From 73c0175819bd4177ca7917b9cbce813c307e4fc2 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Wed, 8 Jan 2014 01:41:38 +0000
Subject: [PATCH] Allow zuul to push to git servers

* manifests/site.pp
* modules/openstack_project/manifests/git_backend.pp: Add the zuul
server's public SSH key to a dedicated zuul account on the git
server farm. This will allow zuul to push arbitrary references into
its scratch repositories. Also set ownership on its scratch
repository hierarchy and pack them, properly skipping it in the
existing cgit repo repack since ownership differs.

Change-Id: I4b5b583847c828aadc903270433882531e5b1ea7
---
 manifests/site.pp                             |  1 +
 .../manifests/git_backend.pp                  | 74 ++++++++++++++++++-
 2 files changed, 72 insertions(+), 3 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 00ff72a5be..b168854214 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -380,6 +380,7 @@ node /^git\d+\.openstack\.org$/ {
     vhost_name              => 'git.openstack.org',
     sysadmins               => hiera('sysadmins'),
     git_gerrit_ssh_key      => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
+    git_zuul_ssh_key        => $openstack_project::jenkins_ssh_key,
     ssl_cert_file_contents  => hiera('git_ssl_cert_file_contents'),
     ssl_key_file_contents   => hiera('git_ssl_key_file_contents'),
     ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'),
diff --git a/modules/openstack_project/manifests/git_backend.pp b/modules/openstack_project/manifests/git_backend.pp
index abfa338665..2218410843 100644
--- a/modules/openstack_project/manifests/git_backend.pp
+++ b/modules/openstack_project/manifests/git_backend.pp
@@ -19,6 +19,7 @@ class openstack_project::git_backend (
   $vhost_name = $::fqdn,
   $sysadmins = [],
   $git_gerrit_ssh_key = '',
+  $git_zuul_ssh_key = '',
   $ssl_cert_file_contents = '',
   $ssl_key_file_contents = '',
   $ssl_chain_file_contents = '',
@@ -84,8 +85,15 @@ class openstack_project::git_backend (
   exec { 'create_cgitrepos':
     command     => 'create-cgitrepos',
     path        => '/bin:/usr/bin:/usr/local/bin',
-    environment => 'SCRATCH_SUBPATH=zuul',
-    require     => File['/home/cgit/projects.yaml'],
+    environment => [
+      'SCRATCH_SUBPATH=zuul',
+      'SCRATCH_OWNER=zuul',
+      'SCRATCH_GROUP=zuul',
+    ],
+    require     => [
+      File['/home/cgit/projects.yaml'],
+      User['zuul'],
+    ],
     subscribe   => File['/home/cgit/projects.yaml'],
     refreshonly => true,
   }
@@ -99,7 +107,7 @@ class openstack_project::git_backend (
     weekday     => '0',
     hour        => '4',
     minute      => '7',
-    command     => 'find /var/lib/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;',
+    command     => 'find /var/lib/git/ -not -path /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;',
     environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
     require     => User['cgit'],
   }
@@ -135,4 +143,64 @@ class openstack_project::git_backend (
     mode    => '0755',
     source  => 'puppet:///modules/openstack_project/git/commit-filter.sh',
   }
+
+  user { 'zuul':
+    ensure     => present,
+    home       => '/home/zuul',
+    shell      => '/bin/bash',
+    gid        => 'zuul',
+    managehome => true,
+    require    => Group['zuul'],
+  }
+
+  group { 'zuul':
+    ensure => present,
+  }
+
+  file {'/home/zuul':
+    ensure  => directory,
+    owner   => 'zuul',
+    group   => 'zuul',
+    mode    => '0755',
+    require => User['zuul'],
+  }
+
+  file { '/var/lib/git/zuul':
+    ensure  => directory,
+    owner   => 'zuul',
+    group   => 'zuul',
+    mode    => '0755',
+    require => [
+      User['zuul'],
+      File['/var/lib/git'],
+    ]
+  }
+
+  file { '/home/zuul/.ssh':
+    ensure  => directory,
+    owner   => 'zuul',
+    group   => 'zuul',
+    mode    => '0700',
+    require => User['zuul'],
+  }
+
+  file { '/home/zuul/.ssh/authorized_keys':
+    owner   => 'zuul',
+    group   => 'zuul',
+    mode    => '0600',
+    content => $git_zuul_ssh_key,
+    replace => true,
+    require => File['/home/zuul/.ssh']
+  }
+
+  cron { 'mirror_repack_zuul':
+    user        => 'zuul',
+    weekday     => '0',
+    hour        => '4',
+    minute      => '7',
+    command     => 'find /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;',
+    environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
+    require     => User['zuul'],
+  }
+
 }