Commit Graph

215 Commits

Author SHA1 Message Date
Jeremy Stanley
3fe38a8635 Puppet the Gerrit bcprov and mysql-connector deps
* modules/gerrit/manifests/init.pp: The gerrit installer adds
jarfiles for bcprov and mysql-connector into its lib directory, but
puppet needs to know how to add them itself.

Change-Id: Id61260d0d28f1aadf85dc8604688b0131cddf682
2013-10-12 16:06:37 -04:00
Clark Boylan
9a30d3a309 Upgrade puppetlabs-mysql to 0.6.1.
Puppetlabs-mysql 0.6.1 correctly removes the local ::1 root user in the
account_security manifest. Upgrade to this version to take advantage of
that. Do not upgrade to latest version (0.9.0) to minimize delta that
needs testing.

Change-Id: Ic8265733f1159f34ae0afcccdea4c7d8cd44e3cb
2013-10-12 17:37:24 +00:00
Clark Boylan
0adc30f151 Remove ::1 mysql root user.
The version of puppetlabs-mysql that we use does not remove the local
::1 root user from the mysqld. Explicitly remove this user.

Change-Id: I626fcc77c75a29d3f3cab57217b714e68a30b468
2013-10-12 17:32:09 +00:00
Monty Taylor
4f5192e0a6 Un-Revert "Make gerrit email server configurable"
This time, make the default value false instead of empty string.

This reverts commit 99d3283dc2

Change-Id: I88108ff75f1c2bd3aa78856c186312340258ec3c
2013-10-12 17:10:03 +00:00
Monty Taylor
54d0db2fea Parameterize server OpenStack-isms
Make it possible to configure with LDAP or OPENID_SSO.
Also, it's possible to not want to need CLAs.

Change-Id: Ie6660c819f4078dd4dd5be052e74aaa98c54cab4
2013-10-12 17:01:48 +00:00
Monty Taylor
647a446d8f Remove launchpad_sync module
We do not sync from Launchpad any longer.

Change-Id: I414436278953347b65dfb5bfc394d067fbff307d
2013-10-09 11:55:05 -04:00
James E. Blair
99d3283dc2 Revert "Make gerrit email server configurable"
This reverts commit 040073e746
2013-10-08 22:08:13 +00:00
Monty Taylor
040073e746 Make gerrit email server configurable
Sometimes people need to send mail through a smarthost. Allow that.

Change-Id: I66ff43a3ca4fce63500755d16be3aa891d55bc75
2013-10-06 15:05:20 -04:00
Khai Do
6a2e31da4b decouple mysql setup from gerrit module
This commit moves the MySQL configuration from the gerrit puppet
module into a seperate mysql puppet module.  The purpose of
this change is to allow us to more easily customise gerrit's
mysql configuration for each instance of gerrit that we deploy..

Partial-Bug: 1083101
Change-Id: Ibcc31b3fce8af54229fd4de69a49842ac1c428ae
2013-10-03 10:58:15 -07:00
Jenkins
d78e4e6acc Merge "Use cgit server instead of github for everything" 2013-08-23 17:01:32 +00:00
Monty Taylor
258abe1a23 Use cgit server instead of github for everything
We have a cgit server now, which means we should replace
all references to github with references to git.openstack.org.

Change-Id: I68ad1ce514fb4326c7d9940b5a84999af5b58562
2013-08-19 10:19:47 -07:00
James E. Blair
b93eb82cad Add testresult commentlink
Will take effect when Zuul is running this change:
  I74702fd7d37358e6f4caa7e7ac0a3ede73184077

This change also adds that feature to the Zuul config and enables
it for OpenStack.  It also adds the ability to specify HTML in a
commentlink (and uses it).

Change-Id: Idb4ad8e6079165d681271987a92cab5d8b7c81be
2013-08-18 12:43:15 -07:00
Elizabeth Krumbach
1ae208113d Add replication of git from gerrit to git.o.o
Modify gerrit's git replication configuration so that it
pulls in from a list of replication targets defined in
puppet rather than individually added stanzas.

Pull the replicate_github variable from files, since it
is no longer required.

The replicate_local variable remains because it's used
in the apache configuration and for setup of the local
replication space for git.

Also add the cgit server to the list of servers.

Change-Id: I68de89bb216565f1754eb9b192bd437adcbf768b
2013-08-07 18:17:47 -07:00
Clark Boylan
6e8e2ae655 Use OpenJDK 7 instead of OpenJDK 6 with Gerrit.
Oracle has EOLed Java 6. While OpenJDK 6 is still supported, development
on it has slowed. Upgrade to OpenJDK 7 and run Gerrit on this newer
platform.

Change-Id: Id5867a0269bc6af3e7f6214112e91c8848ffbbe4
2013-07-17 08:53:25 -07:00
Monty Taylor
499ee08c94 Add support for parameterized gerrit ports.
Actually, it's support for parameterized listen_address, but the
real thing you want it for is setting the port.

Change-Id: If75fedce32f35a8f72c92fc709d5c9e8b2d35235
Reviewed-on: https://review.openstack.org/33925
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2013-06-26 14:25:47 +00:00
James E. Blair
afa87385cc Add robots.txt to gerrit.
And slow down bing (msnbot).

Change-Id: Id8361047abc2cfb52260b3d0ef01275ec3a923f5
Reviewed-on: https://review.openstack.org/32435
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com>
Reviewed-by: Anita Kuno <anita.kuno@enovance.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2013-06-10 20:21:16 +00:00
Endre Karlson
a9b163ded9 Missing variable
Change-Id: If87b0242c9203175335842832d13ebc6dfec2950
Reviewed-on: https://review.openstack.org/25119
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2013-03-22 16:53:33 +00:00
Jeremy Stanley
6bc14d0032 Don't proxy Gerrit's fake contactstore.
* modules/gerrit/templates/gerrit.vhost.erb: If the contactstore
feature is enabled, don't shadow the URL to the fakestore CGI with
the Gerrit loopback proxy.

Change-Id: Ic6d01d671b762370b91f732c1a980051cdb5f6c2
Reviewed-on: https://review.openstack.org/20053
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2013-01-19 02:39:50 +00:00
Jeremy Stanley
fe35df9605 Add a fake contactstore CGI.
This is useful for testing Gerrit's contactstore features if you
don't have a real contact store server set up already.

* modules/gerrit/files/fakestore.cgi: An extremely trivial shell
script which returns the content Gerrit expects from a successful
submission to a contactstore server. Note this does not check the
application security key or store any of the post variables--it is
simply a black hole for contact updates.

* modules/gerrit/manifests/init.pp: If the contactstore feature is
enabled in Gerrit, install the fakestore.cgi script so it can be
available for testing.

* modules/gerrit/templates/gerrit.vhost.erb: If the contactstore
feature is enabled, ScriptAlias the /fakestore URL to the
fakestore.cgi script.

Change-Id: Ifa0f80bab9e8b8e207f0ffd83f01c8a3d904618e
Reviewed-on: https://review.openstack.org/19939
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2013-01-18 20:11:32 +00:00
Monty Taylor
74460853d1 Rename CI to Infra in MANY MANY places.
Change-Id: I409bd50ae374e0288531f07cfeea34856c5f8067
Reviewed-on: https://review.openstack.org/17319
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: James E. Blair <corvus@inaugust.com>
2012-12-16 17:30:47 +00:00
James E. Blair
3425cb3762 Use the mysql class to get python-mysql.
Change-Id: I6d6addc2bc0e28b289726cddd6626669dbec1e17
Reviewed-on: https://review.openstack.org/17292
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-12-02 16:42:49 +00:00
Paul Belanger
a7ce7fd02e Additional puppet-lint formatting
Change-Id: I6e5fa77a301eec30cff8e16bad33a91bfd95b13f
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/17176
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2012-11-30 20:56:32 +00:00
Monty Taylor
52db16762b Consume jeepyb.
Instead of keeping many of these files directly in the tree, use them
from the out-of-tree jeepyb project, which makes them easier to consume
for other people who are not us.

Change-Id: Id704f2e17dd80709ef63cbbf2c5475a08a835f91
Reviewed-on: https://review.openstack.org/16777
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-11-30 18:02:30 +00:00
James E. Blair
b9509a038e Remove blueprint diversion to openstack-ci.
The blueprint script used openstack-ci instead of the actual project
for any non-openstack/ project.  This is counter-productive now that
we have more than one org in gerrit.

Change-Id: Id06fdd89751a62c6da400adefcc84791a030d1b8
Reviewed-on: https://review.openstack.org/16994
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-11-27 20:28:25 +00:00
Matthew Wagoner
5812510ea7 Clean up of minor puppet-lint warnings.
Mostly documentation and parameterised class parameter complaints.

Change-Id: Idbfd348a5befb041ce6eb36f9c6b195fc0c6799f
Reviewed-on: https://review.openstack.org/16685
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-11-23 21:41:37 +00:00
Clark Boylan
e6d25c33c9 Change diff command used by manage_projects.py.
manage_projects.py was running `git diff-index --quiet HEAD --`
previously to check if project.config had changed. This apparently
returns an exit code of 1 in some cases where a diff was not expected.
Switch to using `git diff --quiet HEAD` to check if any differences are
found. This appears to be more reliable in some manual testing.

Change-Id: I253423e41f80d71a5f2389bfc421e799f00f6fd9
Reviewed-on: https://review.openstack.org/16236
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-11-17 01:32:19 +00:00
Clark Boylan
65e61f5fb8 Add security impact email notifications.
Fixes bug #1070577

Make the notify_impact script generic so that it can handle different
types of notifications. Then add a SecurityImpact notification.

Change-Id: Id4bbf7db29e36dde783328e31685079e79d0b1e9
Reviewed-on: https://review.openstack.org/14856
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2012-11-16 18:13:21 +00:00
Thierry Carrez
1f50d5391b Do not reopen closed bugs due to bug mentions
Do not let update_bug.py reopen a FixCommitted or FixReleased bug just
because the bug number was mentioned in a commit message. In most cases
that mention is just a simple reference to a closed bug. In the rare
cases the committer actually wanted to reopen a closed bug, he should
rather have open a specific bug about it anyway.

Fixes bug 1078745

Change-Id: I513e6fc73d6bab02de21628e55a5d28189834632
Reviewed-on: https://review.openstack.org/16080
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-11-16 16:08:48 +00:00
Monty Taylor
be0fcea382 Push everything - not just master.
Change-Id: If10bd25e71f321a7b3ea1cbbe42ab5ec764d62b0
Reviewed-on: https://review.openstack.org/16215
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-11-15 19:38:51 +00:00
Clark Boylan
99a160120d Fix fetch remotes script post projects.yaml update
The format of the projects.yaml file has been updated and
fetch_remotes.py could not parse it. Correct this by making
fetch_remotes.py aware of the format changes.

Change-Id: Ic0680d02c0e9ce31aae805ac2495957f106acb0a
Reviewed-on: https://review.openstack.org/16098
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-11-15 17:06:16 +00:00
Clark Boylan
0d5361bb49 Fix manage_projects.py group regex and str format.
manage_projects.py was unable to find groups in the ACL files because it
was looking for lines that began with tabs but we normalized to lines
beginning with 8 spaces. Also the git clone command string formatting
was not correct.

Change-Id: Ib65d7ad0ca3861d61d7557be72a7c6d6d6e21265
Reviewed-on: https://review.openstack.org/16144
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-11-15 14:52:41 +00:00
Clark Boylan
02bc8fe635 Print git output when git push fails.
In the manage_projects.py script print the captured git output when git
push fails.

Change-Id: I77d8b7e926b6b23b4727a1856a79146daa9d6381
Reviewed-on: https://review.openstack.org/16137
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-11-14 23:56:25 +00:00
Clark Boylan
848fefd19a Ignore projects whose org we do not control.
In the manage_projects.py script ignore any project whose Github org we
do not control. Do not create a Github project, gerrit project, or
manage any ACLs.

Change-Id: I0d4595c49ffa7762976a433bf9b16fc6fcaf73e5
Reviewed-on: https://review.openstack.org/16102
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
2012-11-14 18:21:04 +00:00
Clark Boylan
9e4702a3b4 Make manage project commit author consistent.
Set Openstack Project Creator as the commit author for all commits in
the manage_projects.py script.

Change-Id: I994ee0a43e783415d0976143509497a71187b9ab
Reviewed-on: https://review.openstack.org/16094
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-11-14 18:01:18 +00:00
Monty Taylor
d76f051d22 Attempt to more fully manage project creation.
Manage project creation via yaml files. Also,
Modify the manage_projects scripts to configure Gerrit project ACLs.
This change expects the project yaml to exist. The change will clone the
project for the localhost Gerrit install. It will then checkout the
meta/config ref, copy the ACL config file into the repo, commit, and
push to the origin. The ACL config location should be specified in the
projects.yaml file with the acl_config key.

For this to work the ACLs will need to be copied by Puppet from Puppet
to the Gerrit host. Add the file resource to do this as well.

Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4
Reviewed-on: https://review.openstack.org/15352
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-11-14 01:18:23 +00:00
Jeremy Stanley
d1f76c1b99 Undo problematic line continuations and ignore.
* Rakefile: Override line length warnings from puppet-lint with its
disable_80chars option.

* modules/gerrit/manifests/cron.pp, modules/gerrit/manifests/init.pp,
modules/gerrit/manifests/remotes.pp, modules/lodgeit/manifests/site.pp,
modules/openstack_project/manifests/cacti.pp: Undo line continuations on
long strings. These were causing particular problems when attempting to
apply crontab entries.

Change-Id: I417788d7953ee0d2b717349564ee9cc78c0c49c2
Reviewed-on: https://review.openstack.org/15822
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-11-12 18:30:14 +00:00
Monty Taylor
49a29d9428 Reverse the close-pull logic.
We have a huge list of projects with all of them listing "close-pull" as an
option. Turns out we want to close pull requests for all of them - so instead,
let's only indicate 'has-pull-requests' if there is ever a project for whom
we do not want to close pull requests.

Change-Id: I4db31d324b7f260ea24f538ac5f5fc8e1feca75d
Reviewed-on: https://review.openstack.org/15626
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-11-10 23:04:27 +00:00
Clark Boylan
361752170b Add change number to DocImpact email subject.
It is hard to filter the DocImpact emails using the subject as there is
little change specific information added to the subject. Correct this by
adding the change number to the subject line.

Change-Id: I8f852184090a517852d57a2f0db34421f8a7ddb5
Reviewed-on: https://review.openstack.org/15246
Reviewed-by: Anne Gentle <anne@openstack.org>
Reviewed-by: Tom Fifield
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-11-02 16:51:01 +00:00
Matthew Wagoner
dbf0221db6 Cleanup gerrit manifest lint errors.
Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066
Reviewed-on: https://review.openstack.org/14910
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-30 16:35:35 +00:00
Clark Boylan
a14e20e900 Have hiera and puppet manage gerrit ssh:29418 keys
Have hiera and puppet manage gerrits ssh:29418 keys (RSA and DSA). These
keys go in /home/gerrit2/review_site/etc.

Change-Id: If8cb3ec5a2e2c582b7fa6d87c520fc0cb7c2f205
Reviewed-on: https://review.openstack.org/14365
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-11 23:21:01 +00:00
Clark Boylan
16ba76b01d Fix Gerrit MySQL DB.
I hope. The grant parameter appears to want an array so give it one.
Also enforce order by requiring the mysql server and account security
settings in the DB resource.

Change-Id: I2c99c25cb09cb5b68240a5fbd146f47ba8aee410
Reviewed-on: https://review.openstack.org/14320
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-10-11 19:12:40 +00:00
Clark Boylan
3a6437a21b Ensure destination dir for bcpg link is present.
The destination dir for the bcpg link needs to be present before the
link can be made. Add that dir to the gerrit init manifest and require
it in the link file resource.

Change-Id: I462cc96dcd0eafa814e3e3599a96eacc64665bcf
Reviewed-on: https://review.openstack.org/14319
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-11 19:03:09 +00:00
Clark Boylan
09152c2dfd Cleanup gerrit init.pp manifest lint errors.
Change-Id: I68c6cd9b24c93f9f1cc2ba92eceae49b3c38ed36
Reviewed-on: https://review.openstack.org/14176
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-10-10 15:00:14 +00:00
Clark Boylan
0a61d5c434 Set ssl keys group to ssl-cert.
Recent ssl cert management changed the group on the ssl keys to root
from ssl-cert. Change it back.

Change-Id: I6dcbeca364fa9c435aee520248a59f0917cd02a8
Reviewed-on: https://review.openstack.org/14116
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-05 23:24:50 +00:00
Clark Boylan
15e526fb18 Pass review.o.o SSL certs in from Hiera.
Use Hiera to store the review.o.o SSL certs and pass them down to the
gerrit module.

While modifying these files fix indentation and rocket ship alignment
according to puppet lint in the sections touched.

Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315
Reviewed-on: https://review.openstack.org/13975
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-05 22:50:49 +00:00
Thierry Carrez
87a6a8801d Add Tempest to directly-released projects
Add openstack/tempest to the list of projects where commits directly
trigger a Launchpad FixReleased status change.

Fixes bug 1058007

Change-Id: Id5f5033e37d92efc5e790722cde88c040541f72d
Reviewed-on: https://review.openstack.org/13818
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
2012-09-28 16:09:07 +00:00
Jeremy Stanley
ad56ee88c2 Another Gerrit Contact Store fix for review-dev.
* modules/gerrit/manifests/init.pp: The file block for the bcpg.jar
symlink should require the libbcpg-java package rather than the jarfile
it installs.

Change-Id: Icf4356c51425a816aea523f835e8bc7c62055b28
Reviewed-on: https://review.openstack.org/13392
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-09-20 19:24:53 +00:00
Jeremy Stanley
25d4e6f4c9 Enable Gerrit CLA and Contact Store on review-dev.
This replaces the previous Echosign+Launchpad+Wiki+approver-based
asynchronous contributor license agreement signing process with a
fully-automated one contained entirely within Gerrit itself.

Note that the CLA features in Gerrit's WebUI depend on a modified
gerrit.war with an earlier patch reverted:

    https://review.openstack.org/12716

* manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec
and contactstore_pubkey private material from hiera, for use by Gerrit's
contact store feature. Similar entries should be added for
review.openstack.org before going into production.

* modules/gerrit/manifests/init.pp(gerrit): Add contactstore,
contactstore_appsec and contactstore_url variables needed by the
gerrit.config.erb template, and contactstore_pubkey needed by the
contact_information.pub.erb template. Add a conditional block so that if
contactstore is enabled it installs the libbcpg-java package which
Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into
Gerrit's lib directory, and builds contact_information.pub from the
contact_information.pub.erb template.

* modules/gerrit/templates/contact_information.pub.erb: New template
which is effectively an empty file waiting to be filled with the
contents of the contactstore_pubkey variable. The
gerrit_contact_information.pub file built from it gets used to encrypt
contact information filed by users in such a way that it can only be
decrypted by the private key held by the Foundation.

* modules/gerrit/templates/gerrit.config.erb(contactstore): New section,
implemented conditionally for safety. Once enabled, if the
contactstore_appsec and contactstore_url are unset then Gerrit will
refuse to start. If the system referred to by contactstore_url is
unresponsive or contactstore_appsec does not contain the shared secret
it's expecting, contributors will be unable to file initial or updated
contact information through Gerrit's WebUI.

* modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML
copy of http://wiki.openstack.org/CLA retaining all the original
wording. This will probably need updating by OpenStack Foundation staff.

* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Add contactstore, contactstore_appsec,
contactstore_pubkey and contactstore_url variables to pass back into the
gerrit module. Also define the cla_description, cla_file, cla_id and
cla_name variables which get used in the gerrit_set_agreements.sh.erb
template. Add an entry to install the cla.html file.

* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Add the contactstore_appsec and
contactstore_pubkey variables so they can be filled in by hiera.
Override the war to pull in the g69c8fa6 test build which has the
aforementioned CLA bits restored. Turn on contactstore and set
contactstore_url to point to an existing test CGI on the Internet until
the Foundation has theirs ready. Pass contactstore_appsec and
contactstore_pubkey through up into gerrit.pp. Add an entry for the
set_agreements.sh script built from the gerrit_set_agreements.sh.erb
template and then execute it to add the new CLA to Gerrit's DB and mark
the old one expired. Similar changes should be made in review.pp before
going into production.

* modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New
template used to build a set_agreements.sh script which checks Gerrit's
database and, if necessary, expires the old Echosign CLA and adds the
new local CLA. These conditions are checked and associated operations
performed independently, so subsequent runs become a no-op.
Post-migration, this can probably be neutered further and kept around
for pushing future CLA modifications into the database when needed.

Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026
Reviewed-on: https://review.openstack.org/13058
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-09-20 15:15:42 +00:00
Clark Boylan
b0e002d520 Use devel version of LP API.
For consistency use development version of the LP API in the scripts
that query the Launchpad API.

Change-Id: I39b145684563738dd5615d863720ec364c4987c3
Reviewed-on: https://review.openstack.org/11508
Reviewed-by: linuxjedi <andrew@linuxjedi.co.uk>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-08-18 13:58:28 +00:00
Monty Taylor
7d8c838038 Align all web server usage on apache module.
Change-Id: Idd712a8ee5ec81c6b88b7d3e2270dce4da254927
Reviewed-on: https://review.openstack.org/10838
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-08-12 17:03:46 +00:00
Monty Taylor
339f4e115f Use account_security to remove bogus accounts.
Change-Id: I20aa549cf87f24d13d302fc219df84727c9fba10
Reviewed-on: https://review.openstack.org/11041
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-08-10 14:33:17 +00:00
Monty Taylor
f774c793ba Add in final two steps for initial install.
With these applied, initial install actually works 100% through.

Change-Id: I6587a537beb5703bf11783f3df79278ea1c7aca5
Reviewed-on: https://review.openstack.org/10718
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-08-03 23:14:26 +00:00
Monty Taylor
e63619e980 Make gitweb a boolean option.
Change-Id: Iff55f35c0d9888f1029115c17d4644a68d4e8b4c
Reviewed-on: https://review.openstack.org/10727
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-08-03 23:12:38 +00:00
Monty Taylor
892a620737 Have apache honor replicate_local.
Change-Id: I44538a151afda2086469d0309b8113be0a477f93
2012-08-02 10:55:08 -05:00
Monty Taylor
383c023b15 Add support for initial project creation.
If replicate_local is set, this will ensure that /var/lib/git is created,
and that projects listed in the projects.config have repos there.

Additionally, it creates a new config file, projects.config which is a
yaml file listing all of the projects and various operational semantics about
them, such as whether or not they should have pull requests closed and whether
or not they track any remotes. This replaces remotes.config and github.config.

Moving forward, there is no reason to not have this script be able to
do github api calls to create the github repo if it's not there, set the
github project description, gerrit api calls to create the project in gerrit,
and initial project permissions templates.

Change-Id: I1ad803b0aa5f7386206d0c3f4cd858017242fe64
2012-08-02 15:49:02 +00:00
Monty Taylor
ef3881d487 Set some parameters to more sensible defaults.
Also, moved depends for launchpad sync script to the launchpad sync
module, and put the ntp stuff into an ntp module.

Change-Id: I2568752493fefa305f9108a23da101d80a311552
2012-07-29 13:04:17 -05:00
Monty Taylor
0b921968d1 Added an option to toggle replication choices.
New options for github replication and local replication.

Change-Id: I06a6ca5347232ec80e26f6116742ab0007435ffe
2012-07-29 13:04:17 -05:00
Monty Taylor
d20c4523bf Broke launchpad user sync into its own class.
Additionally, the file installation of the scripts wasn't working,
so the sync script wasn't actually getting installed. This moves
the underlying scripts to be installed by the gerrit module,
because it owns /usr/local/gerrit/scripts, and then manages the
gerrit hooks which call those scripts in the openstack_project
class, since that's where the config choice to enable those
functions really should live.

Change-Id: I54fb9edd9fb0c634d8d9de4e57f9ddad6af63a99
2012-07-29 13:04:17 -05:00
Monty Taylor
279b406a4b Add natty entry for java_home.
Change-Id: I0c2605c7dfd2ccff3d966ee4e4e8067a91eb1b98
2012-07-28 10:54:35 -05:00
Monty Taylor
46282d44c1 Fixed a template typo.
Variable interpolation needs <%= not just <%. :)

Also, while I was in there, I replaced default with "oneiric",
because I don't actually know that the value is a good default value,
and I removed a couple of comments about moving to MySQL and Apache
modules from upstream.

Change-Id: Iec5b10cee2cbd0e0a2573fefa707d34d2a363cb4
2012-07-28 10:04:43 -05:00
Monty Taylor
c510a30e1e Modified gerrit to use MySQL and Apache modules.
Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
2012-07-27 17:37:37 +00:00
Monty Taylor
2805fed59f Fix the update_users cron job.
Change-Id: Icb546b9c48f2618e1b2269d82b34cc5588bc2624
2012-07-25 13:43:40 -05:00
James E. Blair
67a085ba7d Set replication authGroup to Anonymous.
Set the replication authGroup for github to Anonymous Users.

Enable the "mirror" option which "will remove remote branches that absent
locally or invisible to the replication (i.e. read access denied via
authGroup option)."

Disable replicatePermissions which will cause permissions-only projects and
the refs/meta/config branch not to be replicated.  I'm ambivalent about
refs/meta/config, but disabling permissions-only projects will remove
the periodic errors we get when trying to replicate All-Projects to github.

Change-Id: I9c302b68e0a213d35683d7105341788923c5770a
2012-07-25 09:26:03 -07:00
Monty Taylor
dbd4da09a7 Fix all of the gerrit module problems.
Change-Id: I46001fd677bc9a3634c9860ec07438c326e908e3
2012-07-24 00:28:04 -05:00
Monty Taylor
5609c50cd5 Move OpenStack branding and launchpad integration.
Launchpad integration and the OpenStack branding files are really
more about the OpenStack specific install of Gerrit than they are
about any installation of gerrit. Both of these are moved to the
openstack_project module.

Change-Id: I8b281aa5cb751a8023c2101c45146a3aca5f90f3
2012-07-23 14:46:55 -05:00
Monty Taylor
1b61f7673b Split gerrit cron jobs out.
Change-Id: I53faafc4d692c3dc62fd3356fd39f6e2ce64a481
2012-07-23 11:42:18 -05:00
Monty Taylor
8f1adc171f Split github into its own module.
TODO: Add another script that sets the project description. Add the project
description to the config hash.

Change-Id: If4584b2a1e55e6eb912e1f557e31de216d49a516
2012-07-23 11:42:12 -05:00
Monty Taylor
6173771627 Move comment link default values to openstack.
Change-Id: I015c8601c73a541007de5d8127e8d9305c320c6c
2012-07-23 10:33:59 -05:00
Monty Taylor
4774c02153 Split gerrit remote fetcher into a module.
Change-Id: I85fd220da7105363471a1e67fec86cd25dac95c1
2012-07-23 10:33:59 -05:00
Monty Taylor
e3e9aaba10 Split gerritbot into its own module.
Change-Id: Ia9034d87321624006ccf447b058ee828a97fcc7a
2012-07-23 10:33:59 -05:00
Monty Taylor
221869cd60 Change database_password to mysql_password
The parameter, which filters straight down, is mysql_password, not
database_password.

Change-Id: Ib6a0dfbb65657367bda51b3ca54905740c13cf6b
2012-07-21 19:21:52 -07:00
Monty Taylor
d025dca604 First pass at parameterizing secret infos.
Change-Id: Iee56a7e65be51ebf19a61eefd60cc93de6a764bf
2012-07-20 14:40:42 -07:00
Clark Boylan
0d50460f02 Update DocImpact notifier with new dest addr.
The openstack documentation team has a new mailing list in part to
accomodate the DocImpact notifier. Update the destination address in
the notify_doc_impact script to send mail to
openstack-docs@lists.openstack.org.

Change-Id: I041194298a18e5f710c6e3bd7221dee2099733e8
2012-07-11 16:16:58 -07:00
David Ostrovsky
89c230cb4e reconfigure gitweb to show the whole content of the commit and not only the changed filed
Change-Id: Ie9940a0b8afc0fa85f89395c4fa8bdc84f9be6ff
2012-07-07 22:26:12 +02:00
Monty Taylor
ae37e2affd Restrict replication to github.
We should only replicate to github things that people can see anyway.

Change-Id: I3a1aa93cc805d64a1c04ea963df54223c06f5837
2012-07-07 09:44:57 -05:00
Jenkins
95fef53864 Merge "Use apache to serve out http git repos." 2012-07-07 14:41:16 +00:00
James E. Blair
5efb744f30 Add gerrit-verification-status-plugin project.
Change-Id: Idc43f0716d152f623459369cab84d6166e140a88
2012-07-06 13:11:57 -07:00
Monty Taylor
0fbbe34dfc Use apache to serve out http git repos.
Assumes that every project in gerrit has a corresponding repo in
/var/lib/git that can be replicated to. That's probably a one-time offline
creation, followed by an additional step in the adding a project docs.

Change-Id: If9b987717550d5b251366c1408d949c55e64828a
2012-07-06 14:06:21 -05:00
Monty Taylor
09116ced39 Tarballs site has moved.
Change-Id: I9bca1fcb1692d139a397f77edbb11e231057054b
2012-07-06 12:48:38 -05:00
Jenkins
7bbb1f38f3 Merge "Fix gerritbot init script" 2012-07-06 15:35:27 +00:00
Andrew Hutchings
39f1fe8abf Fix gerritbot init script
Path to the executable was incorrect

Change-Id: I990a7029f0ce84b308dc60ddbae8003f00106a81
2012-07-06 16:24:59 +01:00
Andrew Hutchings
7b96c527d9 Fix gerritbot projects
heat is in heat-api/heat

Verify trigger is for -2 in the code, not -1

Heat's repo is in heat-api instead of stackforge, so Gerritbot needs
to monitor that

Change-Id: I0526a32489c9af67198fcebeebdf3271c5751c49
2012-07-06 16:10:59 +01:00
Clark Boylan
bc2448199a Allow GerritBot to talk on multiple channels.
Fixes bug #1020987

Update GerritBot with the ability to talk on multiple channels. This
way a single GerritBot instance can operate in multiple channels for
multiple projects. To make this work this change introduces a new
channel configuration file (yaml) for GerritBot that specifies each
channel that GerritBot should join and the changes that channel is
interested in.

The config should look something like:
channel-foo:
    events:
      - patchset-created
      - change-merged
    projects:
      - test/bar
      - test/foo
    branches:
      - master

Change-Id: I8e278f9be5182611981a3d912cc323bd3d386fc5
2012-07-05 15:02:25 -07:00
Thierry Carrez
b56c5f3f75 No longer mark bug fixes in parent project
Stop marking python-PROJECT client bug fixes as fixed in PROJECT, by
removing the exception mapping. This is due to client projects now
having their own Launchpad project.

Change-Id: I56471c9efff143f79421729880626c5e78c6200b
2012-07-04 12:43:27 +02:00
James E. Blair
2dd8ebe53b Add httpd_maxwait parameter to gerrit module.
Was missing from earlier change that added it to the invocation.

Change-Id: I71d9b62e1b959fbd9d87f21800d47606be31d95a
2012-07-03 06:39:24 -07:00
James E. Blair
7558862fde Set gerrit http maxwait.
Set the timeout to 5000 minutes, which, due to a bug in gerrit
really means 5 minutes, which is the documented default value.

Change-Id: I85127cc44ed6f182a0e06083641d2d872f11d8b3
2012-07-02 12:35:51 -07:00
Clark Boylan
d395a98dbc Add doc impact notifier to Gerrit.
Add a doc impact notifier to Gerrit that will email the documentation
team whenever changes with "DocImpact" in their commit messages are
pushed to Gerrit.

Change-Id: Ibbb4ac740efa60ef44fd4753ad8459437d98e592
2012-06-27 14:19:21 -07:00
Clark Boylan
17c836ab28 Enable Melody on review-dev.
Review-dev is running a Melody capable WAR, but the Melody service
was not enabled. Enable it.

Change-Id: I68934151a38c2572f37d996e1c923a880ab9f50f
2012-06-25 13:26:46 -07:00
Andrew Hutchings
d42c95b727 Add color values
Gerrit without my patch will ignore these config values.  Review-dev will apply
them.

Change-Id: I5f01229ad6c2e1c3a0cf2de53fffd0c2b1a3626b
2012-06-20 14:12:19 -07:00
Clark Boylan
50628cdbf6 Try again to fix the close request script.
Fixes bug #1012310

Seems github won't let you request an issue if issues are disabled
on a repo. So attempt to get around this by creating an Issue object
derived from a pull requests URL. Then comment on this issue object.

Change-Id: If64640ebc1d86d86360e5657f4245541620fcebb
2012-06-13 17:15:25 -07:00
Clark Boylan
e8b306ee59 Fix the close pull requests script.
Fixes bug #1012310

Need to use the .login property on orgs instead of the .name property.

Change-Id: I603f9172966fc99c8f49d592ce7a9009084840cd
2012-06-13 14:48:28 -07:00
Clark Boylan
7bd6b502a0 Fix the close pull requests script.
Fixes bug #1012310

Old version of script didn't appear able to find repos as part of
organizations. Update script to search for the repos under orgs.

Change-Id: I04696152bc3b7ecb63a5704768c27ff796d3ffc9
2012-06-13 13:20:42 -07:00
Clark Boylan
b9ebb81800 Update Github request closer script to v3 of API.
Fixes bug #1012310

Github disabled v1 and v2 of their API permanently, forcing us to
update the script that closes Github pull requests to v3 of the API.
Update the script using the PyGithub lib.

Change-Id: I90c9faacdb7a72a470b8ad6aaea674edd9b8329e
2012-06-13 10:14:36 -07:00
Monty Taylor
6e0d87bffc Add gerrit to the openstack-ci bug projects.
Change-Id: I71649621123d0dfa4de3e4445d3eb5cdb7ceac84
2012-06-10 15:33:33 -04:00
James E. Blair
33f0963048 Fix gerrit group permissions.
review.openstack.org will restart on every puppet run otherwise.

Change-Id: I999f279dec016f201390d47ab6f2ca3d412c86eb
2012-06-06 10:06:46 -07:00
James E. Blair
ae0f98e0cd Use unattended upgrades.
Stop using latest for packages installed by puppet.  This way,
all system packages get updated, not just some random ones.

The unattended-upgrades config will email root.  It is configured
for openstack servers and jenkins slaves, but not template hosts
so that it doesn't interfere with spin-up.

Also, fix some bits in the gerrit module that were causing
continuous restarts on gerrit-dev.

Install emacs.

Change-Id: I51c9083ccd3669f284fce4b50c36a37a0cac92d8
2012-06-05 22:59:46 +00:00
James E. Blair
0082fa9c49 More gerrit tuning.
Increase the heap size and dramatically increase the ssh threads.
Add some more recommended parameters (see site manifest for details).

Parameterize tunables in gerrit config file.

Change-Id: Ia6446b29426f56a77425eed93a7f0e448c3cd7b1
2012-05-29 18:15:27 +00:00
Jenkins
c3f7ed4f0b Merge "Revert "Decode key returned from db into unicode."" 2012-05-27 16:17:34 +00:00
Monty Taylor
352b80f923 Revert "Decode key returned from db into unicode."
This reverts commit 9e63f0b303
2012-05-27 16:16:55 +00:00
Jenkins
29e849f3b6 Merge "Decode key returned from db into unicode." 2012-05-27 15:41:36 +00:00