Allow zuul to push to git servers

* manifests/site.pp
* modules/openstack_project/manifests/git_backend.pp: Add the zuul
server's public SSH key to a dedicated zuul account on the git
server farm. This will allow zuul to push arbitrary references into
its scratch repositories. Also set ownership on its scratch
repository hierarchy and pack them, properly skipping it in the
existing cgit repo repack since ownership differs.

Change-Id: I4b5b583847c828aadc903270433882531e5b1ea7
This commit is contained in:
Jeremy Stanley 2014-01-08 01:41:38 +00:00 committed by James E. Blair
parent 0a68468f4d
commit 73c0175819
2 changed files with 72 additions and 3 deletions

View File

@ -380,6 +380,7 @@ node /^git\d+\.openstack\.org$/ {
vhost_name => 'git.openstack.org', vhost_name => 'git.openstack.org',
sysadmins => hiera('sysadmins'), sysadmins => hiera('sysadmins'),
git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents'), git_gerrit_ssh_key => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
git_zuul_ssh_key => $openstack_project::jenkins_ssh_key,
ssl_cert_file_contents => hiera('git_ssl_cert_file_contents'), ssl_cert_file_contents => hiera('git_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('git_ssl_key_file_contents'), ssl_key_file_contents => hiera('git_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'), ssl_chain_file_contents => hiera('git_ssl_chain_file_contents'),

View File

@ -19,6 +19,7 @@ class openstack_project::git_backend (
$vhost_name = $::fqdn, $vhost_name = $::fqdn,
$sysadmins = [], $sysadmins = [],
$git_gerrit_ssh_key = '', $git_gerrit_ssh_key = '',
$git_zuul_ssh_key = '',
$ssl_cert_file_contents = '', $ssl_cert_file_contents = '',
$ssl_key_file_contents = '', $ssl_key_file_contents = '',
$ssl_chain_file_contents = '', $ssl_chain_file_contents = '',
@ -84,8 +85,15 @@ class openstack_project::git_backend (
exec { 'create_cgitrepos': exec { 'create_cgitrepos':
command => 'create-cgitrepos', command => 'create-cgitrepos',
path => '/bin:/usr/bin:/usr/local/bin', path => '/bin:/usr/bin:/usr/local/bin',
environment => 'SCRATCH_SUBPATH=zuul', environment => [
require => File['/home/cgit/projects.yaml'], 'SCRATCH_SUBPATH=zuul',
'SCRATCH_OWNER=zuul',
'SCRATCH_GROUP=zuul',
],
require => [
File['/home/cgit/projects.yaml'],
User['zuul'],
],
subscribe => File['/home/cgit/projects.yaml'], subscribe => File['/home/cgit/projects.yaml'],
refreshonly => true, refreshonly => true,
} }
@ -99,7 +107,7 @@ class openstack_project::git_backend (
weekday => '0', weekday => '0',
hour => '4', hour => '4',
minute => '7', minute => '7',
command => 'find /var/lib/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;', command => 'find /var/lib/git/ -not -path /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;',
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin', environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
require => User['cgit'], require => User['cgit'],
} }
@ -135,4 +143,64 @@ class openstack_project::git_backend (
mode => '0755', mode => '0755',
source => 'puppet:///modules/openstack_project/git/commit-filter.sh', source => 'puppet:///modules/openstack_project/git/commit-filter.sh',
} }
user { 'zuul':
ensure => present,
home => '/home/zuul',
shell => '/bin/bash',
gid => 'zuul',
managehome => true,
require => Group['zuul'],
}
group { 'zuul':
ensure => present,
}
file {'/home/zuul':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0755',
require => User['zuul'],
}
file { '/var/lib/git/zuul':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0755',
require => [
User['zuul'],
File['/var/lib/git'],
]
}
file { '/home/zuul/.ssh':
ensure => directory,
owner => 'zuul',
group => 'zuul',
mode => '0700',
require => User['zuul'],
}
file { '/home/zuul/.ssh/authorized_keys':
owner => 'zuul',
group => 'zuul',
mode => '0600',
content => $git_zuul_ssh_key,
replace => true,
require => File['/home/zuul/.ssh']
}
cron { 'mirror_repack_zuul':
user => 'zuul',
weekday => '0',
hour => '4',
minute => '7',
command => 'find /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;',
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
require => User['zuul'],
}
} }