System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

gerrit.pp 17KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520
  1. # == Class: openstack_project::gerrit
  2. #
  3. # A wrapper class around the main gerrit class that sets gerrit
  4. # up for launchpad single sign on and bug/blueprint links
  5. class openstack_project::gerrit (
  6. $mysql_host,
  7. $mysql_password,
  8. $accountpatchreviewdb_url = undef,
  9. $vhost_name = $::fqdn,
  10. $canonicalweburl = "https://${::fqdn}/",
  11. $git_http_url = '',
  12. $canonical_git_url = '',
  13. $serveradmin = 'webmaster@openstack.org',
  14. $ssh_host_key = '/home/gerrit2/review_site/etc/ssh_host_rsa_key',
  15. $ssh_project_key = '/home/gerrit2/review_site/etc/ssh_project_rsa_key',
  16. $ssl_cert_file = "/etc/ssl/certs/${::fqdn}.pem",
  17. $ssl_key_file = "/etc/ssl/private/${::fqdn}.key",
  18. $ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
  19. $ssl_cert_file_contents = '',
  20. $ssl_key_file_contents = '',
  21. $ssl_chain_file_contents = '',
  22. $ssh_dsa_key_contents = '', # If left empty puppet will not create file.
  23. $ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
  24. $ssh_rsa_key_contents = '', # If left empty puppet will not create file.
  25. $ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
  26. $ssh_project_rsa_key_contents = '', # If left empty will not create file.
  27. $ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
  28. $ssh_welcome_rsa_key_contents='', # If left empty will not create file.
  29. $ssh_welcome_rsa_pubkey_contents='', # If left empty will not create file.
  30. $ssh_replication_rsa_key_contents='', # If left empty will not create file.
  31. $ssh_replication_rsa_pubkey_contents='', # If left empty will not create file.
  32. $email = '',
  33. $database_poollimit = '',
  34. $container_heaplimit = '',
  35. $core_packedgitopenfiles = '',
  36. $core_packedgitlimit = '',
  37. $core_packedgitwindowsize = '',
  38. $sshd_threads = '',
  39. $httpd_acceptorthreads = '',
  40. $httpd_minthreads = '',
  41. $httpd_maxthreads = '',
  42. $httpd_maxqueued = '',
  43. $httpd_maxwait = '',
  44. $war = '',
  45. $acls_dir = 'UNDEF',
  46. $notify_impact_file = 'UNDEF',
  47. $projects_file = 'UNDEF',
  48. $projects_config = 'UNDEF',
  49. $github_username = '',
  50. $github_oauth_token = '',
  51. $github_project_username = '',
  52. $github_project_password = '',
  53. $email_private_key = '',
  54. $token_private_key = '',
  55. $replicate_local = true,
  56. $replication_force_update = true,
  57. $replication_auto_reload = false,
  58. $replication = [],
  59. $local_git_dir = '/opt/lib/git',
  60. $jeepyb_cache_dir = '/opt/lib/jeepyb',
  61. $cla_description = 'OpenStack Individual Contributor License Agreement',
  62. $cla_file = 'static/cla.html',
  63. $cla_id = '2',
  64. $cla_name = 'ICLA',
  65. $testmode = false,
  66. $swift_username = '',
  67. $swift_password = '',
  68. $gitweb = true,
  69. $cgit = false,
  70. $web_repo_url = false,
  71. $web_repo_url_encode = false,
  72. $secondary_index = true,
  73. $report_bug_text = 'Get Help',
  74. $report_bug_url = 'https://docs.openstack.org/infra/system-config/project.html#contributing',
  75. $index_threads = 1,
  76. $download = {},
  77. $receive_max_object_size_limit = '100 m',
  78. $cache_accounts = 32768,
  79. $cache_accounts_byemail = 32768,
  80. $cache_accounts_byname = 32768,
  81. $cache_groups_byuuid = 32768,
  82. $commentlinks = [],
  83. $commitmessage_params = {},
  84. $its_plugins = [],
  85. $its_rules = [],
  86. $java_home = '',
  87. $openidssourl = 'https://login.ubuntu.com/+openid',
  88. ) {
  89. class { 'jeepyb::openstackwatch':
  90. projects => [
  91. 'openstack/ceilometer',
  92. 'openstack/cinder',
  93. 'openstack/glance',
  94. 'openstack/heat',
  95. 'openstack/horizon',
  96. 'openstack/infra',
  97. 'openstack/keystone',
  98. 'openstack/nova',
  99. 'openstack/oslo',
  100. 'openstack/neutron',
  101. 'openstack/swift',
  102. 'openstack/tempest',
  103. 'openstack-dev/devstack',
  104. ],
  105. container => 'rss',
  106. json_url => 'https://review.opendev.org/query?q=status:open',
  107. swift_username => $swift_username,
  108. swift_password => $swift_password,
  109. swift_auth_url => 'https://auth.api.rackspacecloud.com/v1.0',
  110. auth_version => '1.0',
  111. }
  112. class { '::gerrit':
  113. vhost_name => $vhost_name,
  114. canonicalweburl => $canonicalweburl,
  115. git_http_url => $git_http_url,
  116. canonical_git_url => $canonical_git_url,
  117. # opinions
  118. allow_drafts => false,
  119. enable_melody => true,
  120. melody_session => true,
  121. robots_txt_source => 'puppet:///modules/openstack_project/gerrit/robots.txt',
  122. enable_javamelody_top_menu => false,
  123. # passthrough
  124. java_home => $java_home,
  125. ssl_cert_file => $ssl_cert_file,
  126. ssl_key_file => $ssl_key_file,
  127. ssl_chain_file => $ssl_chain_file,
  128. ssl_cert_file_contents => $ssl_cert_file_contents,
  129. ssl_key_file_contents => $ssl_key_file_contents,
  130. ssl_chain_file_contents => $ssl_chain_file_contents,
  131. ssh_dsa_key_contents => $ssh_dsa_key_contents,
  132. ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
  133. ssh_rsa_key_contents => $ssh_rsa_key_contents,
  134. ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
  135. ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
  136. ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
  137. ssh_replication_rsa_key_contents => $ssh_replication_rsa_key_contents,
  138. ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
  139. email => $email,
  140. openidssourl => $openidssourl,
  141. database_poollimit => $database_poollimit,
  142. container_heaplimit => $container_heaplimit,
  143. core_packedgitopenfiles => $core_packedgitopenfiles,
  144. core_packedgitlimit => $core_packedgitlimit,
  145. core_packedgitwindowsize => $core_packedgitwindowsize,
  146. sshd_threads => $sshd_threads,
  147. httpd_acceptorthreads => $httpd_acceptorthreads,
  148. httpd_minthreads => $httpd_minthreads,
  149. httpd_maxthreads => $httpd_maxthreads,
  150. httpd_maxqueued => $httpd_maxqueued,
  151. httpd_maxwait => $httpd_maxwait,
  152. sshd_max_connections_per_user => '96',
  153. commentlinks => $commentlinks,
  154. its_plugins => $its_plugins,
  155. its_rules => $its_rules,
  156. trackingids => [
  157. {
  158. name => 'launchpad-bug',
  159. footers => ['closes-bug:', 'partial-bug:', 'related-bug:'],
  160. match => '\\\\#?(\\\\d+)',
  161. system => 'Launchpad',
  162. },
  163. {
  164. name => 'storyboard-story',
  165. footer => 'story:',
  166. match => '\\\\#?(\\\\d+)',
  167. system => 'Storyboard',
  168. },
  169. {
  170. name => 'storyboard-task',
  171. footer => 'task:',
  172. match => '\\\\#?(\\\\d+)',
  173. system => 'Storyboard',
  174. },
  175. ],
  176. war => $war,
  177. mysql_host => $mysql_host,
  178. mysql_password => $mysql_password,
  179. accountpatchreviewdb_url => $accountpatchreviewdb_url,
  180. email_private_key => $email_private_key,
  181. token_private_key => $token_private_key,
  182. replicate_local => $replicate_local,
  183. replicate_path => $local_git_dir,
  184. replicate_on_startup => 'false',
  185. replication_force_update => $replication_force_update,
  186. replication_auto_reload => $replication_auto_reload,
  187. replication => $replication,
  188. gitweb => $gitweb,
  189. cgit => $cgit,
  190. web_repo_url => $web_repo_url,
  191. web_repo_url_encode => $web_repo_url_encode,
  192. testmode => $testmode,
  193. secondary_index => $secondary_index,
  194. require => Class[openstack_project::server],
  195. report_bug_text => $report_bug_text,
  196. report_bug_url => $report_bug_url,
  197. index_threads => $index_threads,
  198. download => $download,
  199. receive_max_object_size_limit => $receive_max_object_size_limit,
  200. commitmessage_params =>
  201. {
  202. maxLineLength => '72',
  203. },
  204. cache_accounts => $cache_accounts,
  205. cache_accounts_byemail => $cache_accounts_byemail,
  206. cache_accounts_byname => $cache_accounts_byname,
  207. cache_groups_byuuid => $cache_groups_byuuid,
  208. }
  209. mysql_backup::backup_remote { 'gerrit':
  210. database_host => $mysql_host,
  211. database_user => 'gerrit2',
  212. database_password => $mysql_password,
  213. dest_dir => '/home/gerrit2/mysql_backups',
  214. num_backups => '10',
  215. require => Class['::gerrit'],
  216. }
  217. if ($testmode == false) {
  218. class { 'gerrit::cron':
  219. gitgc_repos => true,
  220. }
  221. class { 'github':
  222. username => $github_username,
  223. project_username => $github_project_username,
  224. project_password => $github_project_password,
  225. oauth_token => $github_oauth_token,
  226. require => Class['::gerrit']
  227. }
  228. }
  229. file { '/home/gerrit2/review_site/static/cla.html':
  230. ensure => present,
  231. owner => 'root',
  232. group => 'root',
  233. mode => '0444',
  234. source => 'puppet:///modules/openstack_project/gerrit/cla.html',
  235. replace => true,
  236. require => Class['::gerrit'],
  237. }
  238. file { '/home/gerrit2/review_site/static/usg-cla.html':
  239. ensure => present,
  240. owner => 'root',
  241. group => 'root',
  242. mode => '0444',
  243. source => 'puppet:///modules/openstack_project/gerrit/usg-cla.html',
  244. replace => true,
  245. require => Class['::gerrit'],
  246. }
  247. file { '/home/gerrit2/review_site/static/system-cla.html':
  248. ensure => present,
  249. owner => 'root',
  250. group => 'root',
  251. mode => '0444',
  252. source => 'puppet:///modules/openstack_project/gerrit/system-cla.html',
  253. replace => true,
  254. require => Class['::gerrit'],
  255. }
  256. file { '/home/gerrit2/review_site/static/title.svg':
  257. ensure => present,
  258. source => 'puppet:///modules/openstack_project/opendev.svg',
  259. require => Class['::gerrit'],
  260. notify => Exec['reload_gerrit_header'],
  261. }
  262. package { 'libjs-jquery':
  263. ensure => present,
  264. }
  265. file { '/home/gerrit2/review_site/static/jquery.js':
  266. ensure => present,
  267. source => '/usr/share/javascript/jquery/jquery.js',
  268. require => [
  269. File['/home/gerrit2/review_site/static'],
  270. Class['::gerrit'],
  271. Package['libjs-jquery'],
  272. ],
  273. subscribe => Package['libjs-jquery'],
  274. notify => Exec['reload_gerrit_header'],
  275. }
  276. vcsrepo { '/opt/jquery-visibility':
  277. ensure => latest,
  278. provider => git,
  279. revision => 'master',
  280. source => 'https://github.com/mathiasbynens/jquery-visibility.git',
  281. }
  282. file { '/home/gerrit2/review_site/static/jquery-visibility.js':
  283. ensure => present,
  284. source => '/opt/jquery-visibility/jquery-visibility.js',
  285. subscribe => Vcsrepo['/opt/jquery-visibility'],
  286. notify => Exec['reload_gerrit_header'],
  287. require => [ File['/home/gerrit2/review_site/static'],
  288. Class['::gerrit'] ]
  289. }
  290. file { '/home/gerrit2/review_site/static/hideci.js':
  291. ensure => present,
  292. source => 'puppet:///modules/openstack_project/gerrit/hideci.js',
  293. require => Class['::gerrit'],
  294. notify => Exec['reload_gerrit_header'],
  295. }
  296. file { '/home/gerrit2/review_site/etc/GerritSite.css':
  297. ensure => present,
  298. source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
  299. require => Class['::gerrit'],
  300. }
  301. file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html':
  302. ensure => present,
  303. source =>
  304. 'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
  305. require => Class['::gerrit'],
  306. }
  307. exec { 'reload_gerrit_header':
  308. command => 'sleep 10; touch /home/gerrit2/review_site/etc/GerritSiteHeader.html',
  309. path => '/bin:/usr/bin',
  310. refreshonly => true,
  311. }
  312. cron { 'gerritsyncusers':
  313. ensure => absent,
  314. }
  315. cron { 'sync_launchpad_users':
  316. ensure => absent,
  317. }
  318. file { '/home/gerrit2/review_site/hooks/change-merged':
  319. ensure => present,
  320. owner => 'root',
  321. group => 'root',
  322. mode => '0555',
  323. source => 'puppet:///modules/openstack_project/gerrit/change-merged',
  324. replace => true,
  325. require => Class['::gerrit'],
  326. }
  327. file { '/home/gerrit2/review_site/hooks/change-abandoned':
  328. ensure => present,
  329. owner => 'root',
  330. group => 'root',
  331. mode => '0555',
  332. source => 'puppet:///modules/openstack_project/gerrit/change-abandoned',
  333. replace => true,
  334. require => Class['::gerrit'],
  335. }
  336. if ($notify_impact_file != 'UNDEF') {
  337. file { '/home/gerrit2/review_site/hooks/notify_impact.yaml':
  338. ensure => present,
  339. source => $notify_impact_file,
  340. require => Class['::gerrit'],
  341. }
  342. }
  343. file { '/home/gerrit2/review_site/hooks/patchset-created':
  344. ensure => present,
  345. owner => 'root',
  346. group => 'root',
  347. mode => '0555',
  348. content => template('openstack_project/gerrit_patchset-created.erb'),
  349. replace => true,
  350. require => Class['::gerrit'],
  351. }
  352. if $ssh_welcome_rsa_key_contents != '' {
  353. file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key':
  354. owner => 'gerrit2',
  355. group => 'gerrit2',
  356. mode => '0600',
  357. content => $ssh_welcome_rsa_key_contents,
  358. replace => true,
  359. require => File['/home/gerrit2/review_site/etc']
  360. }
  361. }
  362. if $ssh_welcome_rsa_pubkey_contents != '' {
  363. file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key.pub':
  364. owner => 'gerrit2',
  365. group => 'gerrit2',
  366. mode => '0644',
  367. content => $ssh_welcome_rsa_pubkey_contents,
  368. replace => true,
  369. require => File['/home/gerrit2/review_site/etc']
  370. }
  371. }
  372. if ($projects_file != 'UNDEF') {
  373. if ($replicate_local) {
  374. if (!defined(File[$local_git_dir])) {
  375. file { $local_git_dir:
  376. ensure => directory,
  377. owner => 'gerrit2',
  378. require => Class['::gerrit'],
  379. }
  380. cron { 'mirror_repack':
  381. ensure => absent,
  382. user => 'gerrit2',
  383. }
  384. cron { 'mirror_gitgc':
  385. user => 'gerrit2',
  386. weekday => '0',
  387. hour => '4',
  388. minute => '7',
  389. command => "find ${local_git_dir} -type d -name \"*.git\" -print -exec git --git-dir=\"{}\" gc \\;",
  390. environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
  391. }
  392. }
  393. }
  394. file { '/home/gerrit2/projects.yaml':
  395. ensure => present,
  396. owner => 'gerrit2',
  397. group => 'gerrit2',
  398. mode => '0444',
  399. source => $projects_file,
  400. replace => true,
  401. require => Class['::gerrit'],
  402. }
  403. file { $jeepyb_cache_dir:
  404. ensure => 'directory',
  405. owner => 'gerrit2',
  406. group => 'gerrit2',
  407. mode => '0755',
  408. }
  409. file { '/home/gerrit2/projects.ini':
  410. ensure => present,
  411. owner => 'gerrit2',
  412. group => 'gerrit2',
  413. mode => '0444',
  414. content => template($projects_config),
  415. replace => true,
  416. require => Class['::gerrit'],
  417. }
  418. file { '/home/gerrit2/acls':
  419. ensure => directory,
  420. owner => 'gerrit2',
  421. group => 'gerrit2',
  422. mode => '0444',
  423. recurse => true,
  424. replace => true,
  425. purge => true,
  426. force => true,
  427. source => $acls_dir,
  428. require => Class['::gerrit']
  429. }
  430. if ($testmode == false) {
  431. exec { 'manage_projects':
  432. command => '/usr/local/bin/manage-projects -v -l /var/log/manage_projects.log',
  433. timeout => 1800, # 30 minutes
  434. subscribe => [
  435. File['/home/gerrit2/projects.yaml'],
  436. File['/home/gerrit2/acls'],
  437. ],
  438. refreshonly => true,
  439. logoutput => true,
  440. require => [
  441. File['/home/gerrit2/projects.yaml'],
  442. File['/home/gerrit2/acls'],
  443. Class['jeepyb'],
  444. ],
  445. }
  446. cron { 'track_upstream':
  447. user => 'root',
  448. hour => '*',
  449. minute => '42',
  450. command => '/usr/local/bin/track-upstream -v -l /var/log/track_upstream.log',
  451. environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
  452. require => [
  453. File['/home/gerrit2/projects.yaml'],
  454. Class['jeepyb'],
  455. ],
  456. }
  457. include logrotate
  458. logrotate::file { 'manage_projects.log':
  459. log => '/var/log/manage_projects.log',
  460. options => [
  461. 'compress',
  462. 'missingok',
  463. 'rotate 30',
  464. 'daily',
  465. 'notifempty',
  466. 'copytruncate',
  467. ],
  468. require => Exec['manage_projects'],
  469. }
  470. logrotate::file { 'track_upstream.log':
  471. log => '/var/log/track_upstream.log',
  472. options => [
  473. 'compress',
  474. 'missingok',
  475. 'rotate 30',
  476. 'daily',
  477. 'notifempty',
  478. 'copytruncate',
  479. ],
  480. require => Cron['track_upstream'],
  481. }
  482. }
  483. }
  484. file { '/home/gerrit2/review_site/bin/set_agreements.sh':
  485. ensure => absent,
  486. }
  487. }