Pass $mysql_password through to gerrit class

The `$mysql_password` variable is used by the `secure.config.erb`
template in the gerrit class, but is not passed from
openstack_project::review -> openstack_project::gerrit -> gerrit.
Instead it uses dynamic scopeing to find the variable and won't work in
Puppet 3. This adds the full parameter passing for Puppet 3.

This commit also adds "Template uses" comments immediately preceding
resources declarations which use a `template()` function to describe all
variables used by the gerrit templates. This greatly helps with
debugging issues such as this.

Change-Id: I747e3e4623444c0345a7aed3732b7d316f1a7726

modules/gerrit/manifests/init.pp

@@ -1,5 +1,7 @@
 # Install and maintain Gerrit Code Review.
 # params:
+#   mysql_password:
+#     The password with which gerrit connects to mysql.
 #   vhost_name:
 #     used in the Apache virtual host, eg., review.example.com
 #   canonicalweburl:
@@ -70,6 +72,7 @@
 # TODO: make more gerrit options configurable here
 #
 class gerrit(
+  $mysql_password,
   $war = '',
   $email_private_key = '',
   $vhost_name = $::fqdn,
@@ -222,6 +225,7 @@ class gerrit(
 
   # Skip replication if we're in test mode
   if ($testmode == false) {
+    # Template uses $replication
     file { '/home/gerrit2/review_site/etc/replication.config':
       ensure  => present,
       owner   => 'root',
@@ -234,6 +238,37 @@ class gerrit(
   }
 
   # Gerrit sets these permissions in 'init'; don't fight them.
+  # Template uses:
+  # - $canonicalweburl
+  # - $database_poollimit
+  # - $gerrit_contributor_agreement
+  # - $gerrit_auth_type
+  # - $openidssourl
+  # - $ldap_server
+  # - $ldap_username
+  # - $ldap_password
+  # - $ldap_account_base
+  # - $ldap_account_pattern
+  # - $ldap_account_email_address
+  # - $smtpserver
+  # - $sendmail_from
+  # - $java_home
+  # - $container_heaplimit
+  # - $core_packedgitopenfiles
+  # - $core_packedgitlimit
+  # - $core_packedgitwindowsize
+  # - $sshd_listen_address
+  # - $sshd_threads
+  # - $httpd_maxwait
+  # - $httpd_acceptorthreads
+  # - $httpd_minthreads
+  # - $httpd_maxthreads
+  # - $commentlinks
+  # - $enable_melody
+  # - $melody_session
+  # - $gitweb
+  # - $contactstore_appsec
+  # - $contactstore_url
   file { '/home/gerrit2/review_site/etc/gerrit.config':
     ensure  => present,
     owner   => 'gerrit2',
@@ -249,6 +284,7 @@ class gerrit(
   # Gerrit sets these permissions in 'init'; don't fight them.  If
   # these permissions aren't set correctly, gerrit init will write a
   # new secure.config file and lose the mysql password.
+  # Template uses $mysql_password, $email_private_key
   file { '/home/gerrit2/review_site/etc/secure.config':
     ensure  => present,
     owner   => 'gerrit2',
@@ -261,6 +297,16 @@ class gerrit(
 
   # Set up apache.
 
+  # Template uses:
+  # - $vhost_name
+  # - $serveradmin
+  # - $ssl_cert_file
+  # - $ssl_key_file
+  # - $ssl_chain_file
+  # - $canonicalweburl
+  # - $replicate_local
+  # - $contactstore
+  # - $robots_txt_source
   apache::vhost { $vhost_name:
     port     => 443,
     docroot  => 'MEANINGLESS ARGUMENT',
@@ -518,6 +564,7 @@ class gerrit(
         File['/home/gerrit2/review_site/lib'],
       ],
     }
+    # Template uses $contactstore_pubkey
     file { '/home/gerrit2/review_site/etc/contact_information.pub':
       ensure  => present,
       owner   => 'root',

modules/openstack_project/manifests/gerrit.pp

@@ -4,6 +4,7 @@
 # up for launchpad single sign on and bug/blueprint links
 
 class openstack_project::gerrit (
+  $mysql_password,
   $vhost_name = $::fqdn,
   $canonicalweburl = "https://${::fqdn}/",
   $serveradmin = 'webmaster@openstack.org',
@@ -153,6 +154,7 @@ class openstack_project::gerrit (
     contactstore_appsec             => $contactstore_appsec,
     contactstore_pubkey             => $contactstore_pubkey,
     contactstore_url                => $contactstore_url,
+    mysql_password                  => $mysql_password,
     email_private_key               => $email_private_key,
     replicate_local                 => $replicate_local,
     replication                     => $replication,

modules/openstack_project/manifests/review.pp

@@ -118,6 +118,7 @@ class openstack_project::review (
     github_project_username         => $github_project_username,
     github_project_password         => $github_project_password,
     trivial_rebase_role_id          => 'trivial-rebase@review.openstack.org',
+    mysql_password                  => $mysql_password,
     email_private_key               => $email_private_key,
     sysadmins                       => $sysadmins,
     swift_username                  => $swift_username,