Commit Graph

215 Commits

Author SHA1 Message Date
Khai Do
a10c852628 Add Gerrit tracking id for storyboard
This change will allow users to query Gerrit for a Storyboard story
using search string 'tr:<tracking id>' or 'story:<tracking id>'. For example
you can do a query in gerrit for 'story:2000070'.

feature reference:
https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#trackingid

Change-Id: Ie6c70bd02e40a6ac3a70c9fa5a0efe33a3e8e7cb
2014-12-09 14:34:44 -08:00
Anita Kuno
864d6a4e89 Rename config => system-config in gerrit/templates
We are renaming openstack-infra/config to
openstack-infra/system-config. This patch edits the paths
in the gerrit/templates files.

Change-Id: I9913c6e0c73f614b8fc07a8a17a3fafe5110aebc
2014-10-17 15:05:10 -04:00
Timothy Chavez
47db7ea292 Use the SSLProtocol blacklist approach
It turns out that specifying the ciphers we want to use leads to
breakage.  So instead we'll explicitly tell Apache which ciphers
we don't want to use.

Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
2014-10-16 11:41:04 -05:00
Clark Boylan
e347a71153 Use only TLSv1 and greater to depoodle
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.

Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
2014-10-14 17:07:06 -07:00
Jenkins
ca82fac6ec Merge "Fixing deprecation warnings in gerrit module" 2014-09-12 15:36:34 +00:00
Spencer Krum
b97a43f14a Fixing deprecation warnings in gerrit module
Change-Id: Ie19d47eb4e02d86e8eaef7541321fb42eb546ad9
2014-07-16 00:09:52 -07:00
Khai Do
583be07992 puppetize installation of gerrit third party plugins
This change automates the installation of gerrit third party plugins.  This
does not include core plugins, which have already been automated.  The first
third party plugin that we automate is the javamelody plugin.

Change-Id: I163353c2e9d59e4815b4544f983b54d68ede70a8
2014-07-08 21:27:15 -07:00
James E. Blair
f52d2eb2b6 Revert "Fixing deprecation warnings"
This reverts commit 82b9b59522.

Change-Id: I746d7ae57802dc76618db9024a0cf94c43774c02
2014-07-02 17:35:02 +00:00
Spencer Krum
82b9b59522 Fixing deprecation warnings
Non instance variable representation is deprecated
so needs to be changed. This change changes varibles
to their instance variable representation.

See more details see:
http://docs.puppetlabs.com/guides/templating.html

Change-Id: Ib77827e01011ef6c0380c9ec7a9d147eafd8ce2f
2014-06-19 22:41:42 -07:00
Jeremy Stanley
e7eae0b4d2 Disable Gerrit auto-abandon
With the advent of ACL-controlled abandon and restore capability in
more recent Gerrit releases, we can now put this power in the hands
of core reviewers for individual projects and should no longer need
to rely on hacky system-wide automated rules to abandon stale
changes.

Change-Id: I85c8ebc548df8328437615bca472eddd4fc0375f
2014-05-30 20:38:23 +00:00
Jenkins
ab3d3e3fb5 Merge "Configure direct download of files to browser" 2014-05-22 13:44:51 +00:00
Khai Do
009aad7715 Configure direct download of files to browser
Gerrit by default wraps all file downloads in zipped archive. This
can be overridden using the mimetype setting[1]. This change allows
downloading of xml, yaml, rst, html, and txt files without being
wrapped inside of a zipped archives.

[1] https://review.openstack.org/Documentation/config-gerrit.html

Change-Id: I47563de12a2bc8c8a3755fa777abf029cc4e0c28
2014-05-22 13:26:44 +00:00
Jenkins
84264398b5 Merge "Add configuration option to disable top level menu for javamelody plugin" 2014-05-20 18:34:39 +00:00
Jenkins
1412a54c10 Merge "Fix gerrit database backups" 2014-05-07 16:24:16 +00:00
David Ostrovsky
4d312a5957 Add configuration option to disable top level menu for javamelody plugin
Change-Id: I696db6a16b1ba57000951186367501c376f321de
2014-05-07 09:05:33 +02:00
Sergey Lukjanov
904821c27b Display images in reviews
Due to the gerrit release notes it's support starting from 2.0.17:

GERRIT-139 Allow mimetype.NAME.safe to enable viewing files

https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#mimetype

Change-Id: I28329d82cdbefb838748f4cf91ca79c83bd93e73
2014-05-05 13:18:22 -07:00
Monty Taylor
470c3e45fa Fix gerrit database backups
The gerrit database is now remote, or at least we have a hostname
for it, so we should use the backup_remote class. Also, we don't
make the dbbackups files anymore, so stop trying to compress them.

Change-Id: Iddbaaef9b9fd089f074abeeb988f7cd052c80d25
2014-05-02 15:21:40 -07:00
James E. Blair
d51658cc18 Enable run-as in gerrit
This just makes the option available.  Actually controlled by ACL.

Change-Id: I3c6f853fa30c69397b0639069d6c38fcd869b469
2014-04-28 17:41:59 -07:00
David Ostrovsky
aa86bee7f3 Gerrit-2.8: Add secondary index support
This rebuilds secondary indexes on gerrit initial-init and init. They
are optional in gerrit 2.8, and mandatory in gerrit 2.9.

A few common strings are refactored into variables to make this more
concise, and less likely to get fat fingered. If desired, further
symbolic refactoring can be done here as well.

Question remains if we need to make this 2.8 conditional, and how we
can get access to the gerrit revision in this part of puppet.

Partial-Bug: #1082781
Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
2014-04-28 15:42:09 +00:00
Jenkins
f01a0dfe50 Merge "Move local git replica on review to /opt" 2014-04-24 18:17:10 +00:00
Jenkins
bcb8054c98 Merge "Gerrit: Ensure /opt/lib exists if used" 2014-04-24 17:32:36 +00:00
James E. Blair
36b0b78550 Gerrit: Ensure /opt/lib exists if used
/opt/lib/git is about to become the new default path for the local
replica.  If it is used, we should make sure /opt/lib exists.

Change-Id: I4accdfefce9ef4f98c435c11f08fded1481e3ee6
2014-04-24 16:58:24 +00:00
Jenkins
9a87145d28 Merge "Make gerrit git replica and jeepyb paths configurable" 2014-04-24 16:39:20 +00:00
James E. Blair
3f92f797e1 Move local git replica on review to /opt
Merge after it has been created there manually to avoid downtime.
Will require a gerrit restart to pick up the replication change.

Change-Id: I6b55d16d731725548b8da46f5438e296b6dc6485
2014-04-24 09:01:19 -07:00
James E. Blair
3c2948637a Make gerrit git replica and jeepyb paths configurable
* Gerrit: make the path to the local replica configurable
  (default to /var/lib/git)
* Set the local replica path on review-dev to /opt/lib/git
* Gerrit: make the jeepyb cache dir configurable
  (default to /opt/lib/jeepyb)

Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
2014-04-24 08:57:57 -07:00
David Ostrovsky
25546d376e Gerrit-2.8: Allow encoded path separators in URLs
Partial-Bug: #1082781
Change-Id: Ib446a3332a3ff289cd9f6464009ce5f7416309eb
2014-04-24 07:56:52 -07:00
James E. Blair
c7e13b87f1 Remove require mysql::db from gerrit init
We don't use it anymore so it's difficult to require it.

Apr 23 19:20:26 review puppet-agent[3736]: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: Exec[gerr
it-initial-init] { require => Mysql::Db[reviewdb] }, because Mysql::Db[reviewdb] doesn't seem to be in the catalog

Change-Id: Id4b69be61351274512e7784594b391e5fab2a482
2014-04-23 12:29:16 -07:00
James E. Blair
0c5b2fad15 Support configurable mysql host in gerrit
In further support of using a trove db, remove the gerrit::mysql
module from review-dev.  Plumb mysql_host throughout and remove
the no longer necessary mysql_root_password.  Configure review-dev
to use mysql_host from hiera, but configure review to use
'localhost'.

Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
2014-04-23 10:31:37 -07:00
Jenkins
e9cee8a9e1 Merge "Remove unused parameter" 2014-04-21 23:33:34 +00:00
Monty Taylor
566e936d98 Stop trying to start gerrit every time
We only want to start it when we've installed or upgraded.
The initial-init and init are designed to either one of them run,
one if there is no init script (initial install) the other if there
is (upgrade). The things they trigger should only run in response
to those actions.

Change-Id: I3bcaaed07bcf6239e053789b9b6241cbf652e7d4
2014-04-18 15:34:27 -07:00
K Jonathan Harker
07b718284a Remove unused parameter
The replication_targets parameter doesn't appear to be used anywhere,
let's get rid of it to avoid confusion.

Change-Id: I25fdb9d5e99b3876e6a363e5f967f22f8674b7c6
2014-04-17 13:29:26 -07:00
Spencer Krum
3e68f2feeb Fix deprecation warnings in gerrit module
Change-Id: If62fcbddaf723eb1190c2d20640d234f9594825c
2014-03-23 09:20:08 -07:00
Monty Taylor
69cedaa802 Make the plugins dir so that we can put stuff in it
The plugin extraction depends on a plugins dir - but nothing makes
said dir. Make the dir.

Change-Id: I96d20140b1872cec3b1fc38a579e970596bc7e53
2014-02-22 22:04:30 -08:00
Khai Do
75cee29cd6 install gerrit core plugins
This change configures puppet to install core plugins which are packaged with
the released gerrit.war file.  The method to install the plugins is to just extract
them from the war file and place them into review_site/plugins folder.  This method seemed
easier than using the 'init --install-plugin' option because the --install-plugin
option requires listing every plugin by name.

Change-Id: I08335f970cee9e88d41c3695fccb370d05d1a4d1
2014-02-14 12:42:35 -08:00
Monty Taylor
51949062fb Add replication key for gerrit from hiera
The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound
ssh-based replication is currently just kinda there by hand. Add management
of the files there.

Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522
Closes-Bug: 1209464
2014-02-09 21:13:31 +00:00
Aaron Greengrass
9315d1465e Expands ldap to deal with nonstandard ldap configs.
This patch addresses:

LDAP not requiring username or password (anonymous bind)
  This is required to support configurations where LDAP is on a secure network,
  and anonymous bind is enabled.

LDAP using a self signed SSL cert (verify ssl on or off)
  This is required to support configurations where LDAP requires SSL, but ssl is
  using an internal or self signed certificate, and therefore fails cert checks.
  This also covers testing conditions where a consumer might use OS with LDAP+ssl
  unsigned.

LDAP using a nonstandard cn naming convention (ie email address).
  This is required to deal with an edge case where 'cn' in ldap might be something
  other than a bare username.  Gerrit pulls the ssh username from that value and
  will not accept a non-alphanumeric address.  By setting 'accountSshUserName' in
  puppet, that is setable.

LDAP prepopulating account Full name.
  Gerrit has a configuration option to pull Full Name from LDAP, this change exposes
  that option.

Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58
2013-12-30 13:04:39 -08:00
Jenkins
18046377e2 Merge "Puppet the Gerrit bcprov and mysql-connector deps" 2013-12-15 17:54:32 +00:00
Khai Do
7cc5bae713 log output when installing and upgrading gerrit
It would be good to keep the command output and exit code when installing or
upgrading gerrit in case it doesn't work.

Change-Id: Ia93001706b4ea509797419b74716c23db47aaed1
2013-12-09 22:26:41 +00:00
Jenkins
f5888c74ca Merge "Remove explicit depends on transitive pip deps" 2013-12-02 00:37:31 +00:00
Monty Taylor
69cdb6a449 Update projects.yaml for new upstream tracking
jeepyb gets a new upstream tracking syntax in
https://review.openstack.org/#/c/35535/

Switch to use it.

The new syntax will operate via git push, so that changes to upstream
can trigger zuul events.

Change-Id: Ideca999aca0e8583cce9a1227089243216175158
2013-11-26 01:29:05 +00:00
Jenkins
aac5fe4e86 Merge "Pass $mysql_password through to gerrit class" 2013-11-25 19:36:18 +00:00
Monty Taylor
c53349587b Use scope::lookupvar for explicit search
Scoping rules mean that we need to be explicit here or else puppet finds
the wrong thing. Also, puppet needs a trailing slash.

Change-Id: Ifc2f03dbf1dd746515e00ded5d76fe7393ce6c7e
2013-11-24 15:07:20 -05:00
Jenkins
b5c69b56f3 Merge "Make the gitweb links in gerrit point to git.o.o" 2013-11-24 19:39:32 +00:00
Hunter Haugen
771adedbd4 Pass $mysql_password through to gerrit class
The `$mysql_password` variable is used by the `secure.config.erb`
template in the gerrit class, but is not passed from
openstack_project::review -> openstack_project::gerrit -> gerrit.
Instead it uses dynamic scopeing to find the variable and won't work in
Puppet 3. This adds the full parameter passing for Puppet 3.

This commit also adds "Template uses" comments immediately preceding
resources declarations which use a `template()` function to describe all
variables used by the gerrit templates. This greatly helps with
debugging issues such as this.

Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
2013-11-18 10:42:05 -08:00
Monty Taylor
5c6e8de554 Remove explicit depends on transitive pip deps
These things were listed before we had jeepyb as its own things
(gerritlib in gerrit) and before jeepyb has pbr/requirements.txt
as it does now. With the move to pip install -U . in /opt/jeepyb,
there is no need to also ask puppet to manage these.

Change-Id: I7b521d03b3df8c0bde37586748769f160e615d31
2013-11-08 11:01:53 +13:00
Jenkins
22e07fc8e6 Merge "decouple mysql setup from gerrit module" 2013-10-26 13:42:23 +00:00
Monty Taylor
af78ec85cc Make the gitweb links in gerrit point to git.o.o
Gerrit has builtin support for cgit links. Use it - but test it out on
review-dev first.

Change-Id: I8ea38e08258cdc8eb95e2fc3c1da5a4dc8faee57
2013-10-19 10:48:51 -04:00
Jenkins
c164abc879 Merge "Upgrade puppetlabs-mysql to 0.6.1." 2013-10-12 20:57:34 +00:00
Jenkins
41a0740cf7 Merge "Remove ::1 mysql root user." 2013-10-12 20:56:12 +00:00
Jenkins
b75bb2c65a Merge "Remove launchpad_sync module" 2013-10-12 20:22:30 +00:00