Change-Id: I409bd50ae374e0288531f07cfeea34856c5f8067
Reviewed-on: https://review.openstack.org/17319
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: James E. Blair <corvus@inaugust.com>
This replaces the previous Echosign+Launchpad+Wiki+approver-based
asynchronous contributor license agreement signing process with a
fully-automated one contained entirely within Gerrit itself.
Note that the CLA features in Gerrit's WebUI depend on a modified
gerrit.war with an earlier patch reverted:
https://review.openstack.org/12716
* manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec
and contactstore_pubkey private material from hiera, for use by Gerrit's
contact store feature. Similar entries should be added for
review.openstack.org before going into production.
* modules/gerrit/manifests/init.pp(gerrit): Add contactstore,
contactstore_appsec and contactstore_url variables needed by the
gerrit.config.erb template, and contactstore_pubkey needed by the
contact_information.pub.erb template. Add a conditional block so that if
contactstore is enabled it installs the libbcpg-java package which
Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into
Gerrit's lib directory, and builds contact_information.pub from the
contact_information.pub.erb template.
* modules/gerrit/templates/contact_information.pub.erb: New template
which is effectively an empty file waiting to be filled with the
contents of the contactstore_pubkey variable. The
gerrit_contact_information.pub file built from it gets used to encrypt
contact information filed by users in such a way that it can only be
decrypted by the private key held by the Foundation.
* modules/gerrit/templates/gerrit.config.erb(contactstore): New section,
implemented conditionally for safety. Once enabled, if the
contactstore_appsec and contactstore_url are unset then Gerrit will
refuse to start. If the system referred to by contactstore_url is
unresponsive or contactstore_appsec does not contain the shared secret
it's expecting, contributors will be unable to file initial or updated
contact information through Gerrit's WebUI.
* modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML
copy of http://wiki.openstack.org/CLA retaining all the original
wording. This will probably need updating by OpenStack Foundation staff.
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Add contactstore, contactstore_appsec,
contactstore_pubkey and contactstore_url variables to pass back into the
gerrit module. Also define the cla_description, cla_file, cla_id and
cla_name variables which get used in the gerrit_set_agreements.sh.erb
template. Add an entry to install the cla.html file.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Add the contactstore_appsec and
contactstore_pubkey variables so they can be filled in by hiera.
Override the war to pull in the g69c8fa6 test build which has the
aforementioned CLA bits restored. Turn on contactstore and set
contactstore_url to point to an existing test CGI on the Internet until
the Foundation has theirs ready. Pass contactstore_appsec and
contactstore_pubkey through up into gerrit.pp. Add an entry for the
set_agreements.sh script built from the gerrit_set_agreements.sh.erb
template and then execute it to add the new CLA to Gerrit's DB and mark
the old one expired. Similar changes should be made in review.pp before
going into production.
* modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New
template used to build a set_agreements.sh script which checks Gerrit's
database and, if necessary, expires the old Echosign CLA and adds the
new local CLA. These conditions are checked and associated operations
performed independently, so subsequent runs become a no-op.
Post-migration, this can probably be neutered further and kept around
for pushing future CLA modifications into the database when needed.
Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026
Reviewed-on: https://review.openstack.org/13058
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: Iff55f35c0d9888f1029115c17d4644a68d4e8b4c
Reviewed-on: https://review.openstack.org/10727
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
If replicate_local is set, this will ensure that /var/lib/git is created,
and that projects listed in the projects.config have repos there.
Additionally, it creates a new config file, projects.config which is a
yaml file listing all of the projects and various operational semantics about
them, such as whether or not they should have pull requests closed and whether
or not they track any remotes. This replaces remotes.config and github.config.
Moving forward, there is no reason to not have this script be able to
do github api calls to create the github repo if it's not there, set the
github project description, gerrit api calls to create the project in gerrit,
and initial project permissions templates.
Change-Id: I1ad803b0aa5f7386206d0c3f4cd858017242fe64
Variable interpolation needs <%= not just <%. :)
Also, while I was in there, I replaced default with "oneiric",
because I don't actually know that the value is a good default value,
and I removed a couple of comments about moving to MySQL and Apache
modules from upstream.
Change-Id: Iec5b10cee2cbd0e0a2573fefa707d34d2a363cb4
TODO: Add another script that sets the project description. Add the project
description to the config hash.
Change-Id: If4584b2a1e55e6eb912e1f557e31de216d49a516
Assumes that every project in gerrit has a corresponding repo in
/var/lib/git that can be replicated to. That's probably a one-time offline
creation, followed by an additional step in the adding a project docs.
Change-Id: If9b987717550d5b251366c1408d949c55e64828a
Set the timeout to 5000 minutes, which, due to a bug in gerrit
really means 5 minutes, which is the documented default value.
Change-Id: I85127cc44ed6f182a0e06083641d2d872f11d8b3
Increase the heap size and dramatically increase the ssh threads.
Add some more recommended parameters (see site manifest for details).
Parameterize tunables in gerrit config file.
Change-Id: Ia6446b29426f56a77425eed93a7f0e448c3cd7b1
To be landed after the gerrit change in https://review.openstack.org/6749/ had been applied. Lightens the red used for the outdated highlight.
Change-Id: I33a89873968c0c8e6cb8dfa30892d50337b9a124
Upgrade gerrit to 2.3.0.
Add management of the apache virtualhost.
Remove gerrit body styling (including the javascript hack) in favor
of using the gerrit theme config options for body styling. Keep header
and top menu changes. This should make it easier to keep up with new
gerrit versions without chasing weird GWT changes.
Add management of the gerrit init script.
Add management of MySQL.
Add installation and upgrading of Gerrit.
Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
Moving the cron executed gerrit scripts into the puppet module. This is for two reasons:
1. Easier/faster to deploy/maintain than having a cron job for a separate git repo
2. We can add customisations required for review-dev and stackforge
Change-Id: Iaf44e1d57d6ee6ea282575b1b48261f4ccbbaf3f
Connection pool must be explicitly enabled.
See lines 160 - 175 of file
gerrit:gerrit-server/src/main/java/com/google/gerrit/server/schema/DataSourceProvider.java
Change-Id: I0f2d712cfa622d318e81a327ce18283aa086f894
Based on the advice in this thread:
http://groups.google.com/group/repo-discuss/browse_thread/thread/b91491c185295a71
Size the sshd threads (which are also used to handle https git requests)
better. Based on current trends, we peak at about 50% cpu usage
and 25% memory usage. Double the number of threads here to try to
allow us to get closer to 100% cpu.
(Corresponding increase in db connections.)
Change-Id: Icde18233de01466b241ab28d38d2e98735108193
In order to clone 8 keystone repos simultaneously via https in dev,
the following were needed:
httpd.acceptorThreads>=4
sshd.threads>=8
And database.poolLimit is supposed to be higher than http+ssh threads.
Change-Id: I8d011af41e32f7865424d54d5a78a10a3689e708
Also move the launchpad sync cron into puppet.
Create config file for github pull close script.
This change depends on https://review.openstack.org/#change,224
Change-Id: I1b7ad599a6c7542614780ea0ce46a42a8995d15b
Reviewed-on: https://review.openstack.org/225
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins