I hope. The grant parameter appears to want an array so give it one.
Also enforce order by requiring the mysql server and account security
settings in the DB resource.
Change-Id: I2c99c25cb09cb5b68240a5fbd146f47ba8aee410
Reviewed-on: https://review.openstack.org/14320
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
The destination dir for the bcpg link needs to be present before the
link can be made. Add that dir to the gerrit init manifest and require
it in the link file resource.
Change-Id: I462cc96dcd0eafa814e3e3599a96eacc64665bcf
Reviewed-on: https://review.openstack.org/14319
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36
Reviewed-on: https://review.openstack.org/14176
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Recent ssl cert management changed the group on the ssl keys to root
from ssl-cert. Change it back.
Change-Id: I6dcbeca364fa9c435aee520248a59f0917cd02a8
Reviewed-on: https://review.openstack.org/14116
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Use Hiera to store the review.o.o SSL certs and pass them down to the
gerrit module.
While modifying these files fix indentation and rocket ship alignment
according to puppet lint in the sections touched.
Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315
Reviewed-on: https://review.openstack.org/13975
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/gerrit/manifests/init.pp: The file block for the bcpg.jar
symlink should require the libbcpg-java package rather than the jarfile
it installs.
Change-Id: Icf4356c51425a816aea523f835e8bc7c62055b28
Reviewed-on: https://review.openstack.org/13392
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
This replaces the previous Echosign+Launchpad+Wiki+approver-based
asynchronous contributor license agreement signing process with a
fully-automated one contained entirely within Gerrit itself.
Note that the CLA features in Gerrit's WebUI depend on a modified
gerrit.war with an earlier patch reverted:
https://review.openstack.org/12716
* manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec
and contactstore_pubkey private material from hiera, for use by Gerrit's
contact store feature. Similar entries should be added for
review.openstack.org before going into production.
* modules/gerrit/manifests/init.pp(gerrit): Add contactstore,
contactstore_appsec and contactstore_url variables needed by the
gerrit.config.erb template, and contactstore_pubkey needed by the
contact_information.pub.erb template. Add a conditional block so that if
contactstore is enabled it installs the libbcpg-java package which
Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into
Gerrit's lib directory, and builds contact_information.pub from the
contact_information.pub.erb template.
* modules/gerrit/templates/contact_information.pub.erb: New template
which is effectively an empty file waiting to be filled with the
contents of the contactstore_pubkey variable. The
gerrit_contact_information.pub file built from it gets used to encrypt
contact information filed by users in such a way that it can only be
decrypted by the private key held by the Foundation.
* modules/gerrit/templates/gerrit.config.erb(contactstore): New section,
implemented conditionally for safety. Once enabled, if the
contactstore_appsec and contactstore_url are unset then Gerrit will
refuse to start. If the system referred to by contactstore_url is
unresponsive or contactstore_appsec does not contain the shared secret
it's expecting, contributors will be unable to file initial or updated
contact information through Gerrit's WebUI.
* modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML
copy of http://wiki.openstack.org/CLA retaining all the original
wording. This will probably need updating by OpenStack Foundation staff.
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Add contactstore, contactstore_appsec,
contactstore_pubkey and contactstore_url variables to pass back into the
gerrit module. Also define the cla_description, cla_file, cla_id and
cla_name variables which get used in the gerrit_set_agreements.sh.erb
template. Add an entry to install the cla.html file.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Add the contactstore_appsec and
contactstore_pubkey variables so they can be filled in by hiera.
Override the war to pull in the g69c8fa6 test build which has the
aforementioned CLA bits restored. Turn on contactstore and set
contactstore_url to point to an existing test CGI on the Internet until
the Foundation has theirs ready. Pass contactstore_appsec and
contactstore_pubkey through up into gerrit.pp. Add an entry for the
set_agreements.sh script built from the gerrit_set_agreements.sh.erb
template and then execute it to add the new CLA to Gerrit's DB and mark
the old one expired. Similar changes should be made in review.pp before
going into production.
* modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New
template used to build a set_agreements.sh script which checks Gerrit's
database and, if necessary, expires the old Echosign CLA and adds the
new local CLA. These conditions are checked and associated operations
performed independently, so subsequent runs become a no-op.
Post-migration, this can probably be neutered further and kept around
for pushing future CLA modifications into the database when needed.
Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026
Reviewed-on: https://review.openstack.org/13058
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: I20aa549cf87f24d13d302fc219df84727c9fba10
Reviewed-on: https://review.openstack.org/11041
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
With these applied, initial install actually works 100% through.
Change-Id: I6587a537beb5703bf11783f3df79278ea1c7aca5
Reviewed-on: https://review.openstack.org/10718
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: Iff55f35c0d9888f1029115c17d4644a68d4e8b4c
Reviewed-on: https://review.openstack.org/10727
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
If replicate_local is set, this will ensure that /var/lib/git is created,
and that projects listed in the projects.config have repos there.
Additionally, it creates a new config file, projects.config which is a
yaml file listing all of the projects and various operational semantics about
them, such as whether or not they should have pull requests closed and whether
or not they track any remotes. This replaces remotes.config and github.config.
Moving forward, there is no reason to not have this script be able to
do github api calls to create the github repo if it's not there, set the
github project description, gerrit api calls to create the project in gerrit,
and initial project permissions templates.
Change-Id: I1ad803b0aa5f7386206d0c3f4cd858017242fe64
Also, moved depends for launchpad sync script to the launchpad sync
module, and put the ntp stuff into an ntp module.
Change-Id: I2568752493fefa305f9108a23da101d80a311552
Variable interpolation needs <%= not just <%. :)
Also, while I was in there, I replaced default with "oneiric",
because I don't actually know that the value is a good default value,
and I removed a couple of comments about moving to MySQL and Apache
modules from upstream.
Change-Id: Iec5b10cee2cbd0e0a2573fefa707d34d2a363cb4
Launchpad integration and the OpenStack branding files are really
more about the OpenStack specific install of Gerrit than they are
about any installation of gerrit. Both of these are moved to the
openstack_project module.
Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
TODO: Add another script that sets the project description. Add the project
description to the config hash.
Change-Id: If4584b2a1e55e6eb912e1f557e31de216d49a516
Fixes bug #1020987
Update GerritBot with the ability to talk on multiple channels. This
way a single GerritBot instance can operate in multiple channels for
multiple projects. To make this work this change introduces a new
channel configuration file (yaml) for GerritBot that specifies each
channel that GerritBot should join and the changes that channel is
interested in.
The config should look something like:
channel-foo:
events:
- patchset-created
- change-merged
projects:
- test/bar
- test/foo
branches:
- master
Change-Id: I8e278f9be5182611981a3d912cc323bd3d386fc5
Fixes bug #1012310
Github disabled v1 and v2 of their API permanently, forcing us to
update the script that closes Github pull requests to v3 of the API.
Update the script using the PyGithub lib.
Change-Id: I90c9faacdb7a72a470b8ad6aaea674edd9b8329e
Stop using latest for packages installed by puppet. This way,
all system packages get updated, not just some random ones.
The unattended-upgrades config will email root. It is configured
for openstack servers and jenkins slaves, but not template hosts
so that it doesn't interfere with spin-up.
Also, fix some bits in the gerrit module that were causing
continuous restarts on gerrit-dev.
Install emacs.
Change-Id: I51c9083ccd3669f284fce4b50c36a37a0cac92d8
Increase the heap size and dramatically increase the ssh threads.
Add some more recommended parameters (see site manifest for details).
Parameterize tunables in gerrit config file.
Change-Id: Ia6446b29426f56a77425eed93a7f0e448c3cd7b1
Not all gerrit installations are configured the same. This adds parameters
to the gerrit sync script and expire script so that it can work from the
command line and cron on all servers.
Fixes bug #994201
Change-Id: Iac37e18aaf7a10fb5594be233e33b000eabed336
Fixes bug 951600.
The update_gerrit_users.py script creates a database backup
everytime it runs. This change compresses the backups as they
are being made and adds a cron job that will remove backups that
are 30 days or older. Current backups will need to be manually
compressed.
Change-Id: Idb90d4af629892f1bc2e3e98f35f7de2ad58d4be
Take the things from openstack-ci/gerrit and move them directly
in to the puppet module. Install them using the model we're using
for the jenkins slave scripts.
Change-Id: I420b2b895bd57d40232b2cdda437617373a82890
Match what gerrit init creates; otherwise, gerrit init will
delete and recreate the secure config file, losing the database
password in the process.
Change-Id: Ic1632fe3b24a0e4498b2415029e8a1db0fd1dfe2
Upgrade gerrit to 2.3.0.
Add management of the apache virtualhost.
Remove gerrit body styling (including the javascript hack) in favor
of using the gerrit theme config options for body styling. Keep header
and top menu changes. This should make it easier to keep up with new
gerrit versions without chasing weird GWT changes.
Add management of the gerrit init script.
Add management of MySQL.
Add installation and upgrading of Gerrit.
Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
Moving the cron executed gerrit scripts into the puppet module. This is for two reasons:
1. Easier/faster to deploy/maintain than having a cron job for a separate git repo
2. We can add customisations required for review-dev and stackforge
Change-Id: Iaf44e1d57d6ee6ea282575b1b48261f4ccbbaf3f
* Adds stylesheet, header and images to make gerrit look more like an Openstack thing
* Adds Javascript hack that the CSS detects so we don't ruin the style of the patch pages
* Adds both openstack and stackforge logo
* Also adds stackforge logo to stackforge Jenkins
Change-Id: Ic541443fb706ab119a9d47f474bcad2bf8e9907e
