opendev/system-config
Code Issues Proposed changes

Pass review.o.o SSL certs in from Hiera.

Browse Source 
Use Hiera to store the review.o.o SSL certs and pass them down to the
gerrit module.

While modifying these files fix indentation and rocket ship alignment
according to puppet lint in the sections touched.

Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315
Reviewed-on: https://review.openstack.org/13975
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This commit is contained in:
Clark Boylan 2012-10-02 15:49:18 -07:00 committed by Jenkins
parent 915c4d53b4
commit 15e526fb18
4 changed files with 199 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
manifests/site.pp
View File

@ -18,6 +18,9 @@ node 'review.openstack.org' {
mysql_root_password => hiera('gerrit_mysql_root_password'),
email_private_key => hiera('gerrit_email_private_key'),
gerritbot_password => hiera('gerrit_gerritbot_password'),
ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'),
sysadmins => hiera('sysadmins'),
}
}

43
modules/gerrit/manifests/init.pp
View File

@ -9,6 +9,10 @@
# Used in the Apache virtual host to specify the SSL cert and key files.
# ssl_chain_file:
# Optional, if you have an intermediate cert Apache should serve.
# ssl_*_file_contents:
# Optional, the contents of the respective cert files as a string. Will be
# used to have Puppet ensure the contents of these files. Default value of
# '' means Puppet should not manage these files.
# openidssourl:
# The URL to use for OpenID in SSO mode.
# email:
@ -67,6 +71,9 @@ class gerrit($vhost_name=$fqdn,
$ssl_cert_file='/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file='/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file='',
$ssl_cert_file_contents='', # If left empty puppet will not create file.
$ssl_key_file_contents='', # If left empty puppet will not create file.
$ssl_chain_file_contents='', # If left empty puppet will not create file.
$openidssourl="https://login.launchpad.net/+openid",
$email='',
$database_poollimit='',
@ -97,7 +104,7 @@ class gerrit($vhost_name=$fqdn,
$replication_targets=[],
$gitweb=true,
$testmode=false
) {
) {
include apache
@ -239,7 +246,7 @@ class gerrit($vhost_name=$fqdn,
require => File["/home/gerrit2/review_site/etc"]
}
# Set up MySQL.
# Set up MySQL.
class {"mysql::server":
config_hash => {
@ -258,7 +265,7 @@ class gerrit($vhost_name=$fqdn,
charset => "latin1",
}
# Set up apache.
# Set up apache.
apache::vhost { $vhost_name:
port => 443,
@ -277,6 +284,36 @@ class gerrit($vhost_name=$fqdn,
ensure => present
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_key_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
# Install Gerrit itself.
# The Gerrit WAR is specified as a url like 'http://tarballs.openstack.org/ci/gerrit-2.2.2-363-gd0a67ce.war'

19
modules/openstack_project/manifests/gerrit.pp
View File

@ -11,6 +11,9 @@ class openstack_project::gerrit (
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file='',
$ssl_cert_file_contents='',
$ssl_key_file_contents='',
$ssl_chain_file_contents='',
$email='',
$database_poollimit='',
$container_heaplimit='',
@ -55,6 +58,9 @@ class openstack_project::gerrit (
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
email => $email,
openidssourl => "https://login.launchpad.net/+openid",
database_poollimit => $database_poollimit,
@ -67,17 +73,18 @@ class openstack_project::gerrit (
httpd_minthreads => $httpd_minthreads,
httpd_maxthreads => $httpd_maxthreads,
httpd_maxwait => $httpd_maxwait,
commentlinks => [ { name => 'changeid',
commentlinks => [{ name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z' },
link => '#q,$1,n,z'
},
{ name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => 'https://code.launchpad.net/bugs/$2' },
link => 'https://code.launchpad.net/bugs/$2'
},
{ name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' },
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2'
},
],
war => $war,
contactstore => $contactstore,

6
modules/openstack_project/manifests/review.pp
View File

@ -30,12 +30,18 @@ class openstack_project::review (
$mysql_root_password,
$email_private_key,
$gerritbot_password,
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$sysadmins = []
) {
class { 'openstack_project::gerrit':
ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem',
ssl_key_file => '/etc/ssl/private/review.openstack.org.key',
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
email => 'review@openstack.org',
database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
container_heaplimit => '8g',