opendev/system-config
Code Issues Proposed changes
3792315db5
system-config/modules/openstack_project/manifests/gerrit.pp

520 lines
17 KiB
ObjectPascal
Raw Normal View History

Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
# == Class: openstack_project::gerrit
#
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
# A wrapper class around the main gerrit class that sets gerrit
Implement Gerrit CLA and Contact Store. This change fixes bug 1082754 and builds on the following prior work, which set up the underlying mechanisms and implemented them on review-dev: - https://review.openstack.org/12716 - https://review.openstack.org/13058 - https://review.openstack.org/13378 - https://review.openstack.org/13392 - https://review.openstack.org/13402 - https://review.openstack.org/13592 - https://review.openstack.org/14319 - https://review.openstack.org/14493 - https://review.openstack.org/16468 * manifests/site.pp(review.openstack.org): Add gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables similar to those used for review-dev.openstack.org. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Move the cla_description, cla_file, cla_id and cla_name variables here, since they'll be used by both review and review-dev servers. Same goes for the set_agreements.sh file block and set_contributor_agreements exec block. Also stop loading the launchpad_sync module and make sure the sync_launchpad_users cron job is removed from the server. * modules/openstack_project/manifests/review.pp (openstack_project::review): Add the contactstore_appsec and contactstore_pubkey variables being from from hiera. Update the .war file to one with "Hack out some CLA bits" reverted. Turn on contactstore, pass the contactstore_appsec and contactstore_pubkey variables through, and set the production contactstore_url. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Remove the definitions for cla_description, cla_file, cla_id and cla_name, along with the set_agreements.sh file block and set_contributor_agreements exec block since they're all in gerrit.pp now. Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6 Reviewed-on: https://review.openstack.org/14099 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-10-05 15:44:11 +00:00
# up for launchpad single sign on and bug/blueprint links
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
Make an OpenStack Gerrit base class. Change-Id: Ib16ff355199d330a74aaef384a11628b649f06ec
2012-07-20 19:51:44 -07:00
class openstack_project::gerrit (
Support configurable mysql host in gerrit In further support of using a trove db, remove the gerrit::mysql module from review-dev. Plumb mysql_host throughout and remove the no longer necessary mysql_root_password. Configure review-dev to use mysql_host from hiera, but configure review to use 'localhost'. Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
2014-04-23 10:29:25 -07:00
$mysql_host,
Pass $mysql_password through to gerrit class The `$mysql_password` variable is used by the `secure.config.erb` template in the gerrit class, but is not passed from openstack_project::review -> openstack_project::gerrit -> gerrit. Instead it uses dynamic scopeing to find the variable and won't work in Puppet 3. This adds the full parameter passing for Puppet 3. This commit also adds "Template uses" comments immediately preceding resources declarations which use a `template()` function to describe all variables used by the gerrit templates. This greatly helps with debugging issues such as this. Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-13 17:15:26 -08:00
$mysql_password,
upgrade review-dev.o.o with gerrit v2.13.9 This updates the gerrit war, plugin versions, and sets the new accountPatchReviewDb url value to use mysql. Also uses updated Gerrit query api paths for changeid and sha1 lookups in commentlinks. Depends-On: Ifc04395f076200a68e6398190a0712c80e5278c6 Change-Id: Ic1a116b1608eb9134d18dad9463b9b9b142700fa
2017-04-04 13:25:14 -07:00
$accountpatchreviewdb_url = undef,
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$vhost_name = $::fqdn,
$canonicalweburl = "https://${::fqdn}/",
Change http download command to point to git.o.o The http download command on the Gerrit change screen points to review.o.o We prefer it to point to the replicated repos because those are faster and there are many more of them. Depends-on: I4fa1cc7b1f0b717c35dc4eccedb635c9f3680c26 Change-Id: I24946f5feeae11b6659982d79f119d84335cc237
2016-03-31 12:41:20 -07:00
$git_http_url = '',
Make git protocol point to git.o.o Openstack supports the git protocol (git://git.openstack.org/) for accessing our repros[1]. The anoymous git download command on the Gerrit change screen points to review.o.o We prefer it to point to the cgit servers because those are faster and there are many more of them. [1] https://git.openstack.org/cgit/openstack-infra/system-config Change-Id: I7989769b3e702c9f924b76e862e775d5717fb529 Depends-on: I5bd57d91b4d4a685328efe4d589a191debaa0fe5
2016-04-01 09:56:09 -07:00
$canonical_git_url = '',
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$serveradmin = 'webmaster@openstack.org',
$ssh_host_key = '/home/gerrit2/review_site/etc/ssh_host_rsa_key',
$ssh_project_key = '/home/gerrit2/review_site/etc/ssh_project_rsa_key',
Parameterize SSL certificate attributes on review.pp manifest review.pp manifest contains site specific values for SSL certificate attributes. The hostname may change overtime and forces other developers willing to use the manifest to give SSL certificate names that are not descriptive of their environment. This change parameterize those values by adding SSL certificate parameters on review.pp and gerrit.pp and defining sane defaults for both. Closes-Bug: 1319746 Change-Id: I245c3caaf267f3d354daa5c7d5897d62239dcf9e
2014-05-15 10:01:53 +00:00
$ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
$ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$ssh_dsa_key_contents = '', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_rsa_key_contents = '', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents = '', # If left empty will not create file.
$ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
Install and use the Gerrit welcome-message keypair Change-Id: I7c23112664e43713f8dfc4bd0e4b9aec46b71500
2014-01-31 21:49:09 +00:00
$ssh_welcome_rsa_key_contents='', # If left empty will not create file.
$ssh_welcome_rsa_pubkey_contents='', # If left empty will not create file.
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
$ssh_replication_rsa_key_contents='', # If left empty will not create file.
$ssh_replication_rsa_pubkey_contents='', # If left empty will not create file.
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$email = '',
$database_poollimit = '',
$container_heaplimit = '',
$core_packedgitopenfiles = '',
$core_packedgitlimit = '',
$core_packedgitwindowsize = '',
$sshd_threads = '',
$httpd_acceptorthreads = '',
$httpd_minthreads = '',
$httpd_maxthreads = '',
Increase the HTTP incoming connection queue Upstream Gerrit confirms that the default value for the httpd.maxQueued value was set too low. The fix[1] for it was to change the default to 200 however the fix is only in version 2.12+ not in 2.11. clarkb confirmed that we are seeing the same error (stack trace linked in 1st ml thread in upstream fix[1]) in review.o.o logs. This likey indicates that VM starvation (due to GC) is making Gerrit to slow to process incoming client requests so it pushes more requests into the queue than it can handle. Once the queue is exhausted the requests get rejected with 500 errors. Increasing the max number of client connections may help alleviate this situation until Gerrit can catch up. [1] https://gerrit-review.googlesource.com/#/c/70627 depends-on: Iea202fcfe7af4a9d5b4c3a360124c24649b1133b Change-Id: I8d6c8d9ec6348fc6b950744237e527133a625bbe
2016-02-03 16:18:02 -08:00
$httpd_maxqueued = '',
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$httpd_maxwait = '',
$war = '',
Switch gerrit to project-config Change-Id: I3e7358b4bc64e494a5990c79d16fafc21f5ed6af
2014-09-19 15:38:45 -07:00
$acls_dir = 'UNDEF',
$notify_impact_file = 'UNDEF',
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$projects_file = 'UNDEF',
Split config from projects list The projects list is a common list for devs to interact with. The config in the list is not, but the config in the list means the file needs to be in an erb template. Split the two concerns, similar to zuul. Put the config in a config file and the project data in a yaml file. Change-Id: I708b8655b4b1ce377f3b7369e987418c1d72d977
2013-12-13 11:06:28 -05:00
$projects_config = 'UNDEF',
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$github_username = '',
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$email_private_key = '',
Support restTokenPrivateKey on review.o.o It's not clear what this does, but pass it in just in case it's important. Depends-On: I3f3b2f11556f2bd745bfd2177982061128df11af Change-Id: I35f0ffd6c54e00f996a9304c045a731e37f32b45
2015-05-09 16:41:12 +00:00
$token_private_key = '',
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$replicate_local = true,
Add the Gerrit replication plugin paramater 'defaultForceUpdate' The Gerrit 2.9 replication plugin added an explicit defaultForceUpdate parameter. This change adds it to the puppet script and sets the parameter to true. Depends-on: Ia77319ec95636e42d0b0860901dc6f3b34f4750d Change-Id: I716d4afcd8d503edd1b66d5ea732a151e66b09e4
2015-02-11 16:48:18 -08:00
$replication_force_update = true,
Enable gerrit replication.autoReload for review-dev This enables automatic reload of the replication configuration for review-dev. Depends-On: https://review.openstack.org/650049 Change-Id: I3be630339870d527bedcfbd84b8dc8084dc10f4b
2019-04-04 11:11:48 -04:00
$replication_auto_reload = false,
Add replication of git from gerrit to git.o.o Modify gerrit's git replication configuration so that it pulls in from a list of replication targets defined in puppet rather than individually added stanzas. Pull the replicate_github variable from files, since it is no longer required. The replicate_local variable remains because it's used in the apache configuration and for setup of the local replication space for git. Also add the cgit server to the list of servers. Change-Id: I68de89bb216565f1754eb9b192bd437adcbf768b
2013-07-18 15:19:07 -07:00
$replication = [],
Move local git replica on review to /opt Merge after it has been created there manually to avoid downtime. Will require a gerrit restart to pick up the replication change. Change-Id: I6b55d16d731725548b8da46f5438e296b6dc6485
2014-04-24 09:00:13 -07:00
$local_git_dir = '/opt/lib/git',
Make gerrit git replica and jeepyb paths configurable * Gerrit: make the path to the local replica configurable (default to /var/lib/git) * Set the local replica path on review-dev to /opt/lib/git * Gerrit: make the jeepyb cache dir configurable (default to /opt/lib/jeepyb) Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
2014-04-24 08:51:56 -07:00
$jeepyb_cache_dir = '/opt/lib/jeepyb',
Implement Gerrit CLA and Contact Store. This change fixes bug 1082754 and builds on the following prior work, which set up the underlying mechanisms and implemented them on review-dev: - https://review.openstack.org/12716 - https://review.openstack.org/13058 - https://review.openstack.org/13378 - https://review.openstack.org/13392 - https://review.openstack.org/13402 - https://review.openstack.org/13592 - https://review.openstack.org/14319 - https://review.openstack.org/14493 - https://review.openstack.org/16468 * manifests/site.pp(review.openstack.org): Add gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables similar to those used for review-dev.openstack.org. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Move the cla_description, cla_file, cla_id and cla_name variables here, since they'll be used by both review and review-dev servers. Same goes for the set_agreements.sh file block and set_contributor_agreements exec block. Also stop loading the launchpad_sync module and make sure the sync_launchpad_users cron job is removed from the server. * modules/openstack_project/manifests/review.pp (openstack_project::review): Add the contactstore_appsec and contactstore_pubkey variables being from from hiera. Update the .war file to one with "Hack out some CLA bits" reverted. Turn on contactstore, pass the contactstore_appsec and contactstore_pubkey variables through, and set the production contactstore_url. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Remove the definitions for cla_description, cla_file, cla_id and cla_name, along with the set_agreements.sh file block and set_contributor_agreements exec block since they're all in gerrit.pp now. Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6 Reviewed-on: https://review.openstack.org/14099 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-10-05 15:44:11 +00:00
$cla_description = 'OpenStack Individual Contributor License Agreement',
$cla_file = 'static/cla.html',
$cla_id = '2',
$cla_name = 'ICLA',
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
$testmode = false,
Added swift store credentials to openstackwatch. Openstackwatch is configured to store feed data in a swift object store. This patch adds credentials to access that swift store. Change-Id: I61d9032150ae40fb7d207b5861cf0cf448f6feda Reviewed-on: https://review.openstack.org/24784 Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-19 12:18:17 -04:00
$swift_username = '',
$swift_password = '',
Use internal gitweb instead of gitea for now We're not replicating refs/changes to gitea right now, so links that point to cgit urls or gitea urls aren't going to work for gitweb urls. Change-Id: I71b4651dea5e627e2a7045b61d512047223b4ee8
2019-04-23 19:36:28 +00:00
$gitweb = true,
$cgit = false,
$web_repo_url = false,
Generate cgit links with '/' character instead of '%2F' The generated cgit links in the Gerrit change screen contain "%2F" in URL instead of "/" character. Add the urlEncode setting to make Gerrit generate links with "/" character instead. Change-Id: I07d1b3175c039bba0d8b7392c756fa6a5b2e74e9 depends-on: I0ed9f2e872617d601120a5ab15b512e30aae51b5
2015-10-16 12:04:50 -07:00
$web_repo_url_encode = false,
Activate secondary index support for Gerrit Partial-Bug: #1082781 Change-Id: Iba923e99875c8e8380730fae2a0e969a4eb755f9
2014-04-04 10:10:53 -07:00
$secondary_index = true,
Customize the 'Report Bug' link on Gerrit UI Change the 'Report Bug' link on the Gerrit UI to 'Get Help' and redirect it to the Openstack help docs. depends-on: I674bac2b2f9999e5a8bab55b3bd47f4d4fbb96d2 Change-Id: I23702f111eb65c1537bebb55cb8bbfa26223f116
2015-09-08 10:09:10 -07:00
$report_bug_text = 'Get Help',
Use https://docs.openstack.org everywhere We have lots of links and redirects into docs.o.o using http but we host via https now. Avoid unnecessary redirects and point directly at https. Change-Id: I3a01533afa5915dcfc0a7220dd511819911108ca
2017-04-18 16:41:35 -07:00
$report_bug_url = 'https://docs.openstack.org/infra/system-config/project.html#contributing',
Allow Gerrit to use 4 threads for indexing changes. Indexing Gerrit changes can be a time consuming operation. By default Gerrit allocates 1 thread to index changes. This will increase that to 4 threads which will hopefully make the indexing operation faster. Change-Id: I1ff7a09054cb7782acf483aa736ead763a8417db depends-on: I3aa1909d3edc8aa52d026b3f8e0dfafac4e14f6d
2015-11-04 11:28:15 -08:00
$index_threads = 1,
Customize Gerrit's download command and schema Configure Gerrit's download plugin to show all available protocol to our openstack repos in the downloads list. We support ssh, anonymous http, and anonymous git. Set to not show http because it duplicates anon_http due to change I24946f5feea Depends-on: Ia6a3a28cce62b6bd1570fd0ab5b1224fc35d8284 Change-Id: I6d34e75da71186ca4744525fd1143e75b4394a18
2016-04-01 11:20:49 -07:00
$download = {},
Limit the file size that can be pushed to Gerrit We need to limit the size of the files that can be uploaded to Gerrit because large files can break replication to Github due to Github's size restrictions. We've seen this happen with users pushing large binary files. Change-Id: Iff1fb7c83756ccfc73d39585db93655ffe88b136 depends-on: Iad06bfc421ce73aeb1e1496f86cc244624599bec
2015-12-30 12:42:35 -08:00
$receive_max_object_size_limit = '100 m',
Bump gerrit account caches to 32768 Apparently we might need to keep all account entries in memory. We currently have 26k accounts, so this gives us head room. Change-Id: I33280ecc4c0bb24600ca78814e0a953d9dc696d7
2017-09-20 07:52:48 -07:00
$cache_accounts = 32768,
$cache_accounts_byemail = 32768,
$cache_accounts_byname = 32768,
$cache_groups_byuuid = 32768,
Refactor gerrit commentlinks parameter Refactor the commentlinks to allow review.o.o and review-dev.o.o to define seperate comment links. We essentially want to point review.o.o story links to storyboard.o.o and review-dev.o.o links to storyboard-dev.o.o Change-Id: I70e5791a76ca97756613c393e598978ec13c8271
2016-06-16 23:14:34 -07:00
$commentlinks = [],
Override commit message length validation to 72 chars By default Gerrit's commit validation plugin is set to check commit message for max length of 70 however Openstack documentation[1] says max commit message length should be 72. Configure Openstack's gerrit to match documentation. [1] https://wiki.openstack.org/wiki/GitCommitMessages#Summary_of_Git_commit_message_structure depends-on: Id7aff7d6d7250da804c690fbe6ff5b81f408d113 Change-Id: I6571fe4e894c973a4b74857118e726b70e89e2a4
2016-05-13 09:56:17 -07:00
$commitmessage_params = {},
Configure its-storyboard plugin Add configurations for the its-storyboard plugin: 1. Move java_home variable to a higher level module so it can be used to install certificate on review-dev.o.o 2. Configure its-storyboard for review.o.o and review-dev.o.o 3. Associate review.o.o with storyboard.o.o and review-dev.o.o with storyboard-dev.o.o 4. Import ssl certificate to java on review-dev.o.o so that the plugin can POST updates to storyboard-dev.o.o using storyboard REST APIs. 5. Configure rules (or conditions) telling its-plugin to update storyboard tasks status on specific gerrit change updates. Gerrit change to storyboard task transition mapping: change abandoned -> SB task set to 'todo' change createed or change restored -> SB task set to 'review' change merged -> SB task set to 'merged' Change-Id: Id6ec16e267fca5fbbc42b1d3547fc5d2fa4c671b depends-on: I9f47a2ed88ffbe827e494a478c0dc89a08bbe370 depends-on: I5e817fab8a8973b688fd44dd819e3616df171321
2016-06-17 00:17:10 -07:00
$its_plugins = [],
$its_rules = [],
$java_home = '',
Switch SSO URL to login.ubuntu.com It's the same site, but login.ubuntu.com is the 'real' one and launchpad.net is an alias. login.launchpad.net seems to be less important to the admins. Change-Id: Ic3a68886fb846699860a58ea76c16f2749f05897
2016-12-13 09:53:36 -06:00
$openidssourl = 'https://login.ubuntu.com/+openid',
Make an OpenStack Gerrit base class. Change-Id: Ib16ff355199d330a74aaef384a11628b649f06ec
2012-07-20 19:51:44 -07:00
) {
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
Get openstackwatch working using puppet. Created an openstackwatch puppet manifest in modules/jeepyb. Created an openstackwatch puppet template in modules/jeepyb. Added a puppet class in modules/openstack_project/manifests/gerrit.pp. Change-Id: Id38cda4fdf9feee4f018bc5ccb0ebbf462311061 Reviewed-on: https://review.openstack.org/23584 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: Khai Do <zaro0508@gmail.com> Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-05 13:12:02 -05:00
class { 'jeepyb::openstackwatch':
Added swift store credentials to openstackwatch. Openstackwatch is configured to store feed data in a swift object store. This patch adds credentials to access that swift store. Change-Id: I61d9032150ae40fb7d207b5861cf0cf448f6feda Reviewed-on: https://review.openstack.org/24784 Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-19 12:18:17 -04:00
projects => [
Increasing projects for openstackwatch to track. *modules/openstack_project/manifests/gerrit.pp Added more projects to track. Change-Id: I08aefc82ac7e18c83690f09a29fcc7926dd5ca16 Reviewed-on: https://review.openstack.org/26117 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-04-04 13:51:38 -04:00
'openstack/ceilometer',
Get openstackwatch working using puppet. Created an openstackwatch puppet manifest in modules/jeepyb. Created an openstackwatch puppet template in modules/jeepyb. Added a puppet class in modules/openstack_project/manifests/gerrit.pp. Change-Id: Id38cda4fdf9feee4f018bc5ccb0ebbf462311061 Reviewed-on: https://review.openstack.org/23584 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: Khai Do <zaro0508@gmail.com> Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-05 13:12:02 -05:00
'openstack/cinder',
Increasing projects for openstackwatch to track. *modules/openstack_project/manifests/gerrit.pp Added more projects to track. Change-Id: I08aefc82ac7e18c83690f09a29fcc7926dd5ca16 Reviewed-on: https://review.openstack.org/26117 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-04-04 13:51:38 -04:00
'openstack/glance',
'openstack/heat',
'openstack/horizon',
'openstack/infra',
Get openstackwatch working using puppet. Created an openstackwatch puppet manifest in modules/jeepyb. Created an openstackwatch puppet template in modules/jeepyb. Added a puppet class in modules/openstack_project/manifests/gerrit.pp. Change-Id: Id38cda4fdf9feee4f018bc5ccb0ebbf462311061 Reviewed-on: https://review.openstack.org/23584 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: Khai Do <zaro0508@gmail.com> Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-05 13:12:02 -05:00
'openstack/keystone',
Increasing projects for openstackwatch to track. *modules/openstack_project/manifests/gerrit.pp Added more projects to track. Change-Id: I08aefc82ac7e18c83690f09a29fcc7926dd5ca16 Reviewed-on: https://review.openstack.org/26117 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-04-04 13:51:38 -04:00
'openstack/nova',
'openstack/oslo',
Rename quantum to neutron See: https://wiki.openstack.org/wiki/Network/neutron-renaming Change-Id: If1bc26259a2a3e79012b63fe33af50372f7f2b43 Reviewed-on: https://review.openstack.org/35853 Tested-by: Jenkins Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: James E. Blair <corvus@inaugust.com>
2013-07-05 11:27:27 -07:00
'openstack/neutron',
Increasing projects for openstackwatch to track. *modules/openstack_project/manifests/gerrit.pp Added more projects to track. Change-Id: I08aefc82ac7e18c83690f09a29fcc7926dd5ca16 Reviewed-on: https://review.openstack.org/26117 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Tested-by: Jenkins
2013-04-04 13:51:38 -04:00
'openstack/swift',
'openstack/tempest',
Get openstackwatch working using puppet. Created an openstackwatch puppet manifest in modules/jeepyb. Created an openstackwatch puppet template in modules/jeepyb. Added a puppet class in modules/openstack_project/manifests/gerrit.pp. Change-Id: Id38cda4fdf9feee4f018bc5ccb0ebbf462311061 Reviewed-on: https://review.openstack.org/23584 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: Khai Do <zaro0508@gmail.com> Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-05 13:12:02 -05:00
'openstack-dev/devstack',
],
Added swift store credentials to openstackwatch. Openstackwatch is configured to store feed data in a swift object store. This patch adds credentials to access that swift store. Change-Id: I61d9032150ae40fb7d207b5861cf0cf448f6feda Reviewed-on: https://review.openstack.org/24784 Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-19 12:18:17 -04:00
container => 'rss',
Rename review.openstack.org to review.opendev.org There are many references to review.openstack.org, and while the redirect should work, we can also go ahead and fix them. Change-Id: I28f398796a6392a3dffea1d25cfe2ae3a36a3589
2019-05-09 14:38:02 +00:00
json_url => 'https://review.opendev.org/query?q=status:open',
Added swift store credentials to openstackwatch. Openstackwatch is configured to store feed data in a swift object store. This patch adds credentials to access that swift store. Change-Id: I61d9032150ae40fb7d207b5861cf0cf448f6feda Reviewed-on: https://review.openstack.org/24784 Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2013-03-19 12:18:17 -04:00
swift_username => $swift_username,
swift_password => $swift_password,
swift_auth_url => 'https://auth.api.rackspacecloud.com/v1.0',
auth_version => '1.0',
Get openstackwatch working using puppet. Created an openstackwatch puppet manifest in modules/jeepyb. Created an openstackwatch puppet template in modules/jeepyb. Added a puppet class in modules/openstack_project/manifests/gerrit.pp. Change-Id: Id38cda4fdf9feee4f018bc5ccb0ebbf462311061 Reviewed-on: https://review.openstack.org/23584 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com> Reviewed-by: Khai Do <zaro0508@gmail.com> Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2013-03-05 13:12:02 -05:00
}
Add in root level scoping. Change-Id: I6fcdf293f719aa3fa18a3c5b4f7d8d64059b6f9c
2012-07-23 17:19:55 -05:00
class { '::gerrit':
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
vhost_name => $vhost_name,
canonicalweburl => $canonicalweburl,
Change http download command to point to git.o.o The http download command on the Gerrit change screen points to review.o.o We prefer it to point to the replicated repos because those are faster and there are many more of them. Depends-on: I4fa1cc7b1f0b717c35dc4eccedb635c9f3680c26 Change-Id: I24946f5feeae11b6659982d79f119d84335cc237
2016-03-31 12:41:20 -07:00
git_http_url => $git_http_url,
Make git protocol point to git.o.o Openstack supports the git protocol (git://git.openstack.org/) for accessing our repros[1]. The anoymous git download command on the Gerrit change screen points to review.o.o We prefer it to point to the cgit servers because those are faster and there are many more of them. [1] https://git.openstack.org/cgit/openstack-infra/system-config Change-Id: I7989769b3e702c9f924b76e862e775d5717fb529 Depends-on: I5bd57d91b4d4a685328efe4d589a191debaa0fe5
2016-04-01 09:56:09 -07:00
canonical_git_url => $canonical_git_url,
Make an OpenStack Gerrit base class. Change-Id: Ib16ff355199d330a74aaef384a11628b649f06ec
2012-07-20 19:51:44 -07:00
# opinions
Disable Gerrit drafts feature Gerrit enables drafts by default but we want it disabled because we prefer using the 'work in progress' (WIP) workflow. Change-Id: I53f7a80a3b2596a9af32f6f910091fa3af1106e0 depends-on: Iea970a85d433d8707102a3dcaf8cbae2d5662b6e
2015-12-08 18:48:15 -08:00
allow_drafts => false,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
enable_melody => true,
melody_session => true,
robots_txt_source => 'puppet:///modules/openstack_project/gerrit/robots.txt',
Add configuration option to disable top level menu for javamelody plugin Change-Id: I696db6a16b1ba57000951186367501c376f321de
2014-04-30 00:18:20 +02:00
enable_javamelody_top_menu => false,
Make an OpenStack Gerrit base class. Change-Id: Ib16ff355199d330a74aaef384a11628b649f06ec
2012-07-20 19:51:44 -07:00
# passthrough
Configure its-storyboard plugin Add configurations for the its-storyboard plugin: 1. Move java_home variable to a higher level module so it can be used to install certificate on review-dev.o.o 2. Configure its-storyboard for review.o.o and review-dev.o.o 3. Associate review.o.o with storyboard.o.o and review-dev.o.o with storyboard-dev.o.o 4. Import ssl certificate to java on review-dev.o.o so that the plugin can POST updates to storyboard-dev.o.o using storyboard REST APIs. 5. Configure rules (or conditions) telling its-plugin to update storyboard tasks status on specific gerrit change updates. Gerrit change to storyboard task transition mapping: change abandoned -> SB task set to 'todo' change createed or change restored -> SB task set to 'review' change merged -> SB task set to 'merged' Change-Id: Id6ec16e267fca5fbbc42b1d3547fc5d2fa4c671b depends-on: I9f47a2ed88ffbe827e494a478c0dc89a08bbe370 depends-on: I5e817fab8a8973b688fd44dd819e3616df171321
2016-06-17 00:17:10 -07:00
java_home => $java_home,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
ssh_replication_rsa_key_contents => $ssh_replication_rsa_key_contents,
ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
email => $email,
Switch review-dev.openstack.org to login.ubuntu.com Change-Id: Ifbcd006c6149d2256c636ac440a67387c344bd7e
2016-12-13 09:55:03 -06:00
openidssourl => $openidssourl,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
database_poollimit => $database_poollimit,
container_heaplimit => $container_heaplimit,
core_packedgitopenfiles => $core_packedgitopenfiles,
core_packedgitlimit => $core_packedgitlimit,
core_packedgitwindowsize => $core_packedgitwindowsize,
sshd_threads => $sshd_threads,
httpd_acceptorthreads => $httpd_acceptorthreads,
httpd_minthreads => $httpd_minthreads,
httpd_maxthreads => $httpd_maxthreads,
Increase the HTTP incoming connection queue Upstream Gerrit confirms that the default value for the httpd.maxQueued value was set too low. The fix[1] for it was to change the default to 200 however the fix is only in version 2.12+ not in 2.11. clarkb confirmed that we are seeing the same error (stack trace linked in 1st ml thread in upstream fix[1]) in review.o.o logs. This likey indicates that VM starvation (due to GC) is making Gerrit to slow to process incoming client requests so it pushes more requests into the queue than it can handle. Once the queue is exhausted the requests get rejected with 500 errors. Increasing the max number of client connections may help alleviate this situation until Gerrit can catch up. [1] https://gerrit-review.googlesource.com/#/c/70627 depends-on: Iea202fcfe7af4a9d5b4c3a360124c24649b1133b Change-Id: I8d6c8d9ec6348fc6b950744237e527133a625bbe
2016-02-03 16:18:02 -08:00
httpd_maxqueued => $httpd_maxqueued,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
httpd_maxwait => $httpd_maxwait,
Increate gerrit user connection limit by 50% Zuul has hit a scenario where a git repo update was unable to talk to gerrit via ssh because it had reached its per user connection limit [0]. This then led to some openstack job failing [1]. The default limit (which we were using) is 64 connection per user. Apparently this is not quite enough for a busy zuul? Increase this by 50% up to 96. [0] http://paste.openstack.org/show/754741/ [1] http://lists.openstack.org/pipermail/release-job-failures/2019-July/001193.html Change-Id: Ibeca2208485608f3b61aa716184165342bfcc3c9
2019-07-22 15:29:19 -07:00
sshd_max_connections_per_user => '96',
Refactor gerrit commentlinks parameter Refactor the commentlinks to allow review.o.o and review-dev.o.o to define seperate comment links. We essentially want to point review.o.o story links to storyboard.o.o and review-dev.o.o links to storyboard-dev.o.o Change-Id: I70e5791a76ca97756613c393e598978ec13c8271
2016-06-16 23:14:34 -07:00
commentlinks => $commentlinks,
Configure its-storyboard plugin Add configurations for the its-storyboard plugin: 1. Move java_home variable to a higher level module so it can be used to install certificate on review-dev.o.o 2. Configure its-storyboard for review.o.o and review-dev.o.o 3. Associate review.o.o with storyboard.o.o and review-dev.o.o with storyboard-dev.o.o 4. Import ssl certificate to java on review-dev.o.o so that the plugin can POST updates to storyboard-dev.o.o using storyboard REST APIs. 5. Configure rules (or conditions) telling its-plugin to update storyboard tasks status on specific gerrit change updates. Gerrit change to storyboard task transition mapping: change abandoned -> SB task set to 'todo' change createed or change restored -> SB task set to 'review' change merged -> SB task set to 'merged' Change-Id: Id6ec16e267fca5fbbc42b1d3547fc5d2fa4c671b depends-on: I9f47a2ed88ffbe827e494a478c0dc89a08bbe370 depends-on: I5e817fab8a8973b688fd44dd819e3616df171321
2016-06-17 00:17:10 -07:00
its_plugins => $its_plugins,
its_rules => $its_rules,
Add Gerrit tracking id for storyboard This change will allow users to query Gerrit for a Storyboard story using search string 'tr:<tracking id>' or 'story:<tracking id>'. For example you can do a query in gerrit for 'story:2000070'. feature reference: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#trackingid Change-Id: Ie6c70bd02e40a6ac3a70c9fa5a0efe33a3e8e7cb
2014-12-09 14:01:10 -08:00
trackingids => [
Add a trackingid for Launchpad bug headers Add a Launchpad trackingid in Gerrit for our standard {Closes,Partial,Related}-Bug headers so that the tr/bug search operator can be used to find them easily. This will need not only a Gerrit restart (because it's changing the gerrit.config file), but also a reindex (online reindex works fine for this). The resulting configuration has already been tested on review-dev.openstack.org and works as intended. Change-Id: I113cb139ff5df1d6ec05f060dd3330ab44458a89 Depends-On: I99e16246e81b7ebc50e96054a2e3790aed0089bc
2017-06-05 18:10:36 +00:00
{
name => 'launchpad-bug',
footers => ['closes-bug:', 'partial-bug:', 'related-bug:'],
Add more \\ to launchpad-bug Gerrit tracking-id The number of backslashes necessary to escape a value in a Gerrit config managed in a Puppet manifest is astounding. We need four, so make sure we have enough in the launchpad-bug tracking-id match string value. Change-Id: Ie2e757e77286ab34547d3950a18e8b1bb4eb2c5f
2018-12-21 23:01:07 +00:00
match => '\\\\#?(\\\\d+)',
Add a trackingid for Launchpad bug headers Add a Launchpad trackingid in Gerrit for our standard {Closes,Partial,Related}-Bug headers so that the tr/bug search operator can be used to find them easily. This will need not only a Gerrit restart (because it's changing the gerrit.config file), but also a reindex (online reindex works fine for this). The resulting configuration has already been tested on review-dev.openstack.org and works as intended. Change-Id: I113cb139ff5df1d6ec05f060dd3330ab44458a89 Depends-On: I99e16246e81b7ebc50e96054a2e3790aed0089bc
2017-06-05 18:10:36 +00:00
system => 'Launchpad',
},
Add Gerrit tracking id for storyboard This change will allow users to query Gerrit for a Storyboard story using search string 'tr:<tracking id>' or 'story:<tracking id>'. For example you can do a query in gerrit for 'story:2000070'. feature reference: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#trackingid Change-Id: Ie6c70bd02e40a6ac3a70c9fa5a0efe33a3e8e7cb
2014-12-09 14:01:10 -08:00
{
Add storyboard task to Gerrit tracking id Save storyboard tasks to Gerrit's secondary index[1] [1] https://review.openstack.org/Documentation/config-gerrit.html#trackingid Change-Id: I06e8f70fefdbb6e0d654aa05ad26538beb1e92fd
2016-07-19 18:14:20 -07:00
name => 'storyboard-story',
Add Gerrit tracking id for storyboard This change will allow users to query Gerrit for a Storyboard story using search string 'tr:<tracking id>' or 'story:<tracking id>'. For example you can do a query in gerrit for 'story:2000070'. feature reference: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#trackingid Change-Id: Ie6c70bd02e40a6ac3a70c9fa5a0efe33a3e8e7cb
2014-12-09 14:01:10 -08:00
footer => 'story:',
Double the gerrit regex backslashes The current amount of backslashes is not good enough for gerrit, and it rejects the config file. Probably related to futureparser? In any case, we need doubled-backslashes in the generated file, so 4 backslashes does the right thing in the puppet. Change-Id: I950b8efbcb876b2d1309f1117626a41ef22025b0
2018-09-27 08:15:57 -05:00
match => '\\\\#?(\\\\d+)',
Add Gerrit tracking id for storyboard This change will allow users to query Gerrit for a Storyboard story using search string 'tr:<tracking id>' or 'story:<tracking id>'. For example you can do a query in gerrit for 'story:2000070'. feature reference: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#trackingid Change-Id: Ie6c70bd02e40a6ac3a70c9fa5a0efe33a3e8e7cb
2014-12-09 14:01:10 -08:00
system => 'Storyboard',
},
Add storyboard task to Gerrit tracking id Save storyboard tasks to Gerrit's secondary index[1] [1] https://review.openstack.org/Documentation/config-gerrit.html#trackingid Change-Id: I06e8f70fefdbb6e0d654aa05ad26538beb1e92fd
2016-07-19 18:14:20 -07:00
{
name => 'storyboard-task',
footer => 'task:',
Double the gerrit regex backslashes The current amount of backslashes is not good enough for gerrit, and it rejects the config file. Probably related to futureparser? In any case, we need doubled-backslashes in the generated file, so 4 backslashes does the right thing in the puppet. Change-Id: I950b8efbcb876b2d1309f1117626a41ef22025b0
2018-09-27 08:15:57 -05:00
match => '\\\\#?(\\\\d+)',
Add storyboard task to Gerrit tracking id Save storyboard tasks to Gerrit's secondary index[1] [1] https://review.openstack.org/Documentation/config-gerrit.html#trackingid Change-Id: I06e8f70fefdbb6e0d654aa05ad26538beb1e92fd
2016-07-19 18:14:20 -07:00
system => 'Storyboard',
},
Add Gerrit tracking id for storyboard This change will allow users to query Gerrit for a Storyboard story using search string 'tr:<tracking id>' or 'story:<tracking id>'. For example you can do a query in gerrit for 'story:2000070'. feature reference: https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#trackingid Change-Id: Ie6c70bd02e40a6ac3a70c9fa5a0efe33a3e8e7cb
2014-12-09 14:01:10 -08:00
],
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
war => $war,
Plumb mysql host through gerrit.pp Change-Id: I9fceda90f9e9a06bc738e70f35595b7f05426ab0
2014-04-28 15:32:15 -07:00
mysql_host => $mysql_host,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
mysql_password => $mysql_password,
upgrade review-dev.o.o with gerrit v2.13.9 This updates the gerrit war, plugin versions, and sets the new accountPatchReviewDb url value to use mysql. Also uses updated Gerrit query api paths for changeid and sha1 lookups in commentlinks. Depends-On: Ifc04395f076200a68e6398190a0712c80e5278c6 Change-Id: Ic1a116b1608eb9134d18dad9463b9b9b142700fa
2017-04-04 13:25:14 -07:00
accountpatchreviewdb_url => $accountpatchreviewdb_url,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
email_private_key => $email_private_key,
Support restTokenPrivateKey on review.o.o It's not clear what this does, but pass it in just in case it's important. Depends-On: I3f3b2f11556f2bd745bfd2177982061128df11af Change-Id: I35f0ffd6c54e00f996a9304c045a731e37f32b45
2015-05-09 16:41:12 +00:00
token_private_key => $token_private_key,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
replicate_local => $replicate_local,
Make gerrit git replica and jeepyb paths configurable * Gerrit: make the path to the local replica configurable (default to /var/lib/git) * Set the local replica path on review-dev to /opt/lib/git * Gerrit: make the jeepyb cache dir configurable (default to /opt/lib/jeepyb) Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
2014-04-24 08:51:56 -07:00
replicate_path => $local_git_dir,
Add the Gerrit replication plugin paramater 'defaultForceUpdate' The Gerrit 2.9 replication plugin added an explicit defaultForceUpdate parameter. This change adds it to the puppet script and sets the parameter to true. Depends-on: Ia77319ec95636e42d0b0860901dc6f3b34f4750d Change-Id: I716d4afcd8d503edd1b66d5ea732a151e66b09e4
2015-02-11 16:48:18 -08:00
replication_force_update => $replication_force_update,
Enable gerrit replication.autoReload for review-dev This enables automatic reload of the replication configuration for review-dev. Depends-On: https://review.openstack.org/650049 Change-Id: I3be630339870d527bedcfbd84b8dc8084dc10f4b
2019-04-04 11:11:48 -04:00
replication_auto_reload => $replication_auto_reload,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
replication => $replication,
gitweb => $gitweb,
cgit => $cgit,
web_repo_url => $web_repo_url,
Generate cgit links with '/' character instead of '%2F' The generated cgit links in the Gerrit change screen contain "%2F" in URL instead of "/" character. Add the urlEncode setting to make Gerrit generate links with "/" character instead. Change-Id: I07d1b3175c039bba0d8b7392c756fa6a5b2e74e9 depends-on: I0ed9f2e872617d601120a5ab15b512e30aae51b5
2015-10-16 12:04:50 -07:00
web_repo_url_encode => $web_repo_url_encode,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
testmode => $testmode,
Activate secondary index support for Gerrit Partial-Bug: #1082781 Change-Id: Iba923e99875c8e8380730fae2a0e969a4eb755f9
2014-04-04 10:10:53 -07:00
secondary_index => $secondary_index,
Add replication key for gerrit from hiera The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00
require => Class[openstack_project::server],
Customize the 'Report Bug' link on Gerrit UI Change the 'Report Bug' link on the Gerrit UI to 'Get Help' and redirect it to the Openstack help docs. depends-on: I674bac2b2f9999e5a8bab55b3bd47f4d4fbb96d2 Change-Id: I23702f111eb65c1537bebb55cb8bbfa26223f116
2015-09-08 10:09:10 -07:00
report_bug_text => $report_bug_text,
report_bug_url => $report_bug_url,
Allow Gerrit to use 4 threads for indexing changes. Indexing Gerrit changes can be a time consuming operation. By default Gerrit allocates 1 thread to index changes. This will increase that to 4 threads which will hopefully make the indexing operation faster. Change-Id: I1ff7a09054cb7782acf483aa736ead763a8417db depends-on: I3aa1909d3edc8aa52d026b3f8e0dfafac4e14f6d
2015-11-04 11:28:15 -08:00
index_threads => $index_threads,
Customize Gerrit's download command and schema Configure Gerrit's download plugin to show all available protocol to our openstack repos in the downloads list. We support ssh, anonymous http, and anonymous git. Set to not show http because it duplicates anon_http due to change I24946f5feea Depends-on: Ia6a3a28cce62b6bd1570fd0ab5b1224fc35d8284 Change-Id: I6d34e75da71186ca4744525fd1143e75b4394a18
2016-04-01 11:20:49 -07:00
download => $download,
Limit the file size that can be pushed to Gerrit We need to limit the size of the files that can be uploaded to Gerrit because large files can break replication to Github due to Github's size restrictions. We've seen this happen with users pushing large binary files. Change-Id: Iff1fb7c83756ccfc73d39585db93655ffe88b136 depends-on: Iad06bfc421ce73aeb1e1496f86cc244624599bec
2015-12-30 12:42:35 -08:00
receive_max_object_size_limit => $receive_max_object_size_limit,
Override commit message length validation to 72 chars By default Gerrit's commit validation plugin is set to check commit message for max length of 70 however Openstack documentation[1] says max commit message length should be 72. Configure Openstack's gerrit to match documentation. [1] https://wiki.openstack.org/wiki/GitCommitMessages#Summary_of_Git_commit_message_structure depends-on: Id7aff7d6d7250da804c690fbe6ff5b81f408d113 Change-Id: I6571fe4e894c973a4b74857118e726b70e89e2a4
2016-05-13 09:56:17 -07:00
commitmessage_params =>
{
maxLineLength => '72',
},
Pass gerrit cache options through to puppet-gerrit We accepted these parameters at a system-config level but were not passing through to puppet-gerrit manifest which actually writes out the template file. Add these to the ::gerrit class instantiation. Change-Id: I2abd24727ba39e3743b2d6b6ec279c70faf24d10
2017-09-19 14:05:15 -07:00
cache_accounts => $cache_accounts,
cache_accounts_byemail => $cache_accounts_byemail,
cache_accounts_byname => $cache_accounts_byname,
cache_groups_byuuid => $cache_groups_byuuid,
Make an OpenStack Gerrit base class. Change-Id: Ib16ff355199d330a74aaef384a11628b649f06ec
2012-07-20 19:51:44 -07:00
}
Backup review and wiki MySQL DBs. * modules/openstack_project/manifests/review_dev.pp: Remove mysql_backup, gerrit.pp will do this for review_dev now. * modules/openstack_project/manifests/gerrit.pp: Put MySQL backups in central Gerrit manifest. This will backup MySQL locally for review and review-dev. * modules/openstack_project/manifests/wiki.pp: Backup wiki MySQL DB locally wth the mysql_backup module. These changes make it possible to do offsite DB backups with bup by first backing up the databases locally. Change-Id: I932b439c153e461fa9c6b454e132137949bd08df
2013-08-28 12:07:15 -07:00
Fix gerrit database backups The gerrit database is now remote, or at least we have a hostname for it, so we should use the backup_remote class. Also, we don't make the dbbackups files anymore, so stop trying to compress them. Change-Id: Iddbaaef9b9fd089f074abeeb988f7cd052c80d25
2014-05-02 12:28:19 -07:00
mysql_backup::backup_remote { 'gerrit':
database_host => $mysql_host,
database_user => 'gerrit2',
database_password => $mysql_password,
Move gerrit's MySQL backups to gerrit homedir The root partition on review.o.o is fairly small, and 30 days of backups recently filled it up. On the other hand, we have plenty of space in /home/gerrit2 - so just stick them there. Change-Id: Ic8286ad175dedfa039b6563204fdf8d5681b9af9
2017-01-19 08:29:07 -06:00
dest_dir => '/home/gerrit2/mysql_backups',
Reduce local db backup retention to 10 days This reduces overall backups by a third saving space on local disk. This puts a greater reliance on offsite backups but we need those working anyways. Change-Id: I0397092646866fad1b828032a362f6814b88f26e
2017-01-25 11:22:09 -08:00
num_backups => '10',
Fix gerrit database backups The gerrit database is now remote, or at least we have a hostname for it, so we should use the backup_remote class. Also, we don't make the dbbackups files anymore, so stop trying to compress them. Change-Id: Iddbaaef9b9fd089f074abeeb988f7cd052c80d25
2014-05-02 12:28:19 -07:00
require => Class['::gerrit'],
Backup review and wiki MySQL DBs. * modules/openstack_project/manifests/review_dev.pp: Remove mysql_backup, gerrit.pp will do this for review_dev now. * modules/openstack_project/manifests/gerrit.pp: Put MySQL backups in central Gerrit manifest. This will backup MySQL locally for review and review-dev. * modules/openstack_project/manifests/wiki.pp: Backup wiki MySQL DB locally wth the mysql_backup module. These changes make it possible to do offsite DB backups with bup by first backing up the databases locally. Change-Id: I932b439c153e461fa9c6b454e132137949bd08df
2013-08-28 12:07:15 -07:00
}
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
if ($testmode == false) {
Set cron job to gc repositories instead of repack Change I4e171b17a7b4 replaced repack with gc for the git replication and mirrors but did not include the repos for the gerrit site. This will change will enable gc for the repos in the gerrit site and local replication on review.o.o Change-Id: I2ff5f40830c3753f24e65dfb44ae9272266d7be1 Depends-on: I7a5364a07c3e07ffc9a053a73fab0c16861fc1c5
2016-07-14 13:00:46 -07:00
class { 'gerrit::cron':
gitgc_repos => true,
}
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
class { 'github':
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
username => $github_username,
project_username => $github_project_username,
project_password => $github_project_password,
oauth_token => $github_oauth_token,
require => Class['::gerrit']
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
}
}
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
file { '/home/gerrit2/review_site/static/cla.html':
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
replace => true,
Enable Gerrit CLA and Contact Store on review-dev. This replaces the previous Echosign+Launchpad+Wiki+approver-based asynchronous contributor license agreement signing process with a fully-automated one contained entirely within Gerrit itself. Note that the CLA features in Gerrit's WebUI depend on a modified gerrit.war with an earlier patch reverted: https://review.openstack.org/12716 * manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec and contactstore_pubkey private material from hiera, for use by Gerrit's contact store feature. Similar entries should be added for review.openstack.org before going into production. * modules/gerrit/manifests/init.pp(gerrit): Add contactstore, contactstore_appsec and contactstore_url variables needed by the gerrit.config.erb template, and contactstore_pubkey needed by the contact_information.pub.erb template. Add a conditional block so that if contactstore is enabled it installs the libbcpg-java package which Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into Gerrit's lib directory, and builds contact_information.pub from the contact_information.pub.erb template. * modules/gerrit/templates/contact_information.pub.erb: New template which is effectively an empty file waiting to be filled with the contents of the contactstore_pubkey variable. The gerrit_contact_information.pub file built from it gets used to encrypt contact information filed by users in such a way that it can only be decrypted by the private key held by the Foundation. * modules/gerrit/templates/gerrit.config.erb(contactstore): New section, implemented conditionally for safety. Once enabled, if the contactstore_appsec and contactstore_url are unset then Gerrit will refuse to start. If the system referred to by contactstore_url is unresponsive or contactstore_appsec does not contain the shared secret it's expecting, contributors will be unable to file initial or updated contact information through Gerrit's WebUI. * modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML copy of http://wiki.openstack.org/CLA retaining all the original wording. This will probably need updating by OpenStack Foundation staff. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Add contactstore, contactstore_appsec, contactstore_pubkey and contactstore_url variables to pass back into the gerrit module. Also define the cla_description, cla_file, cla_id and cla_name variables which get used in the gerrit_set_agreements.sh.erb template. Add an entry to install the cla.html file. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Add the contactstore_appsec and contactstore_pubkey variables so they can be filled in by hiera. Override the war to pull in the g69c8fa6 test build which has the aforementioned CLA bits restored. Turn on contactstore and set contactstore_url to point to an existing test CGI on the Internet until the Foundation has theirs ready. Pass contactstore_appsec and contactstore_pubkey through up into gerrit.pp. Add an entry for the set_agreements.sh script built from the gerrit_set_agreements.sh.erb template and then execute it to add the new CLA to Gerrit's DB and mark the old one expired. Similar changes should be made in review.pp before going into production. * modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New template used to build a set_agreements.sh script which checks Gerrit's database and, if necessary, expires the old Echosign CLA and adds the new local CLA. These conditions are checked and associated operations performed independently, so subsequent runs become a no-op. Post-migration, this can probably be neutered further and kept around for pushing future CLA modifications into the database when needed. Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026 Reviewed-on: https://review.openstack.org/13058 Reviewed-by: Monty Taylor <mordred@inaugust.com> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-15 00:51:25 +00:00
require => Class['::gerrit'],
}
Add stub text for USG and system CLAs in Gerrit. Change-Id: I0743a79c5288df4725d8f27227738019c875f91c Reviewed-on: https://review.openstack.org/23385 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2013-03-03 18:48:28 +00:00
file { '/home/gerrit2/review_site/static/usg-cla.html':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/gerrit/usg-cla.html',
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/system-cla.html':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/gerrit/system-cla.html',
replace => true,
require => Class['::gerrit'],
}
Use new OpenStack logo on Gerrit sites This puts the new logo in place for our gerrit deployments. Had to move the header nav bar slightly to the right to get this to look well without overlapping significantly. Note that this has been tested locally using firefox to render the changes. Change-Id: I1d773e137dd41ac2d7ee9347941d95732dae0932
2017-04-18 16:32:18 -07:00
file { '/home/gerrit2/review_site/static/title.svg':
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
ensure => present,
Redirect review.openstack.org to review.opendev.org This is part of the opendev git hosting transition. We do this on review.opendev.org/review.openstack.org and not files.openstack.org so that ssh connections continue to work. This will need to be applied during the maintenance window. This also updates the canonical urls and logo. Change-Id: I5bf4dcd6835e379fcdd2d55393c5a844578074a9
2019-04-17 11:06:06 -07:00
source => 'puppet:///modules/openstack_project/opendev.svg',
Fix all of the gerrit module problems. Change-Id: I46001fd677bc9a3634c9860ec07438c326e908e3
2012-07-23 20:09:17 -05:00
require => Class['::gerrit'],
Reload the gerrit header with its dependencies When gerrit loads a header it adds the md5sum of the resources linked from within the header to the uri (eg static/hideci.js?e=1231d06b0e69a2dc7cf953b47f3b9d853b9). This is then evaluated when the static content is requested from the gerrit- server. As such when the md5 of one of the resources changes we need to reload the header for new sums to be calculated. Change-Id: I330f123d3eff6109539d9f06f80c8212a33781e1
2014-10-07 18:27:43 +11:00
notify => Exec['reload_gerrit_header'],
Split gerrit cron jobs out. Change-Id: I53faafc4d692c3dc62fd3356fd39f6e2ce64a481
2012-07-23 10:52:19 -05:00
}
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
Add button that shows/hides CI comments in Gerrit There are many CIs which automatically post comments in Gerrit and there is no way to filter those out from the normal comments posted by reviewers. This patch adds a new "Toggle CI" button to the Gerrit interface which shows/hides CI comments. The button is displayed only on review pages and is hidden everywhere else. Change-Id: I6ffca12d6314c63c0f1ab97d2c98a84a6ac790c9 Closes-Bug: 1282019
2014-05-27 15:07:38 +03:00
package { 'libjs-jquery':
ensure => present,
}
Fix jquery setup on Gerrit server. The libjs-query package sets up jquery on trusty with these files and sim links: ~$ ll /usr/share/javascript/jquery/ drwxr-xr-x 2 root root 4096 Jan 15 20:44 ./ drwxr-xr-x 5 root root 4096 Jan 15 20:44 ../ -rw-r--r-- 1 root root 252879 Jul 5 2013 jquery.js lrwxrwxrwx 1 root root 13 Jul 5 2013 jquery.lite.js -> jquery.min.js lrwxrwxrwx 1 root root 9 Jul 5 2013 jquery.min.js -> jquery.js lrwxrwxrwx 1 root root 13 Jul 5 2013 jquery.pack.js -> jquery.min.js -rw-r--r-- 1 root root 5 May 23 2012 version.txt The current puppet config is broken for trusty because it attempts to copy the link instead of the file. This results in a broken sim link to jquery and breaks the Toggle CI button on Gerrit because that button depends on jquery. This change corrects this situation by copying the file provided jquery.js file instead of the link. Change-Id: I18056ca528871d9a96218f0919bbd262da005f31
2015-03-17 09:53:48 -07:00
file { '/home/gerrit2/review_site/static/jquery.js':
Add button that shows/hides CI comments in Gerrit There are many CIs which automatically post comments in Gerrit and there is no way to filter those out from the normal comments posted by reviewers. This patch adds a new "Toggle CI" button to the Gerrit interface which shows/hides CI comments. The button is displayed only on review pages and is hidden everywhere else. Change-Id: I6ffca12d6314c63c0f1ab97d2c98a84a6ac790c9 Closes-Bug: 1282019
2014-05-27 15:07:38 +03:00
ensure => present,
Fix jquery setup on Gerrit server. The libjs-query package sets up jquery on trusty with these files and sim links: ~$ ll /usr/share/javascript/jquery/ drwxr-xr-x 2 root root 4096 Jan 15 20:44 ./ drwxr-xr-x 5 root root 4096 Jan 15 20:44 ../ -rw-r--r-- 1 root root 252879 Jul 5 2013 jquery.js lrwxrwxrwx 1 root root 13 Jul 5 2013 jquery.lite.js -> jquery.min.js lrwxrwxrwx 1 root root 9 Jul 5 2013 jquery.min.js -> jquery.js lrwxrwxrwx 1 root root 13 Jul 5 2013 jquery.pack.js -> jquery.min.js -rw-r--r-- 1 root root 5 May 23 2012 version.txt The current puppet config is broken for trusty because it attempts to copy the link instead of the file. This results in a broken sim link to jquery and breaks the Toggle CI button on Gerrit because that button depends on jquery. This change corrects this situation by copying the file provided jquery.js file instead of the link. Change-Id: I18056ca528871d9a96218f0919bbd262da005f31
2015-03-17 09:53:48 -07:00
source => '/usr/share/javascript/jquery/jquery.js',
require => [
File['/home/gerrit2/review_site/static'],
Class['::gerrit'],
Package['libjs-jquery'],
],
subscribe => Package['libjs-jquery'],
notify => Exec['reload_gerrit_header'],
Add button that shows/hides CI comments in Gerrit There are many CIs which automatically post comments in Gerrit and there is no way to filter those out from the normal comments posted by reviewers. This patch adds a new "Toggle CI" button to the Gerrit interface which shows/hides CI comments. The button is displayed only on review pages and is hidden everywhere else. Change-Id: I6ffca12d6314c63c0f1ab97d2c98a84a6ac790c9 Closes-Bug: 1282019
2014-05-27 15:07:38 +03:00
}
Serve up jquery-visibility.js for gerrit Grab the latest jquery-visibility, and put it into place in gerrit's static folder. Change-Id: I2a8c5ad638dc4a0d256c06c2c94cde1779b4f0be
2015-05-04 22:23:14 +10:00
vcsrepo { '/opt/jquery-visibility':
ensure => latest,
provider => git,
revision => 'master',
source => 'https://github.com/mathiasbynens/jquery-visibility.git',
}
file { '/home/gerrit2/review_site/static/jquery-visibility.js':
ensure => present,
source => '/opt/jquery-visibility/jquery-visibility.js',
subscribe => Vcsrepo['/opt/jquery-visibility'],
notify => Exec['reload_gerrit_header'],
require => [ File['/home/gerrit2/review_site/static'],
Class['::gerrit'] ]
}
Add button that shows/hides CI comments in Gerrit There are many CIs which automatically post comments in Gerrit and there is no way to filter those out from the normal comments posted by reviewers. This patch adds a new "Toggle CI" button to the Gerrit interface which shows/hides CI comments. The button is displayed only on review pages and is hidden everywhere else. Change-Id: I6ffca12d6314c63c0f1ab97d2c98a84a6ac790c9 Closes-Bug: 1282019
2014-05-27 15:07:38 +03:00
file { '/home/gerrit2/review_site/static/hideci.js':
ensure => present,
source => 'puppet:///modules/openstack_project/gerrit/hideci.js',
require => Class['::gerrit'],
Reload the gerrit header with its dependencies When gerrit loads a header it adds the md5sum of the resources linked from within the header to the uri (eg static/hideci.js?e=1231d06b0e69a2dc7cf953b47f3b9d853b9). This is then evaluated when the static content is requested from the gerrit- server. As such when the md5 of one of the resources changes we need to reload the header for new sums to be calculated. Change-Id: I330f123d3eff6109539d9f06f80c8212a33781e1
2014-10-07 18:27:43 +11:00
notify => Exec['reload_gerrit_header'],
Add button that shows/hides CI comments in Gerrit There are many CIs which automatically post comments in Gerrit and there is no way to filter those out from the normal comments posted by reviewers. This patch adds a new "Toggle CI" button to the Gerrit interface which shows/hides CI comments. The button is displayed only on review pages and is hidden everywhere else. Change-Id: I6ffca12d6314c63c0f1ab97d2c98a84a6ac790c9 Closes-Bug: 1282019
2014-05-27 15:07:38 +03:00
}
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
file { '/home/gerrit2/review_site/etc/GerritSite.css':
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
ensure => present,
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
Fix all of the gerrit module problems. Change-Id: I46001fd677bc9a3634c9860ec07438c326e908e3
2012-07-23 20:09:17 -05:00
require => Class['::gerrit'],
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
}
file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html':
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
ensure => present,
source =>
'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
Fix all of the gerrit module problems. Change-Id: I46001fd677bc9a3634c9860ec07438c326e908e3
2012-07-23 20:09:17 -05:00
require => Class['::gerrit'],
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
}
Reload the gerrit header with its dependencies When gerrit loads a header it adds the md5sum of the resources linked from within the header to the uri (eg static/hideci.js?e=1231d06b0e69a2dc7cf953b47f3b9d853b9). This is then evaluated when the static content is requested from the gerrit- server. As such when the md5 of one of the resources changes we need to reload the header for new sums to be calculated. Change-Id: I330f123d3eff6109539d9f06f80c8212a33781e1
2014-10-07 18:27:43 +11:00
exec { 'reload_gerrit_header':
Avoid race on reload_gerrit_header When updating Javascript included by Gerrit's site header, the way to get it reprocessed is to update the timestamp of the site header file. However anecdotal tests indicate that if the file's timestamp is updated too soon after the Javascript in question, this does not help. Introduce a 10-second delay between any Javascript replacement and updating the timestamp on the site header file to avoid this race. While we're here, correct an obvious typographical error in the executable path for the calling environment. Change-Id: I8ebd6d8f6dee227cd4f2c3820b40972bcda4ebce
2015-05-06 16:28:13 +00:00
command => 'sleep 10; touch /home/gerrit2/review_site/etc/GerritSiteHeader.html',
path => '/bin:/usr/bin',
Reload the gerrit header with its dependencies When gerrit loads a header it adds the md5sum of the resources linked from within the header to the uri (eg static/hideci.js?e=1231d06b0e69a2dc7cf953b47f3b9d853b9). This is then evaluated when the static content is requested from the gerrit- server. As such when the md5 of one of the resources changes we need to reload the header for new sums to be calculated. Change-Id: I330f123d3eff6109539d9f06f80c8212a33781e1
2014-10-07 18:27:43 +11:00
refreshonly => true,
}
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
cron { 'gerritsyncusers':
Broke launchpad user sync into its own class. Additionally, the file installation of the scripts wasn't working, so the sync script wasn't actually getting installed. This moves the underlying scripts to be installed by the gerrit module, because it owns /usr/local/gerrit/scripts, and then manages the gerrit hooks which call those scripts in the openstack_project class, since that's where the config choice to enable those functions really should live. Change-Id: I54fb9edd9fb0c634d8d9de4e57f9ddad6af63a99
2012-07-28 11:27:47 -05:00
ensure => absent,
}
Implement Gerrit CLA and Contact Store. This change fixes bug 1082754 and builds on the following prior work, which set up the underlying mechanisms and implemented them on review-dev: - https://review.openstack.org/12716 - https://review.openstack.org/13058 - https://review.openstack.org/13378 - https://review.openstack.org/13392 - https://review.openstack.org/13402 - https://review.openstack.org/13592 - https://review.openstack.org/14319 - https://review.openstack.org/14493 - https://review.openstack.org/16468 * manifests/site.pp(review.openstack.org): Add gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables similar to those used for review-dev.openstack.org. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Move the cla_description, cla_file, cla_id and cla_name variables here, since they'll be used by both review and review-dev servers. Same goes for the set_agreements.sh file block and set_contributor_agreements exec block. Also stop loading the launchpad_sync module and make sure the sync_launchpad_users cron job is removed from the server. * modules/openstack_project/manifests/review.pp (openstack_project::review): Add the contactstore_appsec and contactstore_pubkey variables being from from hiera. Update the .war file to one with "Hack out some CLA bits" reverted. Turn on contactstore, pass the contactstore_appsec and contactstore_pubkey variables through, and set the production contactstore_url. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Remove the definitions for cla_description, cla_file, cla_id and cla_name, along with the set_agreements.sh file block and set_contributor_agreements exec block since they're all in gerrit.pp now. Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6 Reviewed-on: https://review.openstack.org/14099 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-10-05 15:44:11 +00:00
cron { 'sync_launchpad_users':
ensure => absent,
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
}
file { '/home/gerrit2/review_site/hooks/change-merged':
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
replace => true,
require => Class['::gerrit'],
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
}
Add change-abandoned hook for gerrit in puppet Gerrit manifest for review servers was lacking the change-abandoned hook, even though jeepyb had already support for notifying LP bug when the linked review was being abandoned. This change adds the missing hook to the gerrit manifest as a file resource. Closes-Bug: 1319305 Change-Id: I07555bfbfe255239ab1aeaa5d14bcfa807005faf
2014-05-15 18:32:50 +00:00
file { '/home/gerrit2/review_site/hooks/change-abandoned':
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/openstack_project/gerrit/change-abandoned',
replace => true,
require => Class['::gerrit'],
}
Switch gerrit to project-config Change-Id: I3e7358b4bc64e494a5990c79d16fafc21f5ed6af
2014-09-19 15:38:45 -07:00
if ($notify_impact_file != 'UNDEF') {
file { '/home/gerrit2/review_site/hooks/notify_impact.yaml':
ensure => present,
source => $notify_impact_file,
require => Class['::gerrit'],
}
Add an initial subscriber map for notify_impact This only includes my team at the moment, but I will document how other teams can set this up soon. Change-Id: Ia8d47153e3eaf4ba3205723887dab41e334a4d6f
2013-11-20 08:42:39 +11:00
}
Move OpenStack branding and launchpad integration. Launchpad integration and the OpenStack branding files are really more about the OpenStack specific install of Gerrit than they are about any installation of gerrit. Both of these are moved to the openstack_project module. Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 11:34:36 -05:00
file { '/home/gerrit2/review_site/hooks/patchset-created':
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
Gerrit Trivial Rebase Detection Adds trivial_rebase.py for bug 881184. * modules/openstack_project/files/gerrit/scripts/trivial_rebase.py: A modified version of the contrib/trivial_rebase.py included in upstream Gerrit's git tree (we'll try to get individual patches submitted upstream soon): git clone https://gerrit.googlesource.com/gerrit * modules/openstack_project/files/gerrit/patchset-created: Moved to modules/openstack_project/templates/gerrit_patchset-created.erb and added an entry for the trivial_rebase.py script with variables for its command-line options sourced from gerrit.pp and review{,_dev}.pp. * modules/openstack_project/manifests/gerrit.pp: Changed the file definition for /home/gerrit2/review_site/hooks/patchset-created to use a template, adding the ssh_host_key and trivial_rebase_role_id variables it requires. Added a file entry for trivial_rebase.py as well, since we're putting it in modules/openstack_project instead of modules/gerrit where the existing scripts reside (we'll eventually want to move all of modules/gerrit/files/scripts out of there at some point, but not now). * modules/openstack_project/manifests/review_dev.pp: Override the trivial_rebase_role_id variable to trivial-rebase@review-dev.o.o on review-dev. * modules/openstack_project/manifests/review.pp: Override the trivial_rebase_role_id variable to trivial-rebase@review.o.o on review. Change-Id: I941f15525c72b84708ae1de6832834eb53ab6863 Reviewed-on: https://review.openstack.org/12373 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-09-05 17:17:53 +00:00
content => template('openstack_project/gerrit_patchset-created.erb'),
Cleanup openstack_project manifest lint errors. Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: https://review.openstack.org/15052 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-15 14:25:13 -08:00
replace => true,
require => Class['::gerrit'],
Gerrit Trivial Rebase Detection Adds trivial_rebase.py for bug 881184. * modules/openstack_project/files/gerrit/scripts/trivial_rebase.py: A modified version of the contrib/trivial_rebase.py included in upstream Gerrit's git tree (we'll try to get individual patches submitted upstream soon): git clone https://gerrit.googlesource.com/gerrit * modules/openstack_project/files/gerrit/patchset-created: Moved to modules/openstack_project/templates/gerrit_patchset-created.erb and added an entry for the trivial_rebase.py script with variables for its command-line options sourced from gerrit.pp and review{,_dev}.pp. * modules/openstack_project/manifests/gerrit.pp: Changed the file definition for /home/gerrit2/review_site/hooks/patchset-created to use a template, adding the ssh_host_key and trivial_rebase_role_id variables it requires. Added a file entry for trivial_rebase.py as well, since we're putting it in modules/openstack_project instead of modules/gerrit where the existing scripts reside (we'll eventually want to move all of modules/gerrit/files/scripts out of there at some point, but not now). * modules/openstack_project/manifests/review_dev.pp: Override the trivial_rebase_role_id variable to trivial-rebase@review-dev.o.o on review-dev. * modules/openstack_project/manifests/review.pp: Override the trivial_rebase_role_id variable to trivial-rebase@review.o.o on review. Change-Id: I941f15525c72b84708ae1de6832834eb53ab6863 Reviewed-on: https://review.openstack.org/12373 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-09-05 17:17:53 +00:00
}
Install and use the Gerrit welcome-message keypair Change-Id: I7c23112664e43713f8dfc4bd0e4b9aec46b71500
2014-01-31 21:49:09 +00:00
if $ssh_welcome_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_welcome_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_welcome_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_welcome_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
if ($projects_file != 'UNDEF') {
if ($replicate_local) {
Define local gerrit replication and cronjob only once We are moving this functionality to puppet module, so in order to avoid errors, define only these settings here if needed. Change-Id: Ie21642c75ec5f3ccd21528c094ff4d34970e5564
2015-08-07 17:38:10 +02:00
if (!defined(File[$local_git_dir])) {
file { $local_git_dir:
ensure => directory,
owner => 'gerrit2',
require => Class['::gerrit'],
}
cron { 'mirror_repack':
run git gc instead of repack for git repos Run git gc instead of repack on all repos. Testing[1] indicates that gc-ing reduces repo size and helps maintain better performance for apps that host the repos. remove git pack-refs because a git gc enables packRefs by default[2] [1] http://lists.openstack.org/pipermail/openstack-infra/2016-June/004403.html [2] https://git-scm.com/docs/git-gc Change-Id: I4e171b17a7b4107c992d0e3cc0e7bff3d9599526
2016-06-14 09:42:44 -07:00
ensure => absent,
Ensure git cronjob absent for correct user When removing a cron resource by setting it absent, it must continue to specify the user if it wasn't root (the default) since crontabs are per-user files. Change-Id: I34f45bf186ed1739b74c70a2bec444aed83ee8d5
2016-08-05 15:54:15 +00:00
user => 'gerrit2',
run git gc instead of repack for git repos Run git gc instead of repack on all repos. Testing[1] indicates that gc-ing reduces repo size and helps maintain better performance for apps that host the repos. remove git pack-refs because a git gc enables packRefs by default[2] [1] http://lists.openstack.org/pipermail/openstack-infra/2016-June/004403.html [2] https://git-scm.com/docs/git-gc Change-Id: I4e171b17a7b4107c992d0e3cc0e7bff3d9599526
2016-06-14 09:42:44 -07:00
}
cron { 'mirror_gitgc':
Define local gerrit replication and cronjob only once We are moving this functionality to puppet module, so in order to avoid errors, define only these settings here if needed. Change-Id: Ie21642c75ec5f3ccd21528c094ff4d34970e5564
2015-08-07 17:38:10 +02:00
user => 'gerrit2',
weekday => '0',
hour => '4',
minute => '7',
run git gc instead of repack for git repos Run git gc instead of repack on all repos. Testing[1] indicates that gc-ing reduces repo size and helps maintain better performance for apps that host the repos. remove git pack-refs because a git gc enables packRefs by default[2] [1] http://lists.openstack.org/pipermail/openstack-infra/2016-June/004403.html [2] https://git-scm.com/docs/git-gc Change-Id: I4e171b17a7b4107c992d0e3cc0e7bff3d9599526
2016-06-14 09:42:44 -07:00
command => "find ${local_git_dir} -type d -name \"*.git\" -print -exec git --git-dir=\"{}\" gc \\;",
Define local gerrit replication and cronjob only once We are moving this functionality to puppet module, so in order to avoid errors, define only these settings here if needed. Change-Id: Ie21642c75ec5f3ccd21528c094ff4d34970e5564
2015-08-07 17:38:10 +02:00
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
}
Repack git replicas. Change-Id: I7c328edac3ac407de0e9c89f841563cb754217f1 Reviewed-on: https://review.openstack.org/16990 Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-11-27 10:34:42 -08:00
}
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
}
file { '/home/gerrit2/projects.yaml':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0444',
Split config from projects list The projects list is a common list for devs to interact with. The config in the list is not, but the config in the list means the file needs to be in an erb template. Split the two concerns, similar to zuul. Put the config in a config file and the project data in a yaml file. Change-Id: I708b8655b4b1ce377f3b7369e987418c1d72d977
2013-12-13 11:06:28 -05:00
source => $projects_file,
replace => true,
require => Class['::gerrit'],
}
Ensure creation of jeepyb cache dir This path is used on jeepyb template, but it's not created by puppet. In initial deploys of gerrit, manage-projects complains about the absence of this directory. Change-Id: I384b61ed48d794818fa31437bfa4e106a149b70d
2015-08-07 17:07:31 +02:00
file { $jeepyb_cache_dir:
ensure => 'directory',
owner => 'gerrit2',
group => 'gerrit2',
mode => '0755',
}
Split config from projects list The projects list is a common list for devs to interact with. The config in the list is not, but the config in the list means the file needs to be in an erb template. Split the two concerns, similar to zuul. Put the config in a config file and the project data in a yaml file. Change-Id: I708b8655b4b1ce377f3b7369e987418c1d72d977
2013-12-13 11:06:28 -05:00
file { '/home/gerrit2/projects.ini':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0444',
content => template($projects_config),
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/acls':
ensure => directory,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0444',
recurse => true,
replace => true,
Use purge option where appropriate. * modules/jenkins/manifests/master.pp * modules/jenkins/manifests/slave.pp: Recursively purge the slave_scripts dir. This will remove old slave scripts. * modules/openstack_project/manifests/gerrit.pp: Recursively purge the gerrit ACLs dir. This will remove old and renamed ACL files. * modules/openstack_project/manifests/nodepool.pp: Recursively purge the nodepool scripts dir. This will remove old and renamed nodepool scripts. * modules/openstack_project/manifests/static.pp: Recursively purge the devstack log help files. This will remove old and renamed help files. Change-Id: If739b274075781dcd0d0836bca96dd1764c6ee19
2013-12-02 13:30:41 -08:00
purge => true,
Use force when purging * modules/asterisk/manifests/init.pp * modules/jenkins/manifests/master.pp * modules/jenkins/manifests/slave.pp * modules/openstack_project/manifests/gerrit.pp * modules/openstack_project/manifests/jenkins.pp * modules/openstack_project/manifests/nodepool.pp * modules/openstack_project/manifests/static.pp: When a directory is puppet-managed for content using recurse, replace and purge you also need force or empty subdirectories will fail to be removed. What's worse, subscribing to that directory will cause a refresh to be triggered for it on every agent run. Change-Id: I232d6ba98475522f391f469c194a4450c7a0b2e1
2013-12-05 18:38:04 +00:00
force => true,
Switch gerrit to project-config Change-Id: I3e7358b4bc64e494a5990c79d16fafc21f5ed6af
2014-09-19 15:38:45 -07:00
source => $acls_dir,
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
require => Class['::gerrit']
}
Revert "Revert "Revert "Stop running manage-projects""" Now that puppet is being driven centrally with sequencing, we can let it run manage-projects too. We still don't want the manage-projects cronjob run - so we'll want to add something else to do upstream tracking. This reverts commit aa84680c2a87e2b17b2884ed63a9ba74530cc843 Change-Id: I2fcc4165d49858df9ff2dc19613f992fb6b736f0
2014-04-14 17:59:48 +00:00
Switch review.o.o to testmode Also, cause testmode to disable manage-projects on gerrit servers. This will cause puppet to stop writing the replication config (but leave it in place on the production server) and also stop running manage-projects. This is so that we can spin up a new gerrit server without it immediately creating projects or replicating. Also, remove the gerrit::mysql module so we can replace it with a trove database. Again, the existing mysql databases should be untouched. Change-Id: I157993297ae8168064ef5b368d42dc93989aef21
2014-04-23 09:41:47 -07:00
if ($testmode == false) {
exec { 'manage_projects':
Call two jeepyb scripts with new logging Now that the jeepyb command line utility scripts have grown consistent logging, make use of it when we call register-zanata-projects and manage-projects. Change-Id: If6933b13ae57bf379dee7b13c5c37e93d54b7b54 Depends-On: Ibc85f8e3b47f9c7898ad4334511b44e91ecbd736
2015-08-14 14:33:20 +10:00
command => '/usr/local/bin/manage-projects -v -l /var/log/manage_projects.log',
Increase manage-projects timeout to 30 minutes The full manage-projects run is taking as much as 20 minutes now, leaving new project creation broken when it trips the timeout. Double it from 15 to 30 minutes for some added safety margin. Change-Id: Icc36aca2f7b949347ec891bba6cb533932428171
2016-01-22 21:28:01 +00:00
timeout => 1800, # 30 minutes
Switch review.o.o to testmode Also, cause testmode to disable manage-projects on gerrit servers. This will cause puppet to stop writing the replication config (but leave it in place on the production server) and also stop running manage-projects. This is so that we can spin up a new gerrit server without it immediately creating projects or replicating. Also, remove the gerrit::mysql module so we can replace it with a trove database. Again, the existing mysql databases should be untouched. Change-Id: I157993297ae8168064ef5b368d42dc93989aef21
2014-04-23 09:41:47 -07:00
subscribe => [
File['/home/gerrit2/projects.yaml'],
File['/home/gerrit2/acls'],
],
refreshonly => true,
logoutput => true,
require => [
File['/home/gerrit2/projects.yaml'],
File['/home/gerrit2/acls'],
Class['jeepyb'],
],
}
Run track-upstream in a cronjob After removing track-upstream from manage-projects, we need to run track-upstream regularly. Add an hourly cronjob that will take care of upstream tracking. Change-Id: I7f5cb770e2af65fc2db9626eb1c8f01c3f3a64f1 Depends-On: I454b1ba400dc86abcc9b939564eb4eb7c324308c
2017-02-14 08:03:40 -06:00
cron { 'track_upstream':
user => 'root',
hour => '*',
Add a minute argument to the track_upstream cron Change-Id: I88d5d01d5284f1c1f1b86c6f59a1a12fffddea22
2017-03-23 14:07:17 -05:00
minute => '42',
Run track-upstream in a cronjob After removing track-upstream from manage-projects, we need to run track-upstream regularly. Add an hourly cronjob that will take care of upstream tracking. Change-Id: I7f5cb770e2af65fc2db9626eb1c8f01c3f3a64f1 Depends-On: I454b1ba400dc86abcc9b939564eb4eb7c324308c
2017-02-14 08:03:40 -06:00
command => '/usr/local/bin/track-upstream -v -l /var/log/track_upstream.log',
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
require => [
File['/home/gerrit2/projects.yaml'],
Class['jeepyb'],
],
}
Add logging to manage-projects calls Sometimes there is a need to debug why a project is not being created or ACLs are not properly refreshed. The way we call manage-projects leaves no trace of debug messages to inspect failures. Add a -v flag to the manage-projects calls to display verbose output, and send logging to a custom logfile Change-Id: I389bd2b128a82a745f6946cbe87c22aa208c161c
2014-07-31 14:01:54 +02:00
include logrotate
logrotate::file { 'manage_projects.log':
log => '/var/log/manage_projects.log',
options => [
'compress',
'missingok',
'rotate 30',
'daily',
'notifempty',
'copytruncate',
],
require => Exec['manage_projects'],
}
Logrotate track upstream logs There is currently a single 3.6GB track_upstream.log logfile on review.o.o. It has data from March 2017 through to today (October 2017). Lets rotate this logfile and keep 30 days worth of logs to reduce its impact on the local filesystem. Change-Id: Id80ab28b3c7dc9881ac28f55fa07aa539a11787d
2017-10-18 14:16:01 -07:00
logrotate::file { 'track_upstream.log':
log => '/var/log/track_upstream.log',
options => [
'compress',
'missingok',
'rotate 30',
'daily',
'notifempty',
'copytruncate',
],
require => Cron['track_upstream'],
}
Revert "Revert "Revert "Stop running manage-projects""" Now that puppet is being driven centrally with sequencing, we can let it run manage-projects too. We still don't want the manage-projects cronjob run - so we'll want to add something else to do upstream tracking. This reverts commit aa84680c2a87e2b17b2884ed63a9ba74530cc843 Change-Id: I2fcc4165d49858df9ff2dc19613f992fb6b736f0
2014-04-14 17:59:48 +00:00
}
Attempt to more fully manage project creation. Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-11-04 22:20:36 +01:00
}
Implement Gerrit CLA and Contact Store. This change fixes bug 1082754 and builds on the following prior work, which set up the underlying mechanisms and implemented them on review-dev: - https://review.openstack.org/12716 - https://review.openstack.org/13058 - https://review.openstack.org/13378 - https://review.openstack.org/13392 - https://review.openstack.org/13402 - https://review.openstack.org/13592 - https://review.openstack.org/14319 - https://review.openstack.org/14493 - https://review.openstack.org/16468 * manifests/site.pp(review.openstack.org): Add gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables similar to those used for review-dev.openstack.org. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Move the cla_description, cla_file, cla_id and cla_name variables here, since they'll be used by both review and review-dev servers. Same goes for the set_agreements.sh file block and set_contributor_agreements exec block. Also stop loading the launchpad_sync module and make sure the sync_launchpad_users cron job is removed from the server. * modules/openstack_project/manifests/review.pp (openstack_project::review): Add the contactstore_appsec and contactstore_pubkey variables being from from hiera. Update the .war file to one with "Hack out some CLA bits" reverted. Turn on contactstore, pass the contactstore_appsec and contactstore_pubkey variables through, and set the production contactstore_url. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Remove the definitions for cla_description, cla_file, cla_id and cla_name, along with the set_agreements.sh file block and set_contributor_agreements exec block since they're all in gerrit.pp now. Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6 Reviewed-on: https://review.openstack.org/14099 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-10-05 15:44:11 +00:00
file { '/home/gerrit2/review_site/bin/set_agreements.sh':
Remove gerrit_set_agreements The script was here for transition purposes, which are long-since past. However, puppet runs it on every run. It's not hurting anything, except for bunny rabbits. Change-Id: I651cbf29b2bf137d470f4a29775622fea4e58835
2014-04-18 18:34:04 -07:00
ensure => absent,
Implement Gerrit CLA and Contact Store. This change fixes bug 1082754 and builds on the following prior work, which set up the underlying mechanisms and implemented them on review-dev: - https://review.openstack.org/12716 - https://review.openstack.org/13058 - https://review.openstack.org/13378 - https://review.openstack.org/13392 - https://review.openstack.org/13402 - https://review.openstack.org/13592 - https://review.openstack.org/14319 - https://review.openstack.org/14493 - https://review.openstack.org/16468 * manifests/site.pp(review.openstack.org): Add gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables similar to those used for review-dev.openstack.org. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Move the cla_description, cla_file, cla_id and cla_name variables here, since they'll be used by both review and review-dev servers. Same goes for the set_agreements.sh file block and set_contributor_agreements exec block. Also stop loading the launchpad_sync module and make sure the sync_launchpad_users cron job is removed from the server. * modules/openstack_project/manifests/review.pp (openstack_project::review): Add the contactstore_appsec and contactstore_pubkey variables being from from hiera. Update the .war file to one with "Hack out some CLA bits" reverted. Turn on contactstore, pass the contactstore_appsec and contactstore_pubkey variables through, and set the production contactstore_url. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Remove the definitions for cla_description, cla_file, cla_id and cla_name, along with the set_agreements.sh file block and set_contributor_agreements exec block since they're all in gerrit.pp now. Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6 Reviewed-on: https://review.openstack.org/14099 Reviewed-by: James E. Blair <corvus@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Approved: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Tested-by: Jenkins
2012-10-05 15:44:11 +00:00
}
Make an OpenStack Gerrit base class. Change-Id: Ib16ff355199d330a74aaef384a11628b649f06ec
2012-07-20 19:51:44 -07:00
}
Copy Permalink