opendev/system-config
Code Issues Proposed changes

Have hiera and puppet manage gerrit ssh:29418 keys

Browse Source 
Have hiera and puppet manage gerrits ssh:29418 keys (RSA and DSA). These
keys go in /home/gerrit2/review_site/etc.

Change-Id: If8cb3ec5a2e2c582b7fa6d87c520fc0cb7c2f205
Reviewed-on: https://review.openstack.org/14365
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This commit is contained in:
Clark Boylan 2012-10-11 16:03:31 -07:00 committed by Jenkins
parent 25c8b4804d
commit a14e20e900
5 changed files with 91 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
manifests/site.pp
View File

@ -21,23 +21,31 @@ node 'review.openstack.org' {
ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'),
ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'),
ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
sysadmins => hiera('sysadmins'),
}
}
node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' {
class { 'openstack_project::review_dev':
github_oauth_token => hiera('gerrit_dev_github_token'),
mysql_password => hiera('gerrit_dev_mysql_password'),
mysql_root_password => hiera('gerrit_dev_mysql_root_password'),
email_private_key => hiera('gerrit_dev_email_private_key'),
contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'),
contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'),
lp_sync_key => hiera('gerrit_dev_lp_sync_key'),
lp_sync_pubkey => hiera('gerrit_dev_lp_sync_pubkey'),
lp_sync_token => hiera('gerrit_dev_lp_access_token'),
lp_sync_secret => hiera('gerrit_dev_lp_access_secret'),
sysadmins => hiera('sysadmins'),
github_oauth_token => hiera('gerrit_dev_github_token'),
mysql_password => hiera('gerrit_dev_mysql_password'),
mysql_root_password => hiera('gerrit_dev_mysql_root_password'),
email_private_key => hiera('gerrit_dev_email_private_key'),
contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'),
contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'),
ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'),
ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'),
lp_sync_key => hiera('gerrit_dev_lp_sync_key'),
lp_sync_pubkey => hiera('gerrit_dev_lp_sync_pubkey'),
lp_sync_token => hiera('gerrit_dev_lp_access_token'),
lp_sync_secret => hiera('gerrit_dev_lp_access_secret'),
sysadmins => hiera('sysadmins'),
}
}

48
modules/gerrit/manifests/init.pp
View File

@ -74,6 +74,10 @@ class gerrit($vhost_name=$fqdn,
$ssl_cert_file_contents='', # If left empty puppet will not create file.
$ssl_key_file_contents='', # If left empty puppet will not create file.
$ssl_chain_file_contents='', # If left empty puppet will not create file.
$ssh_dsa_key_contents='', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents='', # If left empty puppet will not create file.
$openidssourl='https://login.launchpad.net/+openid',
$email='',
$database_poollimit='',
@ -323,6 +327,50 @@ class gerrit($vhost_name=$fqdn,
}
}
if $ssh_dsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_dsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_dsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_dsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
# Install Gerrit itself.
# The Gerrit WAR is specified as a url like 'http://tarballs.openstack.org/ci/gerrit-2.2.2-363-gd0a67ce.war'

8
modules/openstack_project/manifests/gerrit.pp
View File

@ -14,6 +14,10 @@ class openstack_project::gerrit (
$ssl_cert_file_contents='',
$ssl_key_file_contents='',
$ssl_chain_file_contents='',
$ssh_dsa_key_contents='', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents='', # If left empty puppet will not create file.
$email='',
$database_poollimit='',
$container_heaplimit='',
@ -62,6 +66,10 @@ class openstack_project::gerrit (
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
email => $email,
openidssourl => "https://login.launchpad.net/+openid",
database_poollimit => $database_poollimit,

8
modules/openstack_project/manifests/review.pp
View File

@ -33,6 +33,10 @@ class openstack_project::review (
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$ssh_dsa_key_contents='',
$ssh_dsa_pubkey_contents='',
$ssh_rsa_key_contents='',
$ssh_rsa_pubkey_contents='',
$sysadmins = []
) {
class { 'openstack_project::gerrit':
@ -42,6 +46,10 @@ class openstack_project::review (
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
email => 'review@openstack.org',
database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
container_heaplimit => '8g',

8
modules/openstack_project/manifests/review_dev.pp
View File

@ -5,6 +5,10 @@ class openstack_project::review_dev (
$email_private_key,
$contactstore_appsec,
$contactstore_pubkey,
$ssh_dsa_key_contents='',
$ssh_dsa_pubkey_contents='',
$ssh_rsa_key_contents='',
$ssh_rsa_pubkey_contents='',
$cla_description='OpenStack Individual Contributor License Agreement',
$cla_file='static/cla.html',
$cla_id='2',
@ -22,6 +26,10 @@ class openstack_project::review_dev (
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
email => "review-dev@openstack.org",
war => 'http://tarballs.openstack.org/ci/test/gerrit-2.4.2-14-gd77b4cd.war',
contactstore => true,