Cleanup openstack_project manifest lint errors.
Now with extra unwrap! Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a Reviewed-on: Reviewed-by: Clark Boylan <> Approved: Jeremy Stanley <> Reviewed-by: Jeremy Stanley <> Tested-by: Jenkins
This commit is contained in:
@ -1,5 +1,7 @@
# == Class: openstack_project::backup_server
class openstack_project::backup_server {
class { 'openstack_project::template':
iptables_public_tcp_ports => []
iptables_public_tcp_ports => [],
@ -1,3 +1,5 @@
# == Class: openstack_project::base
class openstack_project::base(
$certname = $::fqdn,
$install_users = true
@ -7,18 +9,18 @@ class openstack_project::base(
include sudoers
file { '/etc/profile.d/':
ensure => 'absent'
ensure => absent,
package { 'popularity-contest':
ensure => purged
ensure => purged,
if ($::lsbdistcodename == 'oneiric') {
apt::ppa { 'ppa:git-core/ppa': }
package { 'git':
ensure => latest,
require => Apt::Ppa['ppa:git-core/ppa']
require => Apt::Ppa['ppa:git-core/ppa'],
} else {
package { 'git':
@ -33,19 +35,19 @@ class openstack_project::base(
package { $packages:
ensure => 'present'
ensure => present,
include pip
package { 'virtualenv':
ensure => latest,
ensure => latest,
provider => pip,
require => Class[pip]
require => Class['pip'],
if ($install_users) {
package { ['byobu', 'emacs23-nox']:
ensure => 'present'
ensure => present,
realize (
@ -76,7 +78,7 @@ class openstack_project::base(
file { '/etc/puppet/puppet.conf':
ensure => 'present',
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
@ -1,6 +1,6 @@
class openstack_project::dashboard(
$password = '',
$mysql_password = '',
$sysadmins = []
) {
@ -1,5 +1,5 @@
class openstack_project::eavesdrop (
$nickpass = '',
$sysadmins = []
) {
class { 'openstack_project::server':
@ -2,7 +2,7 @@ class openstack_project::etherpad (
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$database_password = '',
$sysadmins = []
) {
class { 'openstack_project::server':
@ -1,5 +1,5 @@
class openstack_project::etherpad_dev (
$database_password = '',
$sysadmins = []
) {
class { 'openstack_project::server':
@ -21,8 +21,8 @@ class openstack_project::etherpad_dev (
include etherpad_lite::backup
class { 'etherpad_lite::apache':
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
@ -1,63 +1,65 @@
# == Class: openstack_project::gerrit
# A wrapper class around the main gerrit class that sets gerrit
# up for launchpad single sign on, bug/blueprint links and user
# import and sync
# TODO: launchpadlib creds for user sync script
class openstack_project::gerrit (
$ssh_dsa_key_contents='', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_project_rsa_pubkey_contents='', # If left empty puppet will not create file.
$vhost_name = $::fqdn,
$canonicalweburl = "https://${::fqdn}/",
$serveradmin = '',
$ssh_host_key = '/home/gerrit2/review_site/etc/ssh_host_rsa_key',
$ssh_project_key = '/home/gerrit2/review_site/etc/ssh_project_rsa_key',
$ssl_cert_file = '',
$ssl_key_file = '',
$ssl_chain_file = '',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$ssh_dsa_key_contents = '', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_rsa_key_contents = '', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents = '', # If left empty will not create file.
$ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
$email = '',
$database_poollimit = '',
$container_heaplimit = '',
$core_packedgitopenfiles = '',
$core_packedgitlimit = '',
$core_packedgitwindowsize = '',
$sshd_threads = '',
$httpd_acceptorthreads = '',
$httpd_minthreads = '',
$httpd_maxthreads = '',
$httpd_maxwait = '',
$war = '',
$contactstore = false,
$contactstore_appsec = '',
$contactstore_pubkey = '',
$contactstore_url = '',
$script_user = 'update',
$script_key_file = '/home/gerrit2/.ssh/id_rsa',
$script_logging_conf = '/home/gerrit2/.sync_logging.conf',
$projects_file = 'UNDEF',
$github_username = '',
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_password = '',
$mysql_root_password = '',
$trivial_rebase_role_id = '',
$email_private_key = '',
$replicate_github = true,
$replicate_local = true,
$local_git_dir = '/var/lib/git',
$testmode = false,
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 29418],
sysadmins => $sysadmins
sysadmins => $sysadmins,
class { '::gerrit':
@ -80,7 +82,7 @@ class openstack_project::gerrit (
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => $email,
openidssourl => "",
openidssourl => '',
database_poollimit => $database_poollimit,
container_heaplimit => $container_heaplimit,
core_packedgitopenfiles => $core_packedgitopenfiles,
@ -91,19 +93,23 @@ class openstack_project::gerrit (
httpd_minthreads => $httpd_minthreads,
httpd_maxthreads => $httpd_maxthreads,
httpd_maxwait => $httpd_maxwait,
commentlinks => [{ name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z'
{ name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => '$2'
{ name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => '$2'
commentlinks => [
name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z',
name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => '$2',
name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => '$2',
war => $war,
contactstore => $contactstore,
contactstore_appsec => $contactstore_appsec,
@ -131,91 +137,92 @@ class openstack_project::gerrit (
file { '/home/gerrit2/review_site/static/echosign-cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html',
replace => 'true',
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html',
replace => true,
require => Class['::gerrit'],
file { '/home/gerrit2/review_site/static/cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
replace => 'true',
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
replace => true,
require => Class['::gerrit'],
file { '/home/gerrit2/review_site/static/title.png':
ensure => 'present',
source => "puppet:///modules/openstack_project/openstack.png",
ensure => present,
source => 'puppet:///modules/openstack_project/openstack.png',
require => Class['::gerrit'],
file { '/home/gerrit2/review_site/static/openstack-page-bkg.jpg':
ensure => 'present',
source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg',
ensure => present,
source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg',
require => Class['::gerrit'],
file { '/home/gerrit2/review_site/etc/GerritSite.css':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
ensure => present,
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
require => Class['::gerrit'],
file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
ensure => present,
source =>
require => Class['::gerrit'],
cron { "gerritsyncusers":
cron { 'gerritsyncusers':
ensure => absent,
class { "launchpad_sync":
user => "gerrit2",
script_user => $script_user,
script_key_file => $script_key_file,
class { 'launchpad_sync':
user => 'gerrit2',
script_user => $script_user,
script_key_file => $script_key_file,
script_logging_conf => $script_logging_conf,
site => "openstack",
root_team => "openstack",
site => 'openstack',
root_team => 'openstack',
file { '/home/gerrit2/review_site/hooks/change-merged':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
replace => 'true',
require => Class['::gerrit']
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
replace => true,
require => Class['::gerrit'],
file { '/home/gerrit2/review_site/hooks/patchset-created':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
content => template('openstack_project/gerrit_patchset-created.erb'),
replace => 'true',
require => Class['::gerrit']
replace => true,
require => Class['::gerrit'],
file { '/usr/local/gerrit/scripts/':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source =>
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source =>
replace => 'true',
require => Class['::gerrit']
replace => true,
require => Class['::gerrit'],
if ($projects_file != 'UNDEF') {
@ -1,41 +1,42 @@
# == Class: openstack_project::glancetest
class openstack_project::glancetest(
) {
$s3_store_access_key = '',
$s3_store_secret_key = '',
$s3_store_bucket = '',
$swift_store_user = '',
$swift_store_key = '',
$swift_store_container = '',
$s3_store_host = '',
$swift_store_auth_address = ''
) {
file { 'jenkinsglanceconfigdir':
name => '/home/jenkins/.config/glance',
owner => 'jenkins',
group => 'jenkins',
mode => 700,
ensure => 'directory',
ensure => directory,
name => '/home/jenkins/.config/glance',
owner => 'jenkins',
group => 'jenkins',
mode => '0700',
require => Class['::jenkins::jenkinsuser'],
file { 'glances3conf':
name => '/home/jenkins/.config/glance/s3.conf',
owner => 'jenkins',
group => 'jenkins',
mode => 400,
ensure => 'present',
ensure => present,
name => '/home/jenkins/.config/glance/s3.conf',
owner => 'jenkins',
group => 'jenkins',
mode => '0400',
require => File['jenkinsglanceconfigdir'],
content => template('openstack_project/glance_s3.conf.erb'),
file { 'glanceswiftconf':
name => '/home/jenkins/.config/glance/swift.conf',
owner => 'jenkins',
group => 'jenkins',
mode => 400,
ensure => 'present',
ensure => present,
name => '/home/jenkins/.config/glance/swift.conf',
owner => 'jenkins',
group => 'jenkins',
mode => '0400',
require => File['jenkinsglanceconfigdir'],
content => template('openstack_project/glance_swift.conf.erb'),
@ -1,3 +1,5 @@
# == Class: openstack_project
class openstack_project {
$jenkins_ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson\n"
@ -1,10 +1,12 @@
# == Class: openstack_project::jenkins
class openstack_project::jenkins (
$jenkins_jobs_password = '',
$manage_jenkins_jobs = true,
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$sysadmins = [],
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155],
@ -37,7 +39,8 @@ class openstack_project::jenkins (
group => 'root',
mode => '0755',
recurse => true,
source => 'puppet:///modules/openstack_project/jenkins_job_builder/config',
source =>
notify => Exec['jenkins_jobs_update'],
@ -1,21 +1,23 @@
# == Class: openstack_project::jenkins_dev
class openstack_project::jenkins_dev (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 4155],
sysadmins => $sysadmins
sysadmins => $sysadmins,
include bup
bup::site { 'rs-ord':
backup_user => 'bup-jenkins-dev',
backup_server => ''
backup_user => 'bup-jenkins-dev',
backup_server => '',
class { '::jenkins::master':
vhost_name => '',
serveradmin => '',
logo => 'openstack.png',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
vhost_name => '',
serveradmin => '',
logo => 'openstack.png',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
@ -1,22 +1,24 @@
class openstack_project::lists($listadmins) {
# == Class: openstack_project::lists
class openstack_project::lists($listadmins = '') {
# Using openstack_project::template instead of openstack_project::server
# because the exim config on this machine is almost certainly
# going to be more complicated than normal.
class { 'openstack_project::template':
iptables_public_tcp_ports => [25, 80, 465]
iptables_public_tcp_ports => [25, 80, 465],
class { 'exim':
sysadmin => $listadmins,
sysadmin => $listadmins,
mailman_domains => [''],
class { 'mailman':
vhost_name => ''
vhost_name => '',
realize (
@ -1,17 +1,19 @@
# == Class: openstack_project::paste
class openstack_project::paste (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins
sysadmins => $sysadmins,
include lodgeit
lodgeit::site { "openstack":
port => "5000",
image => "header-bg2.png"
lodgeit::site { 'openstack':
port => '5000',
image => 'header-bg2.png',
lodgeit::site { "drizzle":
port => "5001"
lodgeit::site { 'drizzle':
port => '5001',
@ -1,13 +1,15 @@
# == Class: openstack_project::planet
class openstack_project::planet (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins
sysadmins => $sysadmins,
include ::planet
planet::site { "openstack":
git_url => ""
planet::site { 'openstack':
git_url => '',
@ -1,20 +1,29 @@
class openstack_project::puppet_cron($ensure=present) {
# == Class: openstack_project::puppet_cron
class openstack_project::puppet_cron($ensure = present)
include logrotate
class { 'puppetboot':
ensure => $ensure
cron { "updatepuppet":
ensure => $ensure,
user => root,
minute => "*/15",
command => 'apt-get update >/dev/null 2>&1 ; sleep $((RANDOM\%600)) && puppet agent --test >>/var/log/manifest.log',
environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin",
cron { 'updatepuppet':
ensure => $ensure,
user => 'root',
minute => '*/15',
command => 'apt-get update >/dev/null 2>&1 ; sleep $((RANDOM\%600)) && puppet agent --test >>/var/log/manifest.log',
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
logrotate::file { 'updatepuppet':
ensure => $ensure,
log => '/var/log/manifest.log',
options => ['compress', 'delaycompress', 'missingok', 'rotate 7', 'daily', 'notifempty'],
ensure => $ensure,
log => '/var/log/manifest.log',
options => ['compress',
'rotate 7',
require => Cron['updatepuppet'],
@ -1,9 +1,11 @@
# == Class: openstack_project::puppetmaster
class openstack_project::puppetmaster (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [4505, 4506, 8140],
sysadmins => $sysadmins
sysadmins => $sysadmins,
class { 'salt::master': }
@ -30,6 +32,6 @@ class openstack_project::puppetmaster (
mode => '0555',
source => 'puppet:///modules/openstack_project/puppetmaster/hiera.yaml',
replace => true,
require => Class['openstack_project::server']
require => Class['openstack_project::server'],
@ -1,3 +1,5 @@
# == Class: openstack_project::pypi
class openstack_project::pypi (
$sysadmins = []
) {
@ -6,16 +8,16 @@ class openstack_project::pypi (
# include jenkins slave so that build deps are there for the pip download
class { 'jenkins::slave':
ssh_key => "",
user => false
ssh_key => '',
user => false,
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins
sysadmins => $sysadmins,
class { "pypimirror":
class { 'pypimirror':
projects => $openstack_project::project_list,
@ -1,10 +1,14 @@
# == Class: openstack_project::review
# Current thinking on Gerrit tuning parameters:
# database.poolLimit:
# This limit must be several units higher than the total number of
# httpd and sshd threads as some request processing code paths may need
# multiple connections.
# database.poolLimit = 1 + max(sshd.threads,sshd.batchThreads) + sshd.streamThreads + sshd.commandStartThreads + httpd.acceptorThreads + httpd.maxThreads
# database.poolLimit = 1 + max(sshd.threads,sshd.batchThreads)
# + sshd.streamThreads + sshd.commandStartThreads
# + httpd.acceptorThreads + httpd.maxThreads
# or "2x sshd.threads"
@ -14,7 +18,8 @@
# sshd.threads:
# http:
# //
# httpd.maxWait:
# 12:07 <@spearce> httpd.maxwait defaults to 5 minutes and is how long gerrit
@ -25,19 +30,19 @@
# 12:09 <@spearce> so. you get 5 milliseconds before aborting
# thus, set it to 5000minutes until the bug is fixed.
class openstack_project::review (
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_password = '',
$mysql_root_password = '',
$email_private_key = '',
$gerritbot_password = '',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$ssh_dsa_key_contents = '',
$ssh_dsa_pubkey_contents = '',
$ssh_rsa_key_contents = '',
@ -50,65 +55,71 @@ class openstack_project::review (
$sysadmins = []
) {
class { 'openstack_project::gerrit':
ssl_cert_file => '/etc/ssl/certs/',
ssl_key_file => '/etc/ssl/private/',
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => '',
database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
container_heaplimit => '8g',
core_packedgitopenfiles => '4096',
core_packedgitlimit => '400m',
core_packedgitwindowsize => '16k',
sshd_threads => '100',
httpd_maxwait => '5000min',
war => '',
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file => 'openstack_project/review.projects.yaml.erb',
github_username => 'openstack-gerrit',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id => '',
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins
ssl_cert_file =>
ssl_key_file =>
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => '',
# 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
database_poollimit => '150',
container_heaplimit => '8g',
core_packedgitopenfiles => '4096',
core_packedgitlimit => '400m',
core_packedgitwindowsize => '16k',
sshd_threads => '100',
httpd_maxwait => '5000min',
war =>
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file =>
github_username => 'openstack-gerrit',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id => '',
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins,
class { 'gerritbot':
nick => 'openstackgerrit',
password => $gerritbot_password,
server => '',
user => 'gerritbot',
vhost_name => $fqdn
nick => 'openstackgerrit',
password => $gerritbot_password,
server => '',
user => 'gerritbot',
vhost_name => $::fqdn,
include gerrit::remotes
file { '/var/log/gerrit_user_sync':
ensure => directory,
owner => root,
group => gerrit2,
mode => 0775,
require => User['gerrit2']
ensure => directory,
owner => 'root',
group => 'gerrit2',
mode => '0775',
require => User['gerrit2'],
file { '/home/gerrit2/.sync_logging.conf':
ensure => present,
owner => root,
group => gerrit2,
mode => 0644,
source => 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2']
ensure => present,
owner => 'root',
group => 'gerrit2',
mode => '0644',
source =>
require => User['gerrit2'],
file { '/home/gerrit2/.ssh':
ensure => directory,
@ -1,87 +1,94 @@
# == Class: openstack_project::review_dev
class openstack_project::review_dev (
$cla_description='OpenStack Individual Contributor License Agreement',
$lp_sync_key='', # If left empty puppet will not create file.
$lp_sync_pubkey='', # If left empty puppet will not create file.
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_password = '',
$mysql_root_password = '',
$email_private_key = '',
$contactstore_appsec = '',
$contactstore_pubkey = '',
$ssh_dsa_key_contents = '',
$ssh_dsa_pubkey_contents = '',
$ssh_rsa_key_contents = '',
$ssh_rsa_pubkey_contents = '',
$ssh_project_rsa_key_contents = '',
$ssh_project_rsa_pubkey_contents = '',
$cla_description = 'OpenStack Individual Contributor License Agreement',
$cla_file = 'static/cla.html',
$cla_id = '2',
$cla_name = 'ICLA',
$lp_sync_key = '', # If left empty puppet will not create file.
$lp_sync_pubkey = '', # If left empty puppet will not create file.
$lp_sync_consumer_key = '',
$lp_sync_token = '',
$lp_sync_secret = '',
$replicate_github = true,
$sysadmins = []
) {
class { 'openstack_project::gerrit':
vhost_name => '',
canonicalweburl => "",
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => "",
war => '',
contactstore => true,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url => '',
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file => 'openstack_project/review-dev.projects.yaml.erb',
github_username => 'openstack-gerrit-dev',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id => '',
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins
vhost_name => '',
canonicalweburl => '',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => '',
war =>
contactstore => true,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url =>
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',
projects_file =>
github_username => 'openstack-gerrit-dev',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
trivial_rebase_role_id =>
email_private_key => $email_private_key,
replicate_github => $replicate_github,
sysadmins => $sysadmins,
file { '/var/log/gerrit_user_sync':
ensure => directory,
owner => root,
group => gerrit2,
mode => 0775,
require => User['gerrit2']
ensure => directory,
owner => 'root',
group => 'gerrit2',
mode => '0775',
require => User['gerrit2'],
file { '/home/gerrit2/.sync_logging.conf':
ensure => present,
owner => root,
group => gerrit2,
mode => 0644,
source => 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2']
ensure => present,
owner => 'root',
group => 'gerrit2',
mode => '0644',
source =>
require => User['gerrit2'],
file { '/home/gerrit2/review_site/bin/':
ensure => present,
owner => root,
group => root,
mode => 0755,
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('openstack_project/'),
replace => 'true',
require => Class['::gerrit']
replace => true,
require => Class['::gerrit'],
file { '/home/gerrit2/.ssh':
ensure => directory,
@ -132,7 +139,9 @@ class openstack_project::review_dev (
exec { 'set_contributor_agreements':
path => ['/bin', '/usr/bin'],
command => '/home/gerrit2/review_site/bin/',
require => [Class['mysql'],
require => [
@ -1,14 +1,16 @@
# == Class: openstack_project::server
# A server that we expect to run for some time
class openstack_project::server (
$iptables_public_tcp_ports = [],
$sysadmins = [],
$certname = $fqdn
$certname = $::fqdn
) {
class { 'openstack_project::template':
iptables_public_tcp_ports => $iptables_public_tcp_ports,
certname => $certname,
certname => $certname,
class { 'exim':
sysadmin => $sysadmins
sysadmin => $sysadmins,
@ -1,17 +1,19 @@
# == Class: openstack_project::slave
class openstack_project::slave (
$certname = $::fqdn,
$sysadmins = []
) {
include openstack_project
include tmpreaper
include unattended_upgrades
class { 'openstack_project::server':
iptables_public_tcp_ports => [],
certname => $certname,
sysadmins => $sysadmins
certname => $certname,
sysadmins => $sysadmins,
class { 'jenkins::slave':
ssh_key => $openstack_project::jenkins_ssh_key
ssh_key => $openstack_project::jenkins_ssh_key,
class { 'salt':
salt_master => '',
@ -1,14 +1,16 @@
# == Class: openstack_project::slave_template
class openstack_project::slave_template (
$install_users = true,
$ssh_key = $openstack_project::jenkins_ssh_key
) inherits openstack_project {
class { 'openstack_project::template':
iptables_public_tcp_ports => [],
install_users => $install_users,
install_users => $install_users,
class { 'jenkins::slave':
ssh_key => $ssh_key,
sudo => true,
bare => true
sudo => true,
bare => true,
@ -1,15 +1,17 @@
# == Class: openstack_project::static
class openstack_project::static (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => $sysadmins
sysadmins => $sysadmins,
include openstack_project
class { 'jenkins::jenkinsuser':
ssh_key => $openstack_project::jenkins_ssh_key
ssh_key => $openstack_project::jenkins_ssh_key,
include apache
@ -44,30 +46,29 @@ class openstack_project::static (
file { '/srv/static':
ensure => directory
ensure => directory,
file { '/srv/static/tarballs':
ensure => directory
ensure => directory,
file { '/srv/static/ci':
ensure => directory
ensure => directory,
file { '/srv/static/logs':
ensure => directory
ensure => directory,
file { '/srv/static/docs-draft':
ensure => directory
ensure => directory,
cron { "gziplogs":
user => root,
hour => "*/6",
command => 'sleep $((RANDOM\%600)) && flock -n /var/run/gziplogs.lock find /srv/static/logs/ \( -name \*.txt -or -name \*.html \) -exec gzip \{\} \;',
environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin",
cron { 'gziplogs':
user => 'root',
hour => '*/6',
command => 'sleep $((RANDOM\%600)) && flock -n /var/run/gziplogs.lock find /srv/static/logs/ \( -name \*.txt -or -name \*.html \) -exec gzip \{\} \;',
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
@ -1,9 +1,12 @@
# == Class: openstack_project::template
# A template host with no running services
class openstack_project::template (
$iptables_public_tcp_ports = [],
$install_users = true,
$certname = $fqdn
) {
$certname = $::fqdn
) {
include ssh
include snmpd
include unattended_upgrades
@ -16,6 +19,6 @@ class openstack_project::template (
class { 'openstack_project::base':
install_users => $install_users,
certname => $certname,
certname => $certname,
@ -1,23 +1,24 @@
# == Class: openstack_project::translation_slave
class openstack_project::translation_slave (
transifex_username = 'openstackci',
$transifex_password = '',
$transifex_username = 'openstackci',
) {
include openstack_project::slave
package { ['transifex-client', 'Babel']:
ensure => latest,
ensure => latest,
provider => pip,
require => Class[pip]
require => Class['pip'],
file { '/home/jenkins/.transifexrc':
owner => 'jenkins',
group => 'jenkins',
mode => 0600,
ensure => 'present',
ensure => present,
owner => 'jenkins',
group => 'jenkins',
mode => '0600',
content => template('openstack_project/transifexrc.erb'),
require => User['jenkins'],
@ -1,3 +1,5 @@
# == Class: openstack_project::users
class openstack_project::users {
@user::virtual::localuser { 'mordred':
realname => 'Monty Taylor',
@ -11,7 +13,7 @@ class openstack_project::users {
@user::virtual::localuser { 'soren':
realname => 'Soren Hansen',
sshkeys => "",
sshkeys => '',
@user::virtual::localuser { 'smaffulli':
@ -21,7 +23,7 @@ class openstack_project::users {
@user::virtual::localuser { 'linuxjedi':
realname => 'Andrew Hutchings',
sshkeys => "",
sshkeys => '',
@user::virtual::localuser { 'oubiwann':
@ -1,5 +1,7 @@
# == Class: openstack_project::wiki
class openstack_project::wiki (
$mysql_root_password = '',
$sysadmins = []
) {
@ -8,29 +10,29 @@ class openstack_project::wiki (
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins
sysadmins => $sysadmins,
realize (
class { 'mediawiki':
role => 'all',
role => 'all',
mediawiki_location => '/srv/mediawiki/w',
site_hostname => $fqdn;
site_hostname => $::fqdn,
class { 'memcached':
max_memory => 2048,
listen_ip => '',
tcp_port => 11000,
udp_port => 11000,
listen_ip => '',
tcp_port => 11000,
udp_port => 11000,
class {"mysql::server":
class { 'mysql::server':
config_hash => {
'root_password' => "${mysql_root_password}",
'root_password' => $mysql_root_password,
'default_engine' => 'InnoDB',
'bind_address' => '',
'bind_address' => '',
include mysql::server::account_security
@ -1,33 +1,35 @@
# == Class: openstack_project::zuul
class openstack_project::zuul(
) {
$jenkins_server = '',
$jenkins_user = '',
$jenkins_apikey = '',
$gerrit_server = '',
$gerrit_user = '',
$url_pattern = ''
) {
class { "::zuul":
class { '::zuul':
jenkins_server => $jenkins_server,
jenkins_user => $jenkins_user,
jenkins_user => $jenkins_user,
jenkins_apikey => $jenkins_apikey,
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
url_pattern => $url_pattern
gerrit_server => $gerrit_server,
gerrit_user => $gerrit_user,
url_pattern => $url_pattern,
file { "/etc/zuul/layout.yaml":
ensure => 'present',
file { '/etc/zuul/layout.yaml':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/layout.yaml',
notify => Exec['zuul-reload'],
file { "/etc/zuul/":
ensure => 'present',
file { '/etc/zuul/':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/',
notify => Exec['zuul-reload'],
file { "/etc/zuul/logging.conf":
ensure => 'present',
file { '/etc/zuul/logging.conf':
ensure => present,
source => 'puppet:///modules/openstack_project/zuul/logging.conf',
notify => Exec['zuul-reload'],
Reference in New Issue
Block a user