Add review2 node.

To bootstrap a new gerrit server. Also, make the consumer_key field in the lp creds file templated and use a value from hiera so that dev/prod can share the template. Change-Id: Ie14e560beae4f4c270e558c24a67096a1c4a7d32 Reviewed-on: https://review.openstack.org/14369 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Reviewed-by: Clark Boylan <clark.boylan@gmail.com> Approved: James E. Blair <corvus@inaugust.com> Tested-by: Jenkins
2012-10-11 16:55:07 -07:00 · 2012-10-11 16:55:07 -07:00 · e59caeddc5
commit e59caeddc5
parent 8a77c1bd24
4 changed files with 86 additions and 20 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -25,11 +25,40 @@ node 'review.openstack.org' {
    ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
    ssh_rsa_key_contents    => hiera('gerrit_ssh_rsa_key_contents'),
    ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
+    lp_sync_key             => hiera('gerrit_lp_sync_key'),
+    lp_sync_pubkey          => hiera('gerrit_lp_sync_pubkey'),
+    lp_sync_consumer_key    => hiera('gerrit_lp_consumer_key'),
+    lp_sync_token           => hiera('gerrit_lp_access_token'),
+    lp_sync_secret          => hiera('gerrit_lp_access_secret'),
    sysadmins               => hiera('sysadmins'),
  }
 }

-node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' {
+node 'review2.openstack.org' {
+  class { 'openstack_project::review':
+    github_oauth_token      => hiera('gerrit_github_token'),
+    mysql_password          => hiera('gerrit_mysql_password'),
+    mysql_root_password     => hiera('gerrit_mysql_root_password'),
+    email_private_key       => hiera('gerrit_email_private_key'),
+    gerritbot_password      => hiera('gerrit_gerritbot_password'),
+    ssl_cert_file_contents  => hiera('gerrit_ssl_cert_file_contents'),
+    ssl_key_file_contents   => hiera('gerrit_ssl_key_file_contents'),
+    ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'),
+    ssh_dsa_key_contents    => hiera('gerrit_ssh_dsa_key_contents'),
+    ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
+    ssh_rsa_key_contents    => hiera('gerrit_ssh_rsa_key_contents'),
+    ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
+    lp_sync_key             => hiera('gerrit_lp_sync_key'),
+    lp_sync_pubkey          => hiera('gerrit_lp_sync_pubkey'),
+    lp_sync_consumer_key    => hiera('gerrit_lp_consumer_key'),
+    lp_sync_token           => hiera('gerrit_lp_access_token'),
+    lp_sync_secret          => hiera('gerrit_lp_access_secret'),
+    replicate_github        => false,
+    sysadmins               => hiera('safesysadmins'),
+  }
+}
+
+node 'review-dev.openstack.org' {
  class { 'openstack_project::review_dev':
    github_oauth_token      => hiera('gerrit_dev_github_token'),
    mysql_password          => hiera('gerrit_dev_mysql_password'),
@ -43,29 +72,13 @@ node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' {
    ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
    lp_sync_key             => hiera('gerrit_dev_lp_sync_key'),
    lp_sync_pubkey          => hiera('gerrit_dev_lp_sync_pubkey'),
+    lp_sync_consumer_key    => hiera('gerrit_dev_lp_consumer_key'),
    lp_sync_token           => hiera('gerrit_dev_lp_access_token'),
    lp_sync_secret          => hiera('gerrit_dev_lp_access_secret'),
    sysadmins               => hiera('sysadmins'),
  }
 }

-node 'review-dev2.openstack.org' {
-  class { 'openstack_project::review_dev':
-    github_oauth_token  => hiera('gerrit_dev_github_token'),
-    mysql_password      => hiera('gerrit_dev_mysql_password'),
-    mysql_root_password => hiera('gerrit_dev_mysql_root_password'),
-    email_private_key   => hiera('gerrit_dev_email_private_key'),
-    contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'),
-    contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'),
-    lp_sync_key         => hiera('gerrit_dev_lp_sync_key'),
-    lp_sync_pubkey      => hiera('gerrit_dev_lp_sync_pubkey'),
-    lp_sync_token       => hiera('gerrit_dev_lp_access_token'),
-    lp_sync_secret      => hiera('gerrit_dev_lp_access_secret'),
-    replicate_github    => false,
-    sysadmins           => hiera('sysadmins'),
-  }
-}
-
 node 'jenkins.openstack.org' {
  class { 'openstack_project::jenkins':
    jenkins_jobs_password   => hiera('jenkins_jobs_password'),
--- a/modules/openstack_project/manifests/review.pp
+++ b/modules/openstack_project/manifests/review.pp
@ -37,6 +37,12 @@ class openstack_project::review (
  $ssh_dsa_pubkey_contents='',
  $ssh_rsa_key_contents='',
  $ssh_rsa_pubkey_contents='',
+  $lp_sync_key='', # If left empty puppet will not create file.
+  $lp_sync_pubkey='', # If left empty puppet will not create file.
+  $lp_sync_consumer_key='',
+  $lp_sync_token='',
+  $lp_sync_secret='',
+  $replicate_github=true,
  $sysadmins = []
 ) {
  class { 'openstack_project::gerrit':
@ -69,6 +75,7 @@ class openstack_project::review (
    mysql_root_password      => $mysql_root_password,
    trivial_rebase_role_id   => 'trivial-rebase@review.openstack.org',
    email_private_key        => $email_private_key,
+    replicate_github         => $replicate_github,
    sysadmins                => $sysadmins
  }
  class { 'gerritbot':
@ -95,4 +102,49 @@ class openstack_project::review (
    source => 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
    require => User['gerrit2']
  }
+  file { '/home/gerrit2/.ssh':
+    ensure  => directory,
+    owner   => 'gerrit2',
+    group   => 'gerrit2',
+    mode    => '0700',
+    require => User['gerrit2'],
+  }
+  if $lp_sync_key != '' {
+    file { '/home/gerrit2/.ssh/launchpadsync_rsa':
+      ensure  => present,
+      owner   => 'gerrit2',
+      group   => 'gerrit2',
+      mode    => '0600',
+      content => $lp_sync_key,
+      replace => true,
+      require => User['gerrit2'],
+    }
+  }
+  if $lp_sync_pubkey != '' {
+    file { '/home/gerrit2/.ssh/launchpadsync_rsa.pub':
+      ensure  => present,
+      owner   => 'gerrit2',
+      group   => 'gerrit2',
+      mode    => '0644',
+      content => $lp_sync_pubkey,
+      replace => true,
+      require => User['gerrit2'],
+    }
+  }
+  file { '/home/gerrit2/.launchpadlib':
+    ensure  => directory,
+    owner   => 'gerrit2',
+    group   => 'gerrit2',
+    mode    => '0775',
+    require => User['gerrit2'],
+  }
+  file { '/home/gerrit2/.launchpadlib/creds':
+    ensure  => present,
+    owner   => 'gerrit2',
+    group   => 'gerrit2',
+    mode    => '0600',
+    content => template('openstack_project/gerrit_lp_creds.erb'),
+    replace => true,
+    require => User['gerrit2'],
+  }
 }
--- a/modules/openstack_project/manifests/review_dev.pp
+++ b/modules/openstack_project/manifests/review_dev.pp
@ -15,6 +15,7 @@ class openstack_project::review_dev (
  $cla_name='ICLA',
  $lp_sync_key='', # If left empty puppet will not create file.
  $lp_sync_pubkey='', # If left empty puppet will not create file.
+  $lp_sync_consumer_key='',
  $lp_sync_token='',
  $lp_sync_secret='',
  $replicate_github=true,
@ -115,7 +116,7 @@ class openstack_project::review_dev (
    owner   => 'gerrit2',
    group   => 'gerrit2',
    mode    => '0600',
-    content => template('openstack_project/gerrit_dev_lp_creds.erb'),
+    content => template('openstack_project/gerrit_lp_creds.erb'),
    replace => true,
    require => User['gerrit2'],
  }
--- a/modules/openstack_project/templates/gerrit_dev_lp_creds.erb
+++ b/modules/openstack_project/templates/gerrit_dev_lp_creds.erb
@ -1,5 +1,5 @@
 [1]
-consumer_key = System-wide: Ubuntu (gerrit-dev.openstack.org)
+consumer_key = <%= lp_sync_consumer_key %>
 consumer_secret =
 access_token = <%= lp_sync_token %>
 access_secret = <%= lp_sync_secret %>