr/bin/java -jar ${gerrit_war} reindex -d ${gerrit_site}",
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
refreshonly => true,
Use OpenJDK 7 instead of OpenJDK 6 with Gerrit. Oracle has EOLed Java 6. While OpenJDK 6 is still supported, development on it has slowed. Upgrade to OpenJDK 7 and run Gerrit on this newer platform. Change-Id: Id5867a0269bc6af3e7f6214112e91c8848ffbbe4
2013-07-16 16:33:19 -07:00
require => [Package['openjdk-7-jre-headless'],
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
User['gerrit2'],
File['/home/gerrit2/review_site/etc/gerrit.config'],
File['/home/gerrit2/review_site/etc/secure.config']],
install gerrit core plugins This change configures puppet to install core plugins which are packaged with the released gerrit.war file. The method to install the plugins is to just extract them from the war file and place them into review_site/plugins folder. This method seemed easier than using the 'init --install-plugin' option because the --install-plugin option requires listing every plugin by name. Change-Id: I08335f970cee9e88d41c3695fccb370d05d1a4d1
2014-01-07 13:02:44 -08:00
notify => Exec['install-core-plugins'],
Stop trying to start gerrit every time We only want to start it when we've installed or upgraded. The initial-init and init are designed to either one of them run, one if there is no init script (initial install) the other if there is (upgrade). The things they trigger should only run in response to those actions. Change-Id: I3bcaaed07bcf6239e053789b9b6241cbf652e7d4
2014-04-18 11:35:46 -07:00
onlyif => '/usr/bin/test -f /etc/init.d/gerrit',
install gerrit core plugins This change configures puppet to install core plugins which are packaged with the released gerrit.war file. The method to install the plugins is to just extract them from the war file and place them into review_site/plugins folder. This method seemed easier than using the 'init --install-plugin' option because the --install-plugin option requires listing every plugin by name. Change-Id: I08335f970cee9e88d41c3695fccb370d05d1a4d1
2014-01-07 13:02:44 -08:00
logoutput => true,
}
# Install Core Plugins
exec { 'install-core-plugins':
user => 'gerrit2',
command => '/usr/bin/unzip -jo /home/gerrit2/review_site/bin/gerrit.war WEB-INF/plugins/* -d /home/gerrit2/review_site/plugins || true',
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
require => [Package['unzip'],
File['/home/gerrit2/review_site/plugins']],
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
notify => Exec['gerrit-start'],
Stop trying to start gerrit every time We only want to start it when we've installed or upgraded. The initial-init and init are designed to either one of them run, one if there is no init script (initial install) the other if there is (upgrade). The things they trigger should only run in response to those actions. Change-Id: I3bcaaed07bcf6239e053789b9b6241cbf652e7d4
2014-04-18 11:35:46 -07:00
refreshonly => true,
log output when installing and upgrading gerrit It would be good to keep the command output and exit code when installing or upgrading gerrit in case it doesn't work. Change-Id: Ia93001706b4ea509797419b74716c23db47aaed1
2013-12-09 22:26:41 +00:00
logoutput => true,
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
# Symlink the init script.
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/etc/init.d/gerrit':
ensure => link,
target => '/home/gerrit2/review_site/bin/gerrit.sh',
Add in final two steps for initial install. With these applied, initial install actually works 100% through. Change-Id: I6587a537beb5703bf11783f3df79278ea1c7aca5 Reviewed-on: https://review.openstack.org/10718 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-08-02 11:02:21 -05:00
require => Exec['gerrit-initial-init'],
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
# The init script requires the path to gerrit to be set.
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/etc/default/gerritcodereview':
ensure => present,
source => 'puppet:///modules/gerrit/gerritcodereview.default',
replace => true,
owner => 'root',
group => 'root',
mode => '0444',
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
# Make sure the init script starts on boot.
file { ['/etc/rc0.d/K10gerrit',
'/etc/rc1.d/K10gerrit',
'/etc/rc2.d/S90gerrit',
'/etc/rc3.d/S90gerrit',
'/etc/rc4.d/S90gerrit',
'/etc/rc5.d/S90gerrit',
'/etc/rc6.d/K10gerrit']:
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => link,
target => '/etc/init.d/gerrit',
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
require => File['/etc/init.d/gerrit'],
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
exec { 'gerrit-start':
command => '/etc/init.d/gerrit start',
require => File['/etc/init.d/gerrit'],
refreshonly => true,
Install and manage more of Gerrit. Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
2012-04-10 01:16:47 +00:00
}
Move gerrit scripts to puppet. Take the things from openstack-ci/gerrit and move them directly in to the puppet module. Install them using the model we're using for the jenkins slave scripts. Change-Id: I420b2b895bd57d40232b2cdda437617373a82890
2012-05-01 17:11:48 -04:00
file { '/usr/local/gerrit':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
Move gerrit scripts to puppet. Take the things from openstack-ci/gerrit and move them directly in to the puppet module. Install them using the model we're using for the jenkins slave scripts. Change-Id: I420b2b895bd57d40232b2cdda437617373a82890
2012-05-01 17:11:48 -04:00
}
file { '/usr/local/gerrit/scripts':
Consume jeepyb. Instead of keeping many of these files directly in the tree, use them from the out-of-tree jeepyb project, which makes them easier to consume for other people who are not us. Change-Id: Id704f2e17dd80709ef63cbbf2c5475a08a835f91 Reviewed-on: https://review.openstack.org/16777 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-11-22 10:45:10 -08:00
ensure => absent,
Move gerrit scripts to puppet. Take the things from openstack-ci/gerrit and move them directly in to the puppet module. Install them using the model we're using for the jenkins slave scripts. Change-Id: I420b2b895bd57d40232b2cdda437617373a82890
2012-05-01 17:11:48 -04:00
}
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
Puppet the Gerrit bcprov and mysql-connector deps * modules/gerrit/manifests/init.pp: The gerrit installer adds jarfiles for bcprov and mysql-connector into its lib directory, but puppet needs to know how to add them itself. Change-Id: Id61260d0d28f1aadf85dc8604688b0131cddf682
2013-09-12 18:55:58 +00:00
package { 'libmysql-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/mysql-connector-java.jar':
ensure => link,
target => '/usr/share/java/mysql-connector-java.jar',
require => [
Fix deprecation warnings in gerrit module Change-Id: If62fcbddaf723eb1190c2d20640d234f9594825c
2014-03-23 09:20:08 -07:00
Package['libmysql-java'],
File['/home/gerrit2/review_site/lib'],
Puppet the Gerrit bcprov and mysql-connector deps * modules/gerrit/manifests/init.pp: The gerrit installer adds jarfiles for bcprov and mysql-connector into its lib directory, but puppet needs to know how to add them itself. Change-Id: Id61260d0d28f1aadf85dc8604688b0131cddf682
2013-09-12 18:55:58 +00:00
],
}
file { '/home/gerrit2/review_site/lib/mysql-connector-java-5.1.10.jar':
ensure => absent,
Fix deprecation warnings in gerrit module Change-Id: If62fcbddaf723eb1190c2d20640d234f9594825c
2014-03-23 09:20:08 -07:00
require => File['/home/gerrit2/review_site/lib/mysql-connector-java.jar'],
Puppet the Gerrit bcprov and mysql-connector deps * modules/gerrit/manifests/init.pp: The gerrit installer adds jarfiles for bcprov and mysql-connector into its lib directory, but puppet needs to know how to add them itself. Change-Id: Id61260d0d28f1aadf85dc8604688b0131cddf682
2013-09-12 18:55:58 +00:00
}
package { 'libbcprov-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/bcprov.jar':
ensure => link,
target => '/usr/share/java/bcprov.jar',
require => [
Fix deprecation warnings in gerrit module Change-Id: If62fcbddaf723eb1190c2d20640d234f9594825c
2014-03-23 09:20:08 -07:00
Package['libbcprov-java'],
File['/home/gerrit2/review_site/lib'],
Puppet the Gerrit bcprov and mysql-connector deps * modules/gerrit/manifests/init.pp: The gerrit installer adds jarfiles for bcprov and mysql-connector into its lib directory, but puppet needs to know how to add them itself. Change-Id: Id61260d0d28f1aadf85dc8604688b0131cddf682
2013-09-12 18:55:58 +00:00
],
}
file { '/home/gerrit2/review_site/lib/bcprov-jdk16-144.jar':
ensure => absent,
Fix deprecation warnings in gerrit module Change-Id: If62fcbddaf723eb1190c2d20640d234f9594825c
2014-03-23 09:20:08 -07:00
require => File['/home/gerrit2/review_site/lib/bcprov.jar'],
Puppet the Gerrit bcprov and mysql-connector deps * modules/gerrit/manifests/init.pp: The gerrit installer adds jarfiles for bcprov and mysql-connector into its lib directory, but puppet needs to know how to add them itself. Change-Id: Id61260d0d28f1aadf85dc8604688b0131cddf682
2013-09-12 18:55:58 +00:00
}
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
# Install Bouncy Castle's OpenPGP plugin and populate the contact store
# public key file if we're using that feature.
if ($contactstore == true) {
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
package { 'libbcpg-java':
ensure => present,
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
}
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
file { '/home/gerrit2/review_site/lib/bcpg.jar':
ensure => link,
target => '/usr/share/java/bcpg.jar',
Ensure destination dir for bcpg link is present. The destination dir for the bcpg link needs to be present before the link can be made. Add that dir to the gerrit init manifest and require it in the link file resource. Change-Id: I462cc96dcd0eafa814e3e3599a96eacc64665bcf Reviewed-on: https://review.openstack.org/14319 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-10 18:01:29 -07:00
require => [
Package['libbcpg-java'],
File['/home/gerrit2/review_site/lib'],
],
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
}
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
# Template uses $contactstore_pubkey
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
file { '/home/gerrit2/review_site/etc/contact_information.pub':
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
content => template('gerrit/contact_information.pub.erb'),
Cleanup gerrit init.pp manifest lint errors. Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36 Reviewed-on: https://review.openstack.org/14176 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-10-08 12:25:19 -07:00
replace => true,
require => File['/home/gerrit2/review_site/etc'],
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
}
Add a fake contactstore CGI. This is useful for testing Gerrit's contactstore features if you don't have a real contact store server set up already. * modules/gerrit/files/fakestore.cgi: An extremely trivial shell script which returns the content Gerrit expects from a successful submission to a contactstore server. Note this does not check the application security key or store any of the post variables--it is simply a black hole for contact updates. * modules/gerrit/manifests/init.pp: If the contactstore feature is enabled in Gerrit, install the fakestore.cgi script so it can be available for testing. * modules/gerrit/templates/gerrit.vhost.erb: If the contactstore feature is enabled, ScriptAlias the /fakestore URL to the fakestore.cgi script. Change-Id: Ifa0f80bab9e8b8e207f0ffd83f01c8a3d904618e Reviewed-on: https://review.openstack.org/19939 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-01-17 14:46:57 +00:00
file { '/home/gerrit2/review_site/lib/fakestore.cgi':
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/gerrit/fakestore.cgi',
require => File['/home/gerrit2/review_site/lib'],
}
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
}
Add Gerrit configuration to puppet. Change-Id: I26ebd80adb00ac5bf676533d5dd9359cbbe08075
2011-08-05 23:00:46 +00:00
}
Copy Permalink