opendev/system-config
Code Issues Proposed changes

Switch to ansible on review-dev

Browse Source 
The review-dev service playbook should do everything now that
the puppet did. Update how we're running things.

Change-Id: I70303c48328ea6713c24bf9c6f63d4808d30b95c
This commit is contained in:
Monty Taylor 2020-01-14 12:04:15 -06:00
parent 3deef00ba9
commit 6f3a2792cc
4 changed files with 4 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inventory/groups.yaml
View File

@ -136,7 +136,6 @@ groups:
- pbx[0-9]*.opendev.org - pbx[0-9]*.opendev.org
- planet[0-9]*.open*.org - planet[0-9]*.open*.org
- refstack*.open*.org - refstack*.open*.org
- review-dev[0-9]*.open*.org
- review[0-9]*.open*.org - review[0-9]*.open*.org
- static*.open*.org - static*.open*.org
- status*.open*.org - status*.open*.org
@ -186,7 +185,6 @@ groups:
- planet[0-9]*.open*.org - planet[0-9]*.open*.org
- refstack*.open*.org - refstack*.open*.org
- review[0-9]*.open*.org - review[0-9]*.open*.org
- review-dev[0-9]*.open*.org
- static*.open*.org - static*.open*.org
- status*.open*.org - status*.open*.org
- storyboard[0-9]*.opendev.org - storyboard[0-9]*.opendev.org

32
manifests/site.pp
View File

@ -73,38 +73,6 @@ node /^review\d*\.open.*\.org$/ {
} }
} }
# Node-OS: xenial
node /^review-dev\d*\.open.*\.org$/ {
$group = "review-dev"
class { 'openstack_project::server':
afs => true,
}
class { 'openstack_project::review_dev':
project_config_repo => 'https://opendev.org/openstack/project-config',
github_oauth_token => hiera('gerrit_dev_github_token'),
github_project_username => hiera('github_dev_project_username', 'username'),
github_project_password => hiera('github_dev_project_password'),
mysql_host => hiera('gerrit_dev_mysql_host', 'localhost'),
mysql_password => hiera('gerrit_dev_mysql_password'),
email_private_key => hiera('gerrit_dev_email_private_key'),
ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'),
ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents'),
ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents'),
ssh_replication_rsa_key_contents => hiera('gerrit_dev_replication_ssh_rsa_key_contents'),
ssh_replication_rsa_pubkey_contents => hiera('gerrit_dev_replication_ssh_rsa_pubkey_contents'),
lp_access_token => hiera('gerrit_dev_lp_access_token'),
lp_access_secret => hiera('gerrit_dev_lp_access_secret'),
lp_consumer_key => hiera('gerrit_dev_lp_consumer_key'),
storyboard_password => hiera('gerrit_dev_storyboard_token'),
storyboard_ssl_cert => hiera('gerrit_dev_storyboard_ssl_crt'),
}
}
# Node-OS: xenial # Node-OS: xenial
# Puppet-Version: !3 # Puppet-Version: !3
node /^grafana\d*\.open.*\.org$/ { node /^grafana\d*\.open.*\.org$/ {

271
modules/openstack_project/manifests/review_dev.pp
View File

@ -1,271 +0,0 @@
# == Class: openstack_project::review_dev
#
class openstack_project::review_dev (
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_host = '',
$mysql_password = '',
$email_private_key = '',
$ssh_dsa_key_contents = '',
$ssh_dsa_pubkey_contents = '',
$ssh_rsa_key_contents = '',
$ssh_rsa_pubkey_contents = '',
$ssh_project_rsa_key_contents = '',
$ssh_project_rsa_pubkey_contents = '',
# SSH key for outbound ssh-based replication.
$ssh_replication_rsa_key_contents='',
$ssh_replication_rsa_pubkey_contents='',
# Launchpad creds for bug/blueprint updates
$lp_access_token = '',
$lp_access_secret = '',
$lp_consumer_key = '',
$swift_username = '',
$swift_password = '',
$storyboard_password = '',
$storyboard_ssl_cert = '',
$project_config_repo = '',
$projects_config = 'openstack_project/review-dev.projects.ini.erb',
$gerrit_configure = true,
) {
case $::lsbdistcodename {
'trusty': {
$jre_package = 'openjdk-7-jre-headless'
$java_home = '/usr/lib/jvm/java-7-openjdk-amd64/jre'
}
'xenial': {
$jre_package = 'openjdk-8-jre-headless'
$java_home = '/usr/lib/jvm/java-8-openjdk-amd64/jre'
}
default: {
fail("Operating system release ${::lsbdistcodename} not supported.")
}
}
class { 'project_config':
url => $project_config_repo,
base => 'dev/',
}
if ($gerrit_configure) {
$accountpatchreviewdb_url = "jdbc:mysql://${mysql_host}:3306/accountPatchReviewDb?characterSetResults=utf8&characterEncoding=utf8&connectionCollation=utf8_bin&useUnicode=yes&user=gerrit2&password=${mysql_password}"
class { 'openstack_project::gerrit':
vhost_name => 'review-dev.openstack.org',
canonicalweburl => 'https://review-dev.openstack.org/',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
ssh_replication_rsa_key_contents => $ssh_replication_rsa_key_contents,
ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
email => 'review-dev@openstack.org',
war =>
'https://tarballs.openstack.org/gerrit/gerrit-v2.13.12.11.1707fec.war',
acls_dir => $::project_config::gerrit_acls_dir,
notify_impact_file => $::project_config::gerrit_notify_impact_file,
projects_file => $::project_config::jeepyb_project_file,
projects_config => $projects_config,
github_username => 'openstack-gerrit-dev',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_host => $mysql_host,
mysql_password => $mysql_password,
accountpatchreviewdb_url => $accountpatchreviewdb_url,
email_private_key => $email_private_key,
gitweb => false,
cgit => true,
web_repo_url => 'https://git.openstack.org/cgit/',
web_repo_url_encode => false,
swift_username => $swift_username,
swift_password => $swift_password,
replication_force_update => true,
replication_auto_reload => true,
commentlinks => [
{
name => 'bugheader',
match => '([Cc]loses|[Pp]artial|[Rr]elated)-[Bb]ug:\\\\s*#?(\\\\d+)',
link => 'https://launchpad.net/bugs/$2',
},
{
name => 'bug',
match => '\\\\b[Bb]ug:? #?(\\\\d+)',
link => 'https://launchpad.net/bugs/$1',
},
{
name => 'story',
match => '\\\\b[Ss]tory:? #?(\\\\d+)',
link => 'https://storyboard-dev.openstack.org/#!/story/$1',
},
{
name => 'task',
match => '\\\\b[Tt]ask:? #?(\\\\d+)',
link => 'https://storyboard-dev.openstack.org/#!/task/$1',
},
{
name => 'its-storyboard',
match => '\\\\b[Tt]ask:? #?(\\\\d+)',
link => 'task: $1',
},
{
name => 'blueprint',
match => '(\\\\b[Bb]lue[Pp]rint\\\\b|\\\\b[Bb][Pp]\\\\b)[ \\\\t#:]*([A-Za-z0-9\\\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2',
},
{
name => 'testresult',
match => '<li>([^ ]+) <a href=\"[^\"]+\" target=\"_blank\" rel=\"nofollow\">([^<]+)</a> : ([^ ]+)([^<]*)</li>',
html => '<li class=\"comment_test\"><span class=\"comment_test_name\"><a href=\"$2\" rel=\"nofollow\">$1</a></span> <span class=\"comment_test_result\"><span class=\"result_$3\">$3</span>$4</span></li>',
},
{
name => 'testresultabort',
match => '<li>([^ ]*) (finger://[^ ]*) : ([^ ]*)([^<]*)</li>',
html => '<li class=\"comment_test\"><span class=\"comment_test_name\">$1</span> <span class=\"comment_test_result\"><span class=\"result_FAILURE\">$3</span>$4</span></li>',
},
{
name => 'launchpadbug',
match => '<a href=\"(https://bugs\\\\.launchpad\\\\.net/[a-zA-Z0-9\\\\.]+/\\\\+bug/(\\\\d+))[^\"]*\">[^<]+</a>',
html => '<a href=\"$1\">$1</a>'
},
{
name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '/#/q/$1',
},
{
name => 'gitsha',
match => '(<p>|[\\\\s(])([0-9a-f]{40})(</p>|[\\\\s.,;:)])',
html => '$1<a href=\"/#/q/$2\">$2</a>$3',
},
],
its_plugins => [
{
name => 'its-storyboard',
password => $storyboard_password,
url => 'https://storyboard-dev.openstack.org',
},
],
# See https://gerrit.googlesource.com/plugins/its-storyboard
# /+/stable-2.13/src/main/resources/Documentation
# /quick-install-guide.md#its_actions_its_actionsconfigure-its-actions
# for documentation on these options.
its_rules => [
{
name => 'LOG',
action => 'log-event error',
},
{
name => 'comment-on-status-update',
event_type => 'patchset-created,change-abandoned,change-restored,change-merged',
action => 'add-standard-comment',
},
{
name => 'change_abandoned',
event_type => 'change-abandoned',
action => 'set-status TODO',
},
{
name => 'change_in_progress',
event_type => 'patchset-created,change-restored',
action => 'set-status REVIEW',
},
{
name => 'change_merged',
event_type => 'change-merged',
action => 'set-status MERGED',
},
],
replication => [
{
name => 'github',
url => 'git@github.com:',
authGroup => 'Anonymous Users',
replicationDelay => '1',
replicatePermissions => false,
mirror => true,
projects => [
'gtest-org/*',
'kdc*',
]
},
{
name => 'local',
url => 'file:///opt/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'afs',
url => 'file:///afs/openstack.org/mirror/git-sandbox/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
],
require => $::project_config::config_dir,
}
gerrit::plugin { 'javamelody': version => 'v2.13.3.e4233d6' }
gerrit::plugin { 'its-storyboard': version => '805f9ac' }
# create a file containing the ssl certificate
file { '/home/gerrit2/storyboard-dev.crt':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $storyboard_ssl_cert,
replace => true,
require => User['gerrit2'],
}
# Import certificate to java to allow gerrit its plugins to POST to storyboard
exec { 'import-java-certs':
user => 'root',
command => "keytool -import -alias storyboard-dev.openstack.org -keystore $java_home/lib/security/cacerts -file /home/gerrit2/storyboard-dev.crt -storepass changeit -noprompt",
unless => "keytool -list -alias storyboard-dev.openstack.org -storepass changeit -keystore $java_home/lib/security/cacerts >/dev/null 2>&1",
path => '/bin:/usr/bin',
require => [
Package[$jre_package],
File['/home/gerrit2/storyboard-dev.crt'],
],
}
} else {
# Only create gerrit user / group so we can bring a server online.
include ::gerrit::user
}
package { 'python-launchpadlib':
ensure => present,
}
file { '/home/gerrit2/.launchpadlib':
ensure => directory,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0775',
require => User['gerrit2'],
}
file { '/home/gerrit2/.launchpadlib/creds':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => template('openstack_project/infra_lp_creds.erb'),
replace => true,
require => User['gerrit2'],
}
include bup
bup::site { 'ord.rax':
backup_user => 'bup-review-dev',
backup_server => 'backup01.ord.rax.ci.openstack.org',
}
}

4
run_all.sh
View File

@ -129,6 +129,10 @@ start_timer
timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/service-zuul.yaml timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/service-zuul.yaml
send_timer zuul send_timer zuul
start_timer
timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/service-review-dev.yaml
send_timer nodepool
# Run the git/gerrit/zuul sequence, since it's important that they all work together # Run the git/gerrit/zuul sequence, since it's important that they all work together
start_timer start_timer
timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/remote_puppet_git.yaml timeout -k 2m 30m ansible-playbook -f 50 ${ANSIBLE_PLAYBOOKS}/remote_puppet_git.yaml