diff --git a/manifests/site.pp b/manifests/site.pp index b701c177d7..7043473534 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -21,23 +21,31 @@ node 'review.openstack.org' { ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'), ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'), ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'), + ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'), + ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'), + ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'), + ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'), sysadmins => hiera('sysadmins'), } } node 'gerrit-dev.openstack.org', 'review-dev.openstack.org' { class { 'openstack_project::review_dev': - github_oauth_token => hiera('gerrit_dev_github_token'), - mysql_password => hiera('gerrit_dev_mysql_password'), - mysql_root_password => hiera('gerrit_dev_mysql_root_password'), - email_private_key => hiera('gerrit_dev_email_private_key'), - contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'), - contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'), - lp_sync_key => hiera('gerrit_dev_lp_sync_key'), - lp_sync_pubkey => hiera('gerrit_dev_lp_sync_pubkey'), - lp_sync_token => hiera('gerrit_dev_lp_access_token'), - lp_sync_secret => hiera('gerrit_dev_lp_access_secret'), - sysadmins => hiera('sysadmins'), + github_oauth_token => hiera('gerrit_dev_github_token'), + mysql_password => hiera('gerrit_dev_mysql_password'), + mysql_root_password => hiera('gerrit_dev_mysql_root_password'), + email_private_key => hiera('gerrit_dev_email_private_key'), + contactstore_appsec => hiera('gerrit_dev_contactstore_appsec'), + contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey'), + ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents'), + ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents'), + ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents'), + ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents'), + lp_sync_key => hiera('gerrit_dev_lp_sync_key'), + lp_sync_pubkey => hiera('gerrit_dev_lp_sync_pubkey'), + lp_sync_token => hiera('gerrit_dev_lp_access_token'), + lp_sync_secret => hiera('gerrit_dev_lp_access_secret'), + sysadmins => hiera('sysadmins'), } } diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp index 0d606e9959..0b417cdef1 100644 --- a/modules/gerrit/manifests/init.pp +++ b/modules/gerrit/manifests/init.pp @@ -74,6 +74,10 @@ class gerrit($vhost_name=$fqdn, $ssl_cert_file_contents='', # If left empty puppet will not create file. $ssl_key_file_contents='', # If left empty puppet will not create file. $ssl_chain_file_contents='', # If left empty puppet will not create file. + $ssh_dsa_key_contents='', # If left empty puppet will not create file. + $ssh_dsa_pubkey_contents='', # If left empty puppet will not create file. + $ssh_rsa_key_contents='', # If left empty puppet will not create file. + $ssh_rsa_pubkey_contents='', # If left empty puppet will not create file. $openidssourl='https://login.launchpad.net/+openid', $email='', $database_poollimit='', @@ -323,6 +327,50 @@ class gerrit($vhost_name=$fqdn, } } + if $ssh_dsa_key_contents != '' { + file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0600', + content => $ssh_dsa_key_contents, + replace => true, + require => File['/home/gerrit2/review_site/etc'] + } + } + + if $ssh_dsa_pubkey_contents != '' { + file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key.pub': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0644', + content => $ssh_dsa_pubkey_contents, + replace => true, + require => File['/home/gerrit2/review_site/etc'] + } + } + + if $ssh_rsa_key_contents != '' { + file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0600', + content => $ssh_rsa_key_contents, + replace => true, + require => File['/home/gerrit2/review_site/etc'] + } + } + + if $ssh_rsa_pubkey_contents != '' { + file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key.pub': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0644', + content => $ssh_rsa_pubkey_contents, + replace => true, + require => File['/home/gerrit2/review_site/etc'] + } + } + # Install Gerrit itself. # The Gerrit WAR is specified as a url like 'http://tarballs.openstack.org/ci/gerrit-2.2.2-363-gd0a67ce.war' diff --git a/modules/openstack_project/manifests/gerrit.pp b/modules/openstack_project/manifests/gerrit.pp index 9b27d3d7e7..4980804954 100644 --- a/modules/openstack_project/manifests/gerrit.pp +++ b/modules/openstack_project/manifests/gerrit.pp @@ -14,6 +14,10 @@ class openstack_project::gerrit ( $ssl_cert_file_contents='', $ssl_key_file_contents='', $ssl_chain_file_contents='', + $ssh_dsa_key_contents='', # If left empty puppet will not create file. + $ssh_dsa_pubkey_contents='', # If left empty puppet will not create file. + $ssh_rsa_key_contents='', # If left empty puppet will not create file. + $ssh_rsa_pubkey_contents='', # If left empty puppet will not create file. $email='', $database_poollimit='', $container_heaplimit='', @@ -62,6 +66,10 @@ class openstack_project::gerrit ( ssl_cert_file_contents => $ssl_cert_file_contents, ssl_key_file_contents => $ssl_key_file_contents, ssl_chain_file_contents => $ssl_chain_file_contents, + ssh_dsa_key_contents => $ssh_dsa_key_contents, + ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents, + ssh_rsa_key_contents => $ssh_rsa_key_contents, + ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents, email => $email, openidssourl => "https://login.launchpad.net/+openid", database_poollimit => $database_poollimit, diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp index 65fe626da8..0948324904 100644 --- a/modules/openstack_project/manifests/review.pp +++ b/modules/openstack_project/manifests/review.pp @@ -33,6 +33,10 @@ class openstack_project::review ( $ssl_cert_file_contents = '', $ssl_key_file_contents = '', $ssl_chain_file_contents = '', + $ssh_dsa_key_contents='', + $ssh_dsa_pubkey_contents='', + $ssh_rsa_key_contents='', + $ssh_rsa_pubkey_contents='', $sysadmins = [] ) { class { 'openstack_project::gerrit': @@ -42,6 +46,10 @@ class openstack_project::review ( ssl_cert_file_contents => $ssl_cert_file_contents, ssl_key_file_contents => $ssl_key_file_contents, ssl_chain_file_contents => $ssl_chain_file_contents, + ssh_dsa_key_contents => $ssh_dsa_key_contents, + ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents, + ssh_rsa_key_contents => $ssh_rsa_key_contents, + ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents, email => 'review@openstack.org', database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up) container_heaplimit => '8g', diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp index 3aac535b05..5fd32690d4 100644 --- a/modules/openstack_project/manifests/review_dev.pp +++ b/modules/openstack_project/manifests/review_dev.pp @@ -5,6 +5,10 @@ class openstack_project::review_dev ( $email_private_key, $contactstore_appsec, $contactstore_pubkey, + $ssh_dsa_key_contents='', + $ssh_dsa_pubkey_contents='', + $ssh_rsa_key_contents='', + $ssh_rsa_pubkey_contents='', $cla_description='OpenStack Individual Contributor License Agreement', $cla_file='static/cla.html', $cla_id='2', @@ -22,6 +26,10 @@ class openstack_project::review_dev ( ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', ssl_chain_file => '', + ssh_dsa_key_contents => $ssh_dsa_key_contents, + ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents, + ssh_rsa_key_contents => $ssh_rsa_key_contents, + ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents, email => "review-dev@openstack.org", war => 'http://tarballs.openstack.org/ci/test/gerrit-2.4.2-14-gd77b4cd.war', contactstore => true,