Add replication key for gerrit from hiera

The ssh key in ~gerrit2/.ssh/id_rsa which is what is used for outbound ssh-based replication is currently just kinda there by hand. Add management of the files there. Change-Id: I5bfea4543d6eb46ba2e9f3c791f4e6b6c5534522 Closes-Bug: 1209464
2014-02-04 10:03:33 +01:00 · 2014-02-04 10:03:33 +01:00 · 51949062fb
commit 51949062fb
parent 084f24b3fc
4 changed files with 156 additions and 114 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -31,6 +31,8 @@ node 'review.openstack.org' {
    ssh_project_rsa_pubkey_contents     => hiera('gerrit_project_ssh_rsa_pubkey_contents'),
    ssh_welcome_rsa_key_contents        => hiera('welcome_message_gerrit_ssh_private_key'),
    ssh_welcome_rsa_pubkey_contents     => hiera('welcome_message_gerrit_ssh_public_key'),
+    ssh_replication_rsa_key_contents    => hiera('gerrit_replication_ssh_rsa_key_contents'),
+    ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
    lp_sync_consumer_key                => hiera('gerrit_lp_consumer_key'),
    lp_sync_token                       => hiera('gerrit_lp_access_token'),
    lp_sync_secret                      => hiera('gerrit_lp_access_secret'),
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@ -95,6 +95,8 @@ class gerrit(
  $ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
  $ssh_project_rsa_key_contents = '', # If left empty will not create file.
  $ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
+  $ssh_replication_rsa_key_contents = '', # If left emptry will not create files.
+  $ssh_replication_rsa_pubkey_contents = '', # If left emptry will not create files.
  $gerrit_auth_type = 'OPENID_SSO',
  $gerrit_contributor_agreement = true,
  $openidssourl = 'https://login.launchpad.net/+openid',
@ -188,6 +190,13 @@ class gerrit(
    require => User['gerrit2'],
  }

+  file { '/home/gerrit2/.ssh':
+    ensure  => directory,
+    owner   => 'gerrit2',
+    mode    => '0700',
+    require => User['gerrit2'],
+  }
+
  file { '/home/gerrit2/review_site/etc':
    ensure  => directory,
    owner   => 'gerrit2',
@ -425,6 +434,28 @@ class gerrit(
    }
  }

+  if $ssh_replication_rsa_key_contents != '' {
+    file { '/home/gerrit2/.ssh/id_rsa':
+      owner   => 'gerrit2',
+      group   => 'gerrit2',
+      mode    => '0600',
+      content => $ssh_replication_rsa_key_contents,
+      replace => true,
+      require => File['/home/gerrit2/.ssh']
+    }
+  }
+
+  if $ssh_replication_rsa_pubkey_contents != '' {
+    file { '/home/gerrit2/id_rsa.pub':
+      owner   => 'gerrit2',
+      group   => 'gerrit2',
+      mode    => '0644',
+      content => $ssh_replication_rsa_pubkey_contents,
+      replace => true,
+      require => File['/home/gerrit2/.ssh']
+    }
+  }
+
  # Install Gerrit itself.

  # The Gerrit WAR is specified as a url like
--- a/modules/openstack_project/manifests/gerrit.pp
+++ b/modules/openstack_project/manifests/gerrit.pp
@ -24,6 +24,8 @@ class openstack_project::gerrit (
  $ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
  $ssh_welcome_rsa_key_contents='', # If left empty will not create file.
  $ssh_welcome_rsa_pubkey_contents='', # If left empty will not create file.
+  $ssh_replication_rsa_key_contents='', # If left empty will not create file.
+  $ssh_replication_rsa_pubkey_contents='', # If left empty will not create file.
  $email = '',
  $database_poollimit = '',
  $container_heaplimit = '',
@ -116,6 +118,8 @@ class openstack_project::gerrit (
    ssh_rsa_pubkey_contents             => $ssh_rsa_pubkey_contents,
    ssh_project_rsa_key_contents        => $ssh_project_rsa_key_contents,
    ssh_project_rsa_pubkey_contents     => $ssh_project_rsa_pubkey_contents,
+    ssh_replication_rsa_key_contents    => $ssh_replication_rsa_key_contents,
+    ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
    email                               => $email,
    openidssourl                        => 'https://login.launchpad.net/+openid',
    database_poollimit                  => $database_poollimit,
--- a/modules/openstack_project/manifests/review.pp
+++ b/modules/openstack_project/manifests/review.pp
@ -55,6 +55,9 @@ class openstack_project::review (
  # manage-projects's user ssh key.
  $ssh_project_rsa_key_contents='',
  $ssh_project_rsa_pubkey_contents='',
+  # SSH key for outbound ssh-based replication.
+  $ssh_replication_rsa_key_contents='',
+  $ssh_replication_rsa_pubkey_contents='',
  # welcome-message's user ssh key.
  $ssh_welcome_rsa_key_contents='',
  $ssh_welcome_rsa_pubkey_contents='',
@ -95,10 +98,12 @@ class openstack_project::review (
    ssh_rsa_pubkey_contents             => $ssh_rsa_pubkey_contents,
    ssh_project_rsa_key_contents        => $ssh_project_rsa_key_contents,
    ssh_project_rsa_pubkey_contents     => $ssh_project_rsa_pubkey_contents,
+    ssh_replication_rsa_key_contents    => $ssh_replication_rsa_key_contents,
+    ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
    ssh_welcome_rsa_key_contents        => $ssh_welcome_rsa_key_contents,
    ssh_welcome_rsa_pubkey_contents     => $ssh_welcome_rsa_pubkey_contents,
    email                               => 'review@openstack.org',
-      # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
+      # 1 + 100 + 9 + 2 + 2 + 25 => 139(rounded up)
    database_poollimit                  => '150',
    container_heaplimit                 => '8g',
    core_packedgitopenfiles             => '4096',