From e59caeddc506465074a45cbfce0e8974161b9d24 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Thu, 11 Oct 2012 16:55:07 -0700 Subject: [PATCH] Add review2 node. To bootstrap a new gerrit server. Also, make the consumer_key field in the lp creds file templated and use a value from hiera so that dev/prod can share the template. Change-Id: Ie14e560beae4f4c270e558c24a67096a1c4a7d32 Reviewed-on: https://review.openstack.org/14369 Reviewed-by: Jeremy Stanley Reviewed-by: Clark Boylan Approved: James E. Blair Tested-by: Jenkins --- manifests/site.pp | 49 ++++++++++------- modules/openstack_project/manifests/review.pp | 52 +++++++++++++++++++ .../openstack_project/manifests/review_dev.pp | 3 +- ...t_dev_lp_creds.erb => gerrit_lp_creds.erb} | 2 +- 4 files changed, 86 insertions(+), 20 deletions(-) rename modules/openstack_project/templates/{gerrit_dev_lp_creds.erb => gerrit_lp_creds.erb} (61%) diff --git a/manifests/site.pp b/manifests/site.pp index 7043473534..a705b293ec 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -25,11 +25,40 @@ node 'review.openstack.org' { ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'), ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'), ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'), + lp_sync_key => hiera('gerrit_lp_sync_key'), + lp_sync_pubkey => hiera('gerrit_lp_sync_pubkey'), + lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'), + lp_sync_token => hiera('gerrit_lp_access_token'), + lp_sync_secret => hiera('gerrit_lp_access_secret'), sysadmins => hiera('sysadmins'), } } -node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' { +node 'review2.openstack.org' { + class { 'openstack_project::review': + github_oauth_token => hiera('gerrit_github_token'), + mysql_password => hiera('gerrit_mysql_password'), + mysql_root_password => hiera('gerrit_mysql_root_password'), + email_private_key => hiera('gerrit_email_private_key'), + gerritbot_password => hiera('gerrit_gerritbot_password'), + ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'), + ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'), + ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'), + ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'), + ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'), + ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'), + ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'), + lp_sync_key => hiera('gerrit_lp_sync_key'), + lp_sync_pubkey => hiera('gerrit_lp_sync_pubkey'), + lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'), + lp_sync_token => hiera('gerrit_lp_access_token'), + lp_sync_secret => hiera('gerrit_lp_access_secret'), + replicate_github => false, + sysadmins => hiera('safesysadmins'), + } +} + +node 'review-dev.openstack.org' { class { 'openstack_project::review_dev': github_oauth_token => hiera('gerrit_dev_github_token'), mysql_password => hiera('gerrit_dev_mysql_password'), @@ -43,29 +72,13 @@ node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' { ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'), lp_sync_key => hiera('gerrit_dev_lp_sync_key'), lp_sync_pubkey => hiera('gerrit_dev_lp_sync_pubkey'), + lp_sync_consumer_key => hiera('gerrit_dev_lp_consumer_key'), lp_sync_token => hiera('gerrit_dev_lp_access_token'), lp_sync_secret => hiera('gerrit_dev_lp_access_secret'), sysadmins => hiera('sysadmins'), } } -node 'review-dev2.openstack.org' { - class { 'openstack_project::review_dev': - github_oauth_token => hiera('gerrit_dev_github_token'), - mysql_password => hiera('gerrit_dev_mysql_password'), - mysql_root_password => hiera('gerrit_dev_mysql_root_password'), - email_private_key => hiera('gerrit_dev_email_private_key'), - contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'), - contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'), - lp_sync_key => hiera('gerrit_dev_lp_sync_key'), - lp_sync_pubkey => hiera('gerrit_dev_lp_sync_pubkey'), - lp_sync_token => hiera('gerrit_dev_lp_access_token'), - lp_sync_secret => hiera('gerrit_dev_lp_access_secret'), - replicate_github => false, - sysadmins => hiera('sysadmins'), - } -} - node 'jenkins.openstack.org' { class { 'openstack_project::jenkins': jenkins_jobs_password => hiera('jenkins_jobs_password'), diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp index 0948324904..33d8322026 100644 --- a/modules/openstack_project/manifests/review.pp +++ b/modules/openstack_project/manifests/review.pp @@ -37,6 +37,12 @@ class openstack_project::review ( $ssh_dsa_pubkey_contents='', $ssh_rsa_key_contents='', $ssh_rsa_pubkey_contents='', + $lp_sync_key='', # If left empty puppet will not create file. + $lp_sync_pubkey='', # If left empty puppet will not create file. + $lp_sync_consumer_key='', + $lp_sync_token='', + $lp_sync_secret='', + $replicate_github=true, $sysadmins = [] ) { class { 'openstack_project::gerrit': @@ -69,6 +75,7 @@ class openstack_project::review ( mysql_root_password => $mysql_root_password, trivial_rebase_role_id => 'trivial-rebase@review.openstack.org', email_private_key => $email_private_key, + replicate_github => $replicate_github, sysadmins => $sysadmins } class { 'gerritbot': @@ -95,4 +102,49 @@ class openstack_project::review ( source => 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf', require => User['gerrit2'] } + file { '/home/gerrit2/.ssh': + ensure => directory, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0700', + require => User['gerrit2'], + } + if $lp_sync_key != '' { + file { '/home/gerrit2/.ssh/launchpadsync_rsa': + ensure => present, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0600', + content => $lp_sync_key, + replace => true, + require => User['gerrit2'], + } + } + if $lp_sync_pubkey != '' { + file { '/home/gerrit2/.ssh/launchpadsync_rsa.pub': + ensure => present, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0644', + content => $lp_sync_pubkey, + replace => true, + require => User['gerrit2'], + } + } + file { '/home/gerrit2/.launchpadlib': + ensure => directory, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0775', + require => User['gerrit2'], + } + file { '/home/gerrit2/.launchpadlib/creds': + ensure => present, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0600', + content => template('openstack_project/gerrit_lp_creds.erb'), + replace => true, + require => User['gerrit2'], + } } diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp index 5fd32690d4..341df2dbf3 100644 --- a/modules/openstack_project/manifests/review_dev.pp +++ b/modules/openstack_project/manifests/review_dev.pp @@ -15,6 +15,7 @@ class openstack_project::review_dev ( $cla_name='ICLA', $lp_sync_key='', # If left empty puppet will not create file. $lp_sync_pubkey='', # If left empty puppet will not create file. + $lp_sync_consumer_key='', $lp_sync_token='', $lp_sync_secret='', $replicate_github=true, @@ -115,7 +116,7 @@ class openstack_project::review_dev ( owner => 'gerrit2', group => 'gerrit2', mode => '0600', - content => template('openstack_project/gerrit_dev_lp_creds.erb'), + content => template('openstack_project/gerrit_lp_creds.erb'), replace => true, require => User['gerrit2'], } diff --git a/modules/openstack_project/templates/gerrit_dev_lp_creds.erb b/modules/openstack_project/templates/gerrit_lp_creds.erb similarity index 61% rename from modules/openstack_project/templates/gerrit_dev_lp_creds.erb rename to modules/openstack_project/templates/gerrit_lp_creds.erb index 42271514a2..bc996973aa 100644 --- a/modules/openstack_project/templates/gerrit_dev_lp_creds.erb +++ b/modules/openstack_project/templates/gerrit_lp_creds.erb @@ -1,5 +1,5 @@ [1] -consumer_key = System-wide: Ubuntu (gerrit-dev.openstack.org) +consumer_key = <%= lp_sync_consumer_key %> consumer_secret = access_token = <%= lp_sync_token %> access_secret = <%= lp_sync_secret %>