This rebuilds secondary indexes on gerrit initial-init and init. They
are optional in gerrit 2.8, and mandatory in gerrit 2.9.
A few common strings are refactored into variables to make this more
concise, and less likely to get fat fingered. If desired, further
symbolic refactoring can be done here as well.
Question remains if we need to make this 2.8 conditional, and how we
can get access to the gerrit revision in this part of puppet.
Partial-Bug: #1082781
Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
/opt/lib/git is about to become the new default path for the local
replica. If it is used, we should make sure /opt/lib exists.
Change-Id: I4accdfefce9ef4f98c435c11f08fded1481e3ee6
Merge after it has been created there manually to avoid downtime.
Will require a gerrit restart to pick up the replication change.
Change-Id: I6b55d16d731725548b8da46f5438e296b6dc6485
* Gerrit: make the path to the local replica configurable
(default to /var/lib/git)
* Set the local replica path on review-dev to /opt/lib/git
* Gerrit: make the jeepyb cache dir configurable
(default to /opt/lib/jeepyb)
Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
We don't use it anymore so it's difficult to require it.
Apr 23 19:20:26 review puppet-agent[3736]: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid relationship: Exec[gerr
it-initial-init] { require => Mysql::Db[reviewdb] }, because Mysql::Db[reviewdb] doesn't seem to be in the catalog
Change-Id: Id4b69be61351274512e7784594b391e5fab2a482
In further support of using a trove db, remove the gerrit::mysql
module from review-dev. Plumb mysql_host throughout and remove
the no longer necessary mysql_root_password. Configure review-dev
to use mysql_host from hiera, but configure review to use
'localhost'.
Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
We only want to start it when we've installed or upgraded.
The initial-init and init are designed to either one of them run,
one if there is no init script (initial install) the other if there
is (upgrade). The things they trigger should only run in response
to those actions.
Change-Id: I3bcaaed07bcf6239e053789b9b6241cbf652e7d4
The replication_targets parameter doesn't appear to be used anywhere,
let's get rid of it to avoid confusion.
Change-Id: I25fdb9d5e99b3876e6a363e5f967f22f8674b7c6
This change configures puppet to install core plugins which are packaged with
the released gerrit.war file. The method to install the plugins is to just extract
them from the war file and place them into review_site/plugins folder. This method seemed
easier than using the 'init --install-plugin' option because the --install-plugin
option requires listing every plugin by name.
Change-Id: I08335f970cee9e88d41c3695fccb370d05d1a4d1
The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound
ssh-based replication is currently just kinda there by hand. Add management
of the files there.
Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522
Closes-Bug: 1209464
This patch addresses:
LDAP not requiring username or password (anonymous bind)
This is required to support configurations where LDAP is on a secure network,
and anonymous bind is enabled.
LDAP using a self signed SSL cert (verify ssl on or off)
This is required to support configurations where LDAP requires SSL, but ssl is
using an internal or self signed certificate, and therefore fails cert checks.
This also covers testing conditions where a consumer might use OS with LDAP+ssl
unsigned.
LDAP using a nonstandard cn naming convention (ie email address).
This is required to deal with an edge case where 'cn' in ldap might be something
other than a bare username. Gerrit pulls the ssh username from that value and
will not accept a non-alphanumeric address. By setting 'accountSshUserName' in
puppet, that is setable.
LDAP prepopulating account Full name.
Gerrit has a configuration option to pull Full Name from LDAP, this change exposes
that option.
Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58
It would be good to keep the command output and exit code when installing or
upgrading gerrit in case it doesn't work.
Change-Id: Ia93001706b4ea509797419b74716c23db47aaed1
The `$mysql_password` variable is used by the `secure.config.erb`
template in the gerrit class, but is not passed from
openstack_project::review -> openstack_project::gerrit -> gerrit.
Instead it uses dynamic scopeing to find the variable and won't work in
Puppet 3. This adds the full parameter passing for Puppet 3.
This commit also adds "Template uses" comments immediately preceding
resources declarations which use a `template()` function to describe all
variables used by the gerrit templates. This greatly helps with
debugging issues such as this.
Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726
These things were listed before we had jeepyb as its own things
(gerritlib in gerrit) and before jeepyb has pbr/requirements.txt
as it does now. With the move to pip install -U . in /opt/jeepyb,
there is no need to also ask puppet to manage these.
Change-Id: I7b521d03b3df8c0bde37586748769f160e615d31
* modules/gerrit/manifests/init.pp: The gerrit installer adds
jarfiles for bcprov and mysql-connector into its lib directory, but
puppet needs to know how to add them itself.
Change-Id: Id61260d0d28f1aadf85dc8604688b0131cddf682
Puppetlabs-mysql 0.6.1 correctly removes the local ::1 root user in the
account_security manifest. Upgrade to this version to take advantage of
that. Do not upgrade to latest version (0.9.0) to minimize delta that
needs testing.
Change-Id: Ic8265733f1159f34ae0afcccdea4c7d8cd44e3cb
The version of puppetlabs-mysql that we use does not remove the local
::1 root user from the mysqld. Explicitly remove this user.
Change-Id: I626fcc77c75a29d3f3cab57217b714e68a30b468
This time, make the default value false instead of empty string.
This reverts commit 99d3283dc246da4b4d2d26ecfb193b308881f05d
Change-Id: I88108ff75f1c2bd3aa78856c186312340258ec3c
Make it possible to configure with LDAP or OPENID_SSO.
Also, it's possible to not want to need CLAs.
Change-Id: Ie6660c819f4078dd4dd5be052e74aaa98c54cab4
This commit moves the MySQL configuration from the gerrit puppet
module into a seperate mysql puppet module. The purpose of
this change is to allow us to more easily customise gerrit's
mysql configuration for each instance of gerrit that we deploy..
Partial-Bug: 1083101
Change-Id: Ibcc31b3fce8af54229fd4de69a49842ac1c428ae
Modify gerrit's git replication configuration so that it
pulls in from a list of replication targets defined in
puppet rather than individually added stanzas.
Pull the replicate_github variable from files, since it
is no longer required.
The replicate_local variable remains because it's used
in the apache configuration and for setup of the local
replication space for git.
Also add the cgit server to the list of servers.
Change-Id: I68de89bb216565f1754eb9b192bd437adcbf768b
Oracle has EOLed Java 6. While OpenJDK 6 is still supported, development
on it has slowed. Upgrade to OpenJDK 7 and run Gerrit on this newer
platform.
Change-Id: Id5867a0269bc6af3e7f6214112e91c8848ffbbe4
Actually, it's support for parameterized listen_address, but the
real thing you want it for is setting the port.
Change-Id: If75fedce32f35a8f72c92fc709d5c9e8b2d35235
Reviewed-on: https://review.openstack.org/33925
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
And slow down bing (msnbot).
Change-Id: Id8361047abc2cfb52260b3d0ef01275ec3a923f5
Reviewed-on: https://review.openstack.org/32435
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com>
Reviewed-by: Anita Kuno <anita.kuno@enovance.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: If87b0242c9203175335842832d13ebc6dfec2950
Reviewed-on: https://review.openstack.org/25119
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This is useful for testing Gerrit's contactstore features if you
don't have a real contact store server set up already.
* modules/gerrit/files/fakestore.cgi: An extremely trivial shell
script which returns the content Gerrit expects from a successful
submission to a contactstore server. Note this does not check the
application security key or store any of the post variables--it is
simply a black hole for contact updates.
* modules/gerrit/manifests/init.pp: If the contactstore feature is
enabled in Gerrit, install the fakestore.cgi script so it can be
available for testing.
* modules/gerrit/templates/gerrit.vhost.erb: If the contactstore
feature is enabled, ScriptAlias the /fakestore URL to the
fakestore.cgi script.
Change-Id: Ifa0f80bab9e8b8e207f0ffd83f01c8a3d904618e
Reviewed-on: https://review.openstack.org/19939
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Change-Id: I6d6addc2bc0e28b289726cddd6626669dbec1e17
Reviewed-on: https://review.openstack.org/17292
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: I6e5fa77a301eec30cff8e16bad33a91bfd95b13f
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/17176
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Instead of keeping many of these files directly in the tree, use them
from the out-of-tree jeepyb project, which makes them easier to consume
for other people who are not us.
Change-Id: Id704f2e17dd80709ef63cbbf2c5475a08a835f91
Reviewed-on: https://review.openstack.org/16777
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Mostly documentation and parameterised class parameter complaints.
Change-Id: Idbfd348a5befb041ce6eb36f9c6b195fc0c6799f
Reviewed-on: https://review.openstack.org/16685
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Manage project creation via yaml files. Also,
Modify the manage_projects scripts to configure Gerrit project ACLs.
This change expects the project yaml to exist. The change will clone the
project for the localhost Gerrit install. It will then checkout the
meta/config ref, copy the ACL config file into the repo, commit, and
push to the origin. The ACL config location should be specified in the
projects.yaml file with the acl_config key.
For this to work the ACLs will need to be copied by Puppet from Puppet
to the Gerrit host. Add the file resource to do this as well.
Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4
Reviewed-on: https://review.openstack.org/15352
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
* Rakefile: Override line length warnings from puppet-lint with its
disable_80chars option.
* modules/gerrit/manifests/cron.pp, modules/gerrit/manifests/init.pp,
modules/gerrit/manifests/remotes.pp, modules/lodgeit/manifests/site.pp,
modules/openstack_project/manifests/cacti.pp: Undo line continuations on
long strings. These were causing particular problems when attempting to
apply crontab entries.
Change-Id: I417788d7953ee0d2b717349564ee9cc78c0c49c2
Reviewed-on: https://review.openstack.org/15822
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Change-Id: I5a52c0fd0f5a35c32aa71c0f93500aa59e495066
Reviewed-on: https://review.openstack.org/14910
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Have hiera and puppet manage gerrits ssh:29418 keys (RSA and DSA). These
keys go in /home/gerrit2/review_site/etc.
Change-Id: If8cb3ec5a2e2c582b7fa6d87c520fc0cb7c2f205
Reviewed-on: https://review.openstack.org/14365
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
