opendev
/
system-config
Code Issues Proposed changes

Cleanup openstack_project manifest lint errors. 

Now with extra unwrap!

Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a
Reviewed-on: https://review.openstack.org/15052
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
This commit is contained in:
Matthew Wagoner 2012-11-15 14:25:13 -08:00 committed by Jenkins
parent 16922d9325
commit f31a426c65
28 changed files with 478 additions and 403 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/openstack_project/manifests/backup_server.pp
View File

@ -1,5 +1,7 @@
# == Class: openstack_project::backup_server
#
class openstack_project::backup_server {
class { 'openstack_project::template':
iptables_public_tcp_ports => []
iptables_public_tcp_ports => [],
}
}

18
modules/openstack_project/manifests/base.pp
View File

@ -1,3 +1,5 @@
# == Class: openstack_project::base
#
class openstack_project::base(
$certname = $::fqdn,
$install_users = true
@ -7,18 +9,18 @@ class openstack_project::base(
include sudoers
file { '/etc/profile.d/Z98-byobu.sh':
ensure => 'absent'
ensure => absent,
}
package { 'popularity-contest':
ensure => purged
ensure => purged,
}
if ($::lsbdistcodename == 'oneiric') {
apt::ppa { 'ppa:git-core/ppa': }
package { 'git':
ensure => latest,
require => Apt::Ppa['ppa:git-core/ppa']
require => Apt::Ppa['ppa:git-core/ppa'],
}
} else {
package { 'git':
@ -33,19 +35,19 @@ class openstack_project::base(
]
package { $packages:
ensure => 'present'
ensure => present,
}
include pip
package { 'virtualenv':
ensure => latest,
ensure => latest,
provider => pip,
require => Class[pip]
require => Class['pip'],
}
if ($install_users) {
package { ['byobu', 'emacs23-nox']:
ensure => 'present'
ensure => present,
}
realize (
@ -76,7 +78,7 @@ class openstack_project::base(
}
file { '/etc/puppet/puppet.conf':
ensure => 'present',
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',

4
modules/openstack_project/manifests/dashboard.pp
View File

@ -1,6 +1,6 @@
class openstack_project::dashboard(
$password,
$mysql_password,
$password = '',
$mysql_password = '',
$sysadmins = []
) {

2
modules/openstack_project/manifests/eavesdrop.pp
View File

@ -1,5 +1,5 @@
class openstack_project::eavesdrop (
$nickpass,
$nickpass = '',
$sysadmins = []
) {
class { 'openstack_project::server':

2
modules/openstack_project/manifests/etherpad.pp
View File

@ -2,7 +2,7 @@ class openstack_project::etherpad (
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$database_password,
$database_password = '',
$sysadmins = []
) {
class { 'openstack_project::server':

6
modules/openstack_project/manifests/etherpad_dev.pp
View File

@ -1,5 +1,5 @@
class openstack_project::etherpad_dev (
$database_password,
$database_password = '',
$sysadmins = []
) {
class { 'openstack_project::server':
@ -21,8 +21,8 @@ class openstack_project::etherpad_dev (
include etherpad_lite::backup
class { 'etherpad_lite::apache':
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
}

231
modules/openstack_project/manifests/gerrit.pp
View File

@ -1,63 +1,65 @@
# == Class: openstack_project::gerrit
#
# A wrapper class around the main gerrit class that sets gerrit
# up for launchpad single sign on, bug/blueprint links and user
# import and sync
# TODO: launchpadlib creds for user sync script
class openstack_project::gerrit (
$vhost_name=$fqdn,
$canonicalweburl="https://$fqdn/",
$serveradmin='webmaster@openstack.org',
$ssh_host_key='/home/gerrit2/review_site/etc/ssh_host_rsa_key',
$ssh_project_key='/home/gerrit2/review_site/etc/ssh_project_rsa_key',
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file='',
$ssl_cert_file_contents='',
$ssl_key_file_contents='',
$ssl_chain_file_contents='',
$ssh_dsa_key_contents='', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_project_rsa_pubkey_contents='', # If left empty puppet will not create file.
$email='',
$database_poollimit='',
$container_heaplimit='',
$core_packedgitopenfiles='',
$core_packedgitlimit='',
$core_packedgitwindowsize='',
$sshd_threads='',
$httpd_acceptorthreads='',
$httpd_minthreads='',
$httpd_maxthreads='',
$httpd_maxwait='',
$war,
$contactstore=false,
$contactstore_appsec='',
$contactstore_pubkey='',
$contactstore_url='',
$script_user='update',
$script_key_file='/home/gerrit2/.ssh/id_rsa',
$script_logging_conf='/home/gerrit2/.sync_logging.conf',
$projects_file='UNDEF',
$github_username,
$github_oauth_token,
$github_project_username,
$github_project_password,
$mysql_password,
$mysql_root_password,
$trivial_rebase_role_id,
$email_private_key,
$replicate_github=true,
$replicate_local=true,
$local_git_dir='/var/lib/git',
$testmode=false,
$sysadmins=[]
$vhost_name = $::fqdn,
$canonicalweburl = "https://${::fqdn}/",
$serveradmin = 'webmaster@openstack.org',
$ssh_host_key = '/home/gerrit2/review_site/etc/ssh_host_rsa_key',
$ssh_project_key = '/home/gerrit2/review_site/etc/ssh_project_rsa_key',
$ssl_cert_file = '',
$ssl_key_file = '',
$ssl_chain_file = '',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$ssh_dsa_key_contents = '', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_rsa_key_contents = '', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents = '', # If left empty will not create file.
$ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
$email = '',
$database_poollimit = '',
$container_heaplimit = '',
$core_packedgitopenfiles = '',
$core_packedgitlimit = '',
$core_packedgitwindowsize = '',
$sshd_threads = '',
$httpd_acceptorthreads = '',
$httpd_minthreads = '',
$httpd_maxthreads = '',
$httpd_maxwait = '',
$war = '',
$contactstore = false,
$contactstore_appsec = '',
$contactstore_pubkey = '',
$contactstore_url = '',
$script_user = 'update',
$script_key_file = '/home/gerrit2/.ssh/id_rsa',
$script_logging_conf = '/home/gerrit2/.sync_logging.conf',
$projects_file = 'UNDEF',
$github_username = '',
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_password = '',
$mysql_root_password = '',
$trivial_rebase_role_id = '',
$email_private_key = '',
$replicate_github = true,
$replicate_local = true,
$local_git_dir = '/var/lib/git',
$testmode = false,
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 29418],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
class { '::gerrit':
@ -80,7 +82,7 @@ class openstack_project::gerrit (
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => $email,
openidssourl => "https://login.launchpad.net/+openid",
openidssourl => 'https://login.launchpad.net/+openid',
database_poollimit => $database_poollimit,
container_heaplimit => $container_heaplimit,
core_packedgitopenfiles => $core_packedgitopenfiles,
@ -91,19 +93,23 @@ class openstack_project::gerrit (
httpd_minthreads => $httpd_minthreads,
httpd_maxthreads => $httpd_maxthreads,
httpd_maxwait => $httpd_maxwait,
commentlinks => [{ name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z'
},
{ name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => 'https://code.launchpad.net/bugs/$2'
},
{ name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2'
},
],
commentlinks => [
{
name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z',
},
{
name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => 'https://code.launchpad.net/bugs/$2',
},
{
name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2',
},
],
war => $war,
contactstore => $contactstore,
contactstore_appsec => $contactstore_appsec,
@ -131,91 +137,92 @@ class openstack_project::gerrit (
}
file { '/home/gerrit2/review_site/static/echosign-cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html',
replace => 'true',
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html',
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
replace => 'true',
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/title.png':
ensure => 'present',
source => "puppet:///modules/openstack_project/openstack.png",
ensure => present,
source => 'puppet:///modules/openstack_project/openstack.png',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/openstack-page-bkg.jpg':
ensure => 'present',
source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg',
ensure => present,
source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/etc/GerritSite.css':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
ensure => present,
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
ensure => present,
source =>
'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
require => Class['::gerrit'],
}
cron { "gerritsyncusers":
cron { 'gerritsyncusers':
ensure => absent,
}
class { "launchpad_sync":
user => "gerrit2",
script_user => $script_user,
script_key_file => $script_key_file,
class { 'launchpad_sync':
user => 'gerrit2',
script_user => $script_user,
script_key_file => $script_key_file,
script_logging_conf => $script_logging_conf,
site => "openstack",
root_team => "openstack",
site => 'openstack',
root_team => 'openstack',
}
file { '/home/gerrit2/review_site/hooks/change-merged':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
replace => 'true',
require => Class['::gerrit']
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/hooks/patchset-created':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
content => template('openstack_project/gerrit_patchset-created.erb'),
replace => 'true',
require => Class['::gerrit']
replace => true,
require => Class['::gerrit'],
}
file { '/usr/local/gerrit/scripts/trivial_rebase.py':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source =>
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source =>
'puppet:///modules/openstack_project/gerrit/scripts/trivial_rebase.py',
replace => 'true',
require => Class['::gerrit']
replace => true,
require => Class['::gerrit'],
}
if ($projects_file != 'UNDEF') {

51
modules/openstack_project/manifests/glancetest.pp
View File

@ -1,41 +1,42 @@
# == Class: openstack_project::glancetest
#
class openstack_project::glancetest(
$s3_store_host="s3.amazonaws.com",
$s3_store_access_key,
$s3_store_secret_key,
$s3_store_bucket,
$swift_store_auth_address="auth.api.rackspacecloud.com/v1.0/",
$swift_store_user,
$swift_store_key,
$swift_store_container,
) {
$s3_store_access_key = '',
$s3_store_secret_key = '',
$s3_store_bucket = '',
$swift_store_user = '',
$swift_store_key = '',
$swift_store_container = '',
$s3_store_host = 's3.amazonaws.com',
$swift_store_auth_address = 'auth.api.rackspacecloud.com/v1.0/'
) {
file { 'jenkinsglanceconfigdir':
name => '/home/jenkins/.config/glance',
owner => 'jenkins',
group => 'jenkins',
mode => 700,
ensure => 'directory',
ensure => directory,
name => '/home/jenkins/.config/glance',
owner => 'jenkins',
group => 'jenkins',
mode => '0700',
require => Class['::jenkins::jenkinsuser'],
}
file { 'glances3conf':
name => '/home/jenkins/.config/glance/s3.conf',
owner => 'jenkins',
group => 'jenkins',
mode => 400,
ensure => 'present',
ensure => present,
name => '/home/jenkins/.config/glance/s3.conf',
owner => 'jenkins',
group => 'jenkins',
mode => '0400',
require => File['jenkinsglanceconfigdir'],
content => template('openstack_project/glance_s3.conf.erb'),
}
file { 'glanceswiftconf':
name => '/home/jenkins/.config/glance/swift.conf',
owner => 'jenkins',
group => 'jenkins',
mode => 400,
ensure => 'present',
ensure => present,
name => '/home/jenkins/.config/glance/swift.conf',
owner => 'jenkins',
group => 'jenkins',
mode => '0400',
require => File['jenkinsglanceconfigdir'],
content => template('openstack_project/glance_swift.conf.erb'),
}
}

2
modules/openstack_project/manifests/init.pp
View File

@ -1,3 +1,5 @@
# == Class: openstack_project
#
class openstack_project {
$jenkins_ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson\n"

9
modules/openstack_project/manifests/jenkins.pp
View File

@ -1,10 +1,12 @@
# == Class: openstack_project::jenkins
#
class openstack_project::jenkins (
$jenkins_jobs_password,
$jenkins_jobs_password = '',
$manage_jenkins_jobs = true,
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$sysadmins = [],
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155],
@ -37,7 +39,8 @@ class openstack_project::jenkins (
group => 'root',
mode => '0755',
recurse => true,
source => 'puppet:///modules/openstack_project/jenkins_job_builder/config',
source =>
'puppet:///modules/openstack_project/jenkins_job_builder/config',
notify => Exec['jenkins_jobs_update'],
}

18
modules/openstack_project/manifests/jenkins_dev.pp
View File

@ -1,21 +1,23 @@
# == Class: openstack_project::jenkins_dev
#
class openstack_project::jenkins_dev (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
include bup
bup::site { 'rs-ord':
backup_user => 'bup-jenkins-dev',
backup_server => 'ci-backup-rs-ord.openstack.org'
backup_user => 'bup-jenkins-dev',
backup_server => 'ci-backup-rs-ord.openstack.org',
}
class { '::jenkins::master':
vhost_name => 'jenkins-dev.openstack.org',
serveradmin => 'webmaster@openstack.org',
logo => 'openstack.png',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
vhost_name => 'jenkins-dev.openstack.org',
serveradmin => 'webmaster@openstack.org',
logo => 'openstack.png',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
}
}

14
modules/openstack_project/manifests/lists.pp
View File

@ -1,22 +1,24 @@
class openstack_project::lists($listadmins) {
# == Class: openstack_project::lists
#
class openstack_project::lists($listadmins = '') {
# Using openstack_project::template instead of openstack_project::server
# because the exim config on this machine is almost certainly
# going to be more complicated than normal.
class { 'openstack_project::template':
iptables_public_tcp_ports => [25, 80, 465]
iptables_public_tcp_ports => [25, 80, 465],
}
class { 'exim':
sysadmin => $listadmins,
sysadmin => $listadmins,
mailman_domains => ['lists.openstack.org'],
}
class { 'mailman':
vhost_name => 'lists.openstack.org'
vhost_name => 'lists.openstack.org',
}
realize (
User::Virtual::Localuser["oubiwann"],
User::Virtual::Localuser["smaffulli"],
User::Virtual::Localuser['oubiwann'],
User::Virtual::Localuser['smaffulli'],
)
}

14
modules/openstack_project/manifests/paste.pp
View File

@ -1,17 +1,19 @@
# == Class: openstack_project::paste
#
class openstack_project::paste (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
include lodgeit
lodgeit::site { "openstack":
port => "5000",
image => "header-bg2.png"
lodgeit::site { 'openstack':
port => '5000',
image => 'header-bg2.png',
}
lodgeit::site { "drizzle":
port => "5001"
lodgeit::site { 'drizzle':
port => '5001',
}
}

8
modules/openstack_project/manifests/planet.pp
View File

@ -1,13 +1,15 @@
# == Class: openstack_project::planet
#
class openstack_project::planet (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
include ::planet
planet::site { "openstack":
git_url => "https://github.com/openstack/openstack-planet.git"
planet::site { 'openstack':
git_url => 'https://github.com/openstack/openstack-planet.git',
}
}

31
modules/openstack_project/manifests/puppet_cron.pp
View File

@ -1,20 +1,29 @@
class openstack_project::puppet_cron($ensure=present) {
# == Class: openstack_project::puppet_cron
#
class openstack_project::puppet_cron($ensure = present)
{
include logrotate
class { 'puppetboot':
ensure => $ensure
}
cron { "updatepuppet":
ensure => $ensure,
user => root,
minute => "*/15",
command => 'apt-get update >/dev/null 2>&1 ; sleep $((RANDOM\%600)) && puppet agent --test >>/var/log/manifest.log',
environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin",
}
cron { 'updatepuppet':
ensure => $ensure,
user => 'root',
minute => '*/15',
command => 'apt-get update >/dev/null 2>&1 ; sleep $((RANDOM\%600)) && puppet agent --test >>/var/log/manifest.log',
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
}
logrotate::file { 'updatepuppet':
ensure => $ensure,
log => '/var/log/manifest.log',
options => ['compress', 'delaycompress', 'missingok', 'rotate 7', 'daily', 'notifempty'],
ensure => $ensure,
log => '/var/log/manifest.log',
options => ['compress',
'delaycompress',
'missingok',
'rotate 7',
'daily',
'notifempty',
],
require => Cron['updatepuppet'],
}
}

6
modules/openstack_project/manifests/puppetmaster.pp
View File

@ -1,9 +1,11 @@
# == Class: openstack_project::puppetmaster
#
class openstack_project::puppetmaster (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [4505, 4506, 8140],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
class { 'salt::master': }
@ -30,6 +32,6 @@ class openstack_project::puppetmaster (
mode => '0555',
source => 'puppet:///modules/openstack_project/puppetmaster/hiera.yaml',
replace => true,
require => Class['openstack_project::server']
require => Class['openstack_project::server'],
}
}

10
modules/openstack_project/manifests/pypi.pp
View File

@ -1,3 +1,5 @@
# == Class: openstack_project::pypi
#
class openstack_project::pypi (
$sysadmins = []
) {
@ -6,16 +8,16 @@ class openstack_project::pypi (
# include jenkins slave so that build deps are there for the pip download
class { 'jenkins::slave':
ssh_key => "",
user => false
ssh_key => '',
user => false,
}
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
class { "pypimirror":
class { 'pypimirror':
projects => $openstack_project::project_list,
}
}

137
modules/openstack_project/manifests/review.pp
View File

@ -1,10 +1,14 @@
# == Class: openstack_project::review
# Current thinking on Gerrit tuning parameters:
# database.poolLimit:
# This limit must be several units higher than the total number of
# httpd and sshd threads as some request processing code paths may need
# multiple connections.
# database.poolLimit = 1 + max(sshd.threads,sshd.batchThreads) + sshd.streamThreads + sshd.commandStartThreads + httpd.acceptorThreads + httpd.maxThreads
# database.poolLimit = 1 + max(sshd.threads,sshd.batchThreads)
# + sshd.streamThreads + sshd.commandStartThreads
# + httpd.acceptorThreads + httpd.maxThreads
# http://groups.google.com/group/repo-discuss/msg/4c2809310cd27255
# or "2x sshd.threads"
# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a
@ -14,7 +18,8 @@
# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a
# sshd.threads:
# http://groups.google.com/group/repo-discuss/browse_thread/thread/b91491c185295a71
# http:
# //groups.google.com/group/repo-discuss/browse_thread/thread/b91491c185295a71
# httpd.maxWait:
# 12:07 <@spearce> httpd.maxwait defaults to 5 minutes and is how long gerrit
@ -25,19 +30,19 @@
# 12:09 <@spearce> so. you get 5 milliseconds before aborting
# thus, set it to 5000minutes until the bug is fixed.
class openstack_project::review (
$github_oauth_token,
$github_project_username,
$github_project_password,
$mysql_password,
$mysql_root_password,
$email_private_key,
$gerritbot_password,
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_password = '',
$mysql_root_password = '',
$email_private_key = '',
$gerritbot_password = '',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$ssh_dsa_key_contents='',
$ssh_dsa_pubkey_contents='',
$ssh_rsa_key_contents='',
$ssh_dsa_key_contents = '',
$ssh_dsa_pubkey_contents = '',
$ssh_rsa_key_contents = '',
$ssh_rsa_pubkey_contents='',
$ssh_project_rsa_key_contents='',
$ssh_project_rsa_pubkey_contents='',
@ -50,65 +55,71 @@ class openstack_project::review (
$sysadmins = []
) {
class { 'openstack_project::gerrit':
ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem',
ssl_key_file => '/etc/ssl/private/review.openstack.org.key',
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => 'review@openstack.org',
database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
container_heaplimit => '8g',
core_packedgitopenfiles => '4096',
core_packedgitlimit => '400m',
core_packedgitwindowsize => '16k',
sshd_threads => '100',
httpd_maxwait => '5000min',
war => 'http://tarballs.openstack.org/ci/gerrit-2.4.2-11-gb5a28fb.war',
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file => 'openstack_project/review.projects.yaml.erb',
github_username => 'openstack-gerrit',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id => 'trivial-rebase@review.openstack.org',
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins
ssl_cert_file =>
'/etc/ssl/certs/review.openstack.org.pem',
ssl_key_file =>
'/etc/ssl/private/review.openstack.org.key',
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => 'review@openstack.org',
# 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
database_poollimit => '150',
container_heaplimit => '8g',
core_packedgitopenfiles => '4096',
core_packedgitlimit => '400m',
core_packedgitwindowsize => '16k',
sshd_threads => '100',
httpd_maxwait => '5000min',
war =>
'http://tarballs.openstack.org/ci/gerrit-2.4.2-11-gb5a28fb.war',
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file =>
'openstack_project/review.projects.yaml.erb',
github_username => 'openstack-gerrit',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id => 'trivial-rebase@review.openstack.org',
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins,
}
class { 'gerritbot':
nick => 'openstackgerrit',
password => $gerritbot_password,
server => 'chat.freenode.net',
user => 'gerritbot',
vhost_name => $fqdn
nick => 'openstackgerrit',
password => $gerritbot_password,
server => 'irc.freenode.net',
user => 'gerritbot',
vhost_name => $::fqdn,
}
include gerrit::remotes
file { '/var/log/gerrit_user_sync':
ensure => directory,
owner => root,
group => gerrit2,
mode => 0775,
require => User['gerrit2']
ensure => directory,
owner => 'root',
group => 'gerrit2',
mode => '0775',
require => User['gerrit2'],
}
file { '/home/gerrit2/.sync_logging.conf':
ensure => present,
owner => root,
group => gerrit2,
mode => 0644,
source => 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2']
ensure => present,
owner => 'root',
group => 'gerrit2',
mode => '0644',
source =>
'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2'],
}
file { '/home/gerrit2/.ssh':
ensure => directory,

157
modules/openstack_project/manifests/review_dev.pp
View File

@ -1,87 +1,94 @@
# == Class: openstack_project::review_dev
#
class openstack_project::review_dev (
$github_oauth_token,
$github_project_username,
$github_project_password,
$mysql_password,
$mysql_root_password,
$email_private_key,
$contactstore_appsec,
$contactstore_pubkey,
$ssh_dsa_key_contents='',
$ssh_dsa_pubkey_contents='',
$ssh_rsa_key_contents='',
$ssh_rsa_pubkey_contents='',
$ssh_project_rsa_key_contents='',
$ssh_project_rsa_pubkey_contents='',
$cla_description='OpenStack Individual Contributor License Agreement',
$cla_file='static/cla.html',
$cla_id='2',
$cla_name='ICLA',
$lp_sync_key='', # If left empty puppet will not create file.
$lp_sync_pubkey='', # If left empty puppet will not create file.
$lp_sync_consumer_key='',
$lp_sync_token='',
$lp_sync_secret='',
$replicate_github=true,
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_password = '',
$mysql_root_password = '',
$email_private_key = '',
$contactstore_appsec = '',
$contactstore_pubkey = '',
$ssh_dsa_key_contents = '',
$ssh_dsa_pubkey_contents = '',
$ssh_rsa_key_contents = '',
$ssh_rsa_pubkey_contents = '',
$ssh_project_rsa_key_contents = '',
$ssh_project_rsa_pubkey_contents = '',
$cla_description = 'OpenStack Individual Contributor License Agreement',
$cla_file = 'static/cla.html',
$cla_id = '2',
$cla_name = 'ICLA',
$lp_sync_key = '', # If left empty puppet will not create file.
$lp_sync_pubkey = '', # If left empty puppet will not create file.
$lp_sync_consumer_key = '',
$lp_sync_token = '',
$lp_sync_secret = '',
$replicate_github = true,
$sysadmins = []
) {
class { 'openstack_project::gerrit':
vhost_name => 'review-dev.openstack.org',
canonicalweburl => "https://review-dev.openstack.org/",
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => "review-dev@openstack.org",
war => 'http://tarballs.openstack.org/ci/test/gerrit-2.4.2-14-gd77b4cd.war',
contactstore => true,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url => 'http://www.openstack.org/verify/member/',
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file => 'openstack_project/review-dev.projects.yaml.erb',
github_username => 'openstack-gerrit-dev',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id => 'trivial-rebase@review-dev.openstack.org',
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins
vhost_name => 'review-dev.openstack.org',
canonicalweburl => 'https://review-dev.openstack.org/',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => 'review-dev@openstack.org',
war =>
'http://tarballs.openstack.org/ci/test/gerrit-2.4.2-14-gd77b4cd.war',
contactstore => true,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url =>
'http://www.openstack.org/verify/member/',
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file =>
'openstack_project/review-dev.projects.yaml.erb',
github_username => 'openstack-gerrit-dev',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id =>
'trivial-rebase@review-dev.openstack.org',
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins,
}
file { '/var/log/gerrit_user_sync':
ensure => directory,
owner => root,
group => gerrit2,
mode => 0775,
require => User['gerrit2']
ensure => directory,
owner => 'root',
group => 'gerrit2',
mode => '0775',
require => User['gerrit2'],
}
file { '/home/gerrit2/.sync_logging.conf':
ensure => present,
owner => root,
group => gerrit2,
mode => 0644,
source => 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2']
ensure => present,
owner => 'root',
group => 'gerrit2',
mode => '0644',
source =>
'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2'],
}
file { '/home/gerrit2/review_site/bin/set_agreements.sh':
ensure => present,
owner => root,
group => root,
mode => 0755,
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('openstack_project/gerrit_set_agreements.sh.erb'),
replace => 'true',
require => Class['::gerrit']
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/.ssh':
ensure => directory,
@ -132,7 +139,9 @@ class openstack_project::review_dev (
exec { 'set_contributor_agreements':
path => ['/bin', '/usr/bin'],
command => '/home/gerrit2/review_site/bin/set_agreements.sh',
require => [Class['mysql'],
File['/home/gerrit2/review_site/bin/set_agreements.sh']]
require => [
Class['mysql'],
File['/home/gerrit2/review_site/bin/set_agreements.sh'],
],
}
}

8
modules/openstack_project/manifests/server.pp
View File

@ -1,14 +1,16 @@
# == Class: openstack_project::server
#
# A server that we expect to run for some time
class openstack_project::server (
$iptables_public_tcp_ports = [],
$sysadmins = [],
$certname = $fqdn
$certname = $::fqdn
) {
class { 'openstack_project::template':
iptables_public_tcp_ports => $iptables_public_tcp_ports,
certname => $certname,
certname => $certname,
}
class { 'exim':
sysadmin => $sysadmins
sysadmin => $sysadmins,
}
}

12
modules/openstack_project/manifests/slave.pp
View File

@ -1,17 +1,19 @@
# == Class: openstack_project::slave
#
class openstack_project::slave (
$certname=$fqdn,
$sysadmins=[]
$certname = $::fqdn,
$sysadmins = []
) {
include openstack_project
include tmpreaper
include unattended_upgrades
class { 'openstack_project::server':
iptables_public_tcp_ports => [],
certname => $certname,
sysadmins => $sysadmins
certname => $certname,
sysadmins => $sysadmins,
}
class { 'jenkins::slave':
ssh_key => $openstack_project::jenkins_ssh_key
ssh_key => $openstack_project::jenkins_ssh_key,
}
class { 'salt':
salt_master => 'ci-puppetmaster.openstack.org',

12
modules/openstack_project/manifests/slave_template.pp
View File

@ -1,14 +1,16 @@
# == Class: openstack_project::slave_template
#
class openstack_project::slave_template (
$install_users=true,
$ssh_key=$openstack_project::jenkins_ssh_key
$install_users = true,
$ssh_key = $openstack_project::jenkins_ssh_key
) inherits openstack_project {
class { 'openstack_project::template':
iptables_public_tcp_ports => [],
install_users => $install_users,
install_users => $install_users,
}
class { 'jenkins::slave':
ssh_key => $ssh_key,
sudo => true,
bare => true
sudo => true,
bare => true,
}
}

27
modules/openstack_project/manifests/static.pp
View File

@ -1,15 +1,17 @@
# == Class: openstack_project::static
#
class openstack_project::static (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
include openstack_project
class { 'jenkins::jenkinsuser':
ssh_key => $openstack_project::jenkins_ssh_key
ssh_key => $openstack_project::jenkins_ssh_key,
}
include apache
@ -44,30 +46,29 @@ class openstack_project::static (
}
file { '/srv/static':
ensure => directory
ensure => directory,
}
file { '/srv/static/tarballs':
ensure => directory
ensure => directory,
}
file { '/srv/static/ci':
ensure => directory
ensure => directory,
}
file { '/srv/static/logs':
ensure => directory
ensure => directory,
}
file { '/srv/static/docs-draft':
ensure => directory
ensure => directory,
}
cron { "gziplogs":
user => root,
hour => "*/6",
command => 'sleep $((RANDOM\%600)) && flock -n /var/run/gziplogs.lock find /srv/static/logs/ \( -name \*.txt -or -name \*.html \) -exec gzip \{\} \;',
environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin",
cron { 'gziplogs':
user => 'root',
hour => '*/6',
command => 'sleep $((RANDOM\%600)) && flock -n /var/run/gziplogs.lock find /srv/static/logs/ \( -name \*.txt -or -name \*.html \) -exec gzip \{\} \;',
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
}
}

11
modules/openstack_project/manifests/template.pp
View File

@ -1,9 +1,12 @@
# == Class: openstack_project::template
#
# A template host with no running services
#
class openstack_project::template (
$iptables_public_tcp_ports,
$iptables_public_tcp_ports = [],
$install_users = true,
$certname = $fqdn
) {
$certname = $::fqdn
) {
include ssh
include snmpd
include unattended_upgrades
@ -16,6 +19,6 @@ class openstack_project::template (
class { 'openstack_project::base':
install_users => $install_users,
certname => $certname,
certname => $certname,
}
}

19
modules/openstack_project/manifests/translation_slave.pp
View File

@ -1,23 +1,24 @@
# == Class: openstack_project::translation_slave
#
class openstack_project::translation_slave (
transifex_username = 'openstackci',
transifex_password
$transifex_password = '',
$transifex_username = 'openstackci',
) {
include openstack_project::slave
package { ['transifex-client', 'Babel']:
ensure => latest,
ensure => latest,
provider => pip,
require => Class[pip]
require => Class['pip'],
}
file { '/home/jenkins/.transifexrc':
owner => 'jenkins',
group => 'jenkins',
mode => 0600,
ensure => 'present',
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0600',
content => template('openstack_project/transifexrc.erb'),
require => User['jenkins'],
}
}

6
modules/openstack_project/manifests/users.pp
View File

@ -1,3 +1,5 @@
# == Class: openstack_project::users
#
class openstack_project::users {
@user::virtual::localuser { 'mordred':
realname => 'Monty Taylor',
@ -11,7 +13,7 @@ class openstack_project::users {
@user::virtual::localuser { 'soren':
realname => 'Soren Hansen',
sshkeys => "",
sshkeys => '',
}
@user::virtual::localuser { 'smaffulli':
@ -21,7 +23,7 @@ class openstack_project::users {
@user::virtual::localuser { 'linuxjedi':
realname => 'Andrew Hutchings',
sshkeys => "",
sshkeys => '',
}
@user::virtual::localuser { 'oubiwann':

24
modules/openstack_project/manifests/wiki.pp
View File

@ -1,5 +1,7 @@
# == Class: openstack_project::wiki
#
class openstack_project::wiki (
$mysql_root_password,
$mysql_root_password = '',
$sysadmins = []
) {
@ -8,29 +10,29 @@ class openstack_project::wiki (
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins
sysadmins => $sysadmins,
}
realize (
User::Virtual::Localuser["rlane"],
User::Virtual::Localuser['rlane'],
)
class { 'mediawiki':
role => 'all',
role => 'all',
mediawiki_location => '/srv/mediawiki/w',
site_hostname => $fqdn;
site_hostname => $::fqdn,
}
class { 'memcached':
max_memory => 2048,
listen_ip => '127.0.0.1',
tcp_port => 11000,
udp_port => 11000,
listen_ip => '127.0.0.1',
tcp_port => 11000,
udp_port => 11000,
}
class {"mysql::server":
class { 'mysql::server':
config_hash => {
'root_password' => "${mysql_root_password}",
'root_password' => $mysql_root_password,
'default_engine' => 'InnoDB',
'bind_address' => '127.0.0.1',
'bind_address' => '127.0.0.1',
}
}
include mysql::server::account_security

38
modules/openstack_project/manifests/zuul.pp
View File

@ -1,33 +1,35 @@
# == Class: openstack_project::zuul
#
class openstack_project::zuul(
$jenkins_server,
$jenkins_user,
$jenkins_apikey,
$gerrit_server,
$gerrit_user,
$url_pattern
) {
$jenkins_server = '',
$jenkins_user = '',
$jenkins_apikey = '',
$gerrit_server = '',
$gerrit_user = '',
$url_pattern = ''
) {
class { "::zuul":
class { '::zuul':
jenkins_server => $jenkins_server,
jenkins_user => $jenkins_user,
jenkins_user => $jenkins_user,
jenkins_apikey => $jenkins_apikey,
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
url_pattern => $url_pattern
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
url_pattern => $url_pattern,
}
file { "/etc/zuul/layout.yaml":
ensure => 'present',
file { '/etc/zuul/layout.yaml':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/layout.yaml',
notify => Exec['zuul-reload'],
}
file { "/etc/zuul/openstack_functions.py":
ensure => 'present',
file { '/etc/zuul/openstack_functions.py':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/openstack_functions.py',
notify => Exec['zuul-reload'],
}
file { "/etc/zuul/logging.conf":
ensure => 'present',
file { '/etc/zuul/logging.conf':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/logging.conf',
notify => Exec['zuul-reload'],
}