This change will allow users to query Gerrit for a Storyboard story
using search string 'tr:<tracking id>' or 'story:<tracking id>'. For example
you can do a query in gerrit for 'story:2000070'.
feature reference:
https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#trackingid
Change-Id: Ie6c70bd02e40a6ac3a70c9fa5a0efe33a3e8e7cb
We are renaming openstack-infra/config to
openstack-infra/system-config. This patch edits the paths
in the gerrit/templates files.
Change-Id: I9913c6e0c73f614b8fc07a8a17a3fafe5110aebc
It turns out that specifying the ciphers we want to use leads to
breakage. So instead we'll explicitly tell Apache which ciphers
we don't want to use.
Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.
Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
This change automates the installation of gerrit third party plugins. This
does not include core plugins, which have already been automated. The first
third party plugin that we automate is the javamelody plugin.
Change-Id: I163353c2e9d59e4815b4544f983b54d68ede70a8
Non instance variable representation is deprecated
so needs to be changed. This change changes varibles
to their instance variable representation.
See more details see:
http://docs.puppetlabs.com/guides/templating.html
Change-Id: Ib77827e01011ef6c0380c9ec7a9d147eafd8ce2f
With the advent of ACL-controlled abandon and restore capability in
more recent Gerrit releases, we can now put this power in the hands
of core reviewers for individual projects and should no longer need
to rely on hacky system-wide automated rules to abandon stale
changes.
Change-Id: I85c8ebc548df8328437615bca472eddd4fc0375f
Gerrit by default wraps all file downloads in zipped archive. This
can be overridden using the mimetype setting[1]. This change allows
downloading of xml, yaml, rst, html, and txt files without being
wrapped inside of a zipped archives.
[1] https://review.openstack.org/Documentation/config-gerrit.html
Change-Id: I47563de12a2bc8c8a3755fa777abf029cc4e0c28
The gerrit database is now remote, or at least we have a hostname
for it, so we should use the backup_remote class. Also, we don't
make the dbbackups files anymore, so stop trying to compress them.
Change-Id: Iddbaaef9b9fd089f074abeeb988f7cd052c80d25
This rebuilds secondary indexes on gerrit initial-init and init. They
are optional in gerrit 2.8, and mandatory in gerrit 2.9.
A few common strings are refactored into variables to make this more
concise, and less likely to get fat fingered. If desired, further
symbolic refactoring can be done here as well.
Question remains if we need to make this 2.8 conditional, and how we
can get access to the gerrit revision in this part of puppet.
Partial-Bug: #1082781
Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
/opt/lib/git is about to become the new default path for the local
replica. If it is used, we should make sure /opt/lib exists.
Change-Id: I4accdfefce9ef4f98c435c11f08fded1481e3ee6
Merge after it has been created there manually to avoid downtime.
Will require a gerrit restart to pick up the replication change.
Change-Id: I6b55d16d731725548b8da46f5438e296b6dc6485
* Gerrit: make the path to the local replica configurable
(default to /var/lib/git)
* Set the local replica path on review-dev to /opt/lib/git
* Gerrit: make the jeepyb cache dir configurable
(default to /opt/lib/jeepyb)
Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
We don't use it anymore so it's difficult to require it.
Apr 23 19:20:26 review puppet-agent[3736]: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: Exec[gerr
it-initial-init] { require => Mysql::Db[reviewdb] }, because Mysql::Db[reviewdb] doesn't seem to be in the catalog
Change-Id: Id4b69be61351274512e7784594b391e5fab2a482
In further support of using a trove db, remove the gerrit::mysql
module from review-dev. Plumb mysql_host throughout and remove
the no longer necessary mysql_root_password. Configure review-dev
to use mysql_host from hiera, but configure review to use
'localhost'.
Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
We only want to start it when we've installed or upgraded.
The initial-init and init are designed to either one of them run,
one if there is no init script (initial install) the other if there
is (upgrade). The things they trigger should only run in response
to those actions.
Change-Id: I3bcaaed07bcf6239e053789b9b6241cbf652e7d4
The replication_targets parameter doesn't appear to be used anywhere,
let's get rid of it to avoid confusion.
Change-Id: I25fdb9d5e99b3876e6a363e5f967f22f8674b7c6
This change configures puppet to install core plugins which are packaged with
the released gerrit.war file. The method to install the plugins is to just extract
them from the war file and place them into review_site/plugins folder. This method seemed
easier than using the 'init --install-plugin' option because the --install-plugin
option requires listing every plugin by name.
Change-Id: I08335f970cee9e88d41c3695fccb370d05d1a4d1
The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound
ssh-based replication is currently just kinda there by hand. Add management
of the files there.
Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522
Closes-Bug: 1209464
This patch addresses:
LDAP not requiring username or password (anonymous bind)
This is required to support configurations where LDAP is on a secure network,
and anonymous bind is enabled.
LDAP using a self signed SSL cert (verify ssl on or off)
This is required to support configurations where LDAP requires SSL, but ssl is
using an internal or self signed certificate, and therefore fails cert checks.
This also covers testing conditions where a consumer might use OS with LDAP+ssl
unsigned.
LDAP using a nonstandard cn naming convention (ie email address).
This is required to deal with an edge case where 'cn' in ldap might be something
other than a bare username. Gerrit pulls the ssh username from that value and
will not accept a non-alphanumeric address. By setting 'accountSshUserName' in
puppet, that is setable.
LDAP prepopulating account Full name.
Gerrit has a configuration option to pull Full Name from LDAP, this change exposes
that option.
Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58
It would be good to keep the command output and exit code when installing or
upgrading gerrit in case it doesn't work.
Change-Id: Ia93001706b4ea509797419b74716c23db47aaed1
jeepyb gets a new upstream tracking syntax in
https://review.openstack.org/#/c/35535/
Switch to use it.
The new syntax will operate via git push, so that changes to upstream
can trigger zuul events.
Change-Id: Ideca999aca0e8583cce9a1227089243216175158
Scoping rules mean that we need to be explicit here or else puppet finds
the wrong thing. Also, puppet needs a trailing slash.
Change-Id: Ifc2f03dbf1dd746515e00ded5d76fe7393ce6c7e
The `$mysql_password` variable is used by the `secure.config.erb`
template in the gerrit class, but is not passed from
openstack_project::review -> openstack_project::gerrit -> gerrit.
Instead it uses dynamic scopeing to find the variable and won't work in
Puppet 3. This adds the full parameter passing for Puppet 3.
This commit also adds "Template uses" comments immediately preceding
resources declarations which use a `template()` function to describe all
variables used by the gerrit templates. This greatly helps with
debugging issues such as this.
Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
These things were listed before we had jeepyb as its own things
(gerritlib in gerrit) and before jeepyb has pbr/requirements.txt
as it does now. With the move to pip install -U . in /opt/jeepyb,
there is no need to also ask puppet to manage these.
Change-Id: I7b521d03b3df8c0bde37586748769f160e615d31