opendev/system-config
Code Issues Proposed changes

Add gerrit_configure flag to review01.o.o

Browse Source 
This will allow us to bootstrap a server with gerrit users, then
attach the volumes with hold the git repos for gerrit, then we can
remove this flag and properly puppet the rest of the server.

We also create a 2nd node in site.pp as we need both server to be
online for about 2 weeks, this is to give users enough time to make
firewall changes if needed for the new IP address

Related-to: I9159c941ece4f6928204601b9933d7a953baa2dd

Change-Id: I88826298818a690d4c98b60a9fbf444fba48cef6
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This commit is contained in:
Paul Belanger 2018-03-22 11:06:15 -04:00
parent 39259a4858
commit a630bec2eb
No known key found for this signature in database
GPG Key ID: 611A80832067AF38
2 changed files with 268 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
manifests/site.pp
View File

@ -65,6 +65,53 @@ node 'review.openstack.org' {
} }
} }
# Node-OS: xenial
node 'review01.openstack.org' {
$iptables_rules =
['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' },
}
class { 'openstack_project::review':
gerrit_configure => false,
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
github_oauth_token => hiera('gerrit_github_token'),
github_project_username => hiera('github_project_username', 'username'),
github_project_password => hiera('github_project_password'),
mysql_host => hiera('gerrit_mysql_host', 'localhost'),
mysql_password => hiera('gerrit_mysql_password'),
email_private_key => hiera('gerrit_email_private_key'),
token_private_key => hiera('gerrit_rest_token_private_key'),
gerritbot_password => hiera('gerrit_gerritbot_password'),
gerritbot_ssh_rsa_key_contents => hiera('gerritbot_ssh_rsa_key_contents'),
gerritbot_ssh_rsa_pubkey_contents => hiera('gerritbot_ssh_rsa_pubkey_contents'),
ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'),
ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'),
ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents'),
ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents'),
ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key'),
ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key'),
ssh_replication_rsa_key_contents => hiera('gerrit_replication_ssh_rsa_key_contents'),
ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
lp_access_token => hiera('gerrit_lp_access_token'),
lp_access_secret => hiera('gerrit_lp_access_secret'),
lp_consumer_key => hiera('gerrit_lp_consumer_key'),
swift_username => hiera('swift_store_user', 'username'),
swift_password => hiera('swift_store_key'),
storyboard_password => hiera('gerrit_storyboard_token'),
}
}
# Node-OS: xenial # Node-OS: xenial
node /^review-dev\d*\.openstack\.org$/ { node /^review-dev\d*\.openstack\.org$/ {
$group = "review-dev" $group = "review-dev"

436
modules/openstack_project/manifests/review.pp
View File

@ -80,231 +80,237 @@ class openstack_project::review (
$storyboard_password = '', $storyboard_password = '',
$project_config_repo = '', $project_config_repo = '',
$projects_config = 'openstack_project/review.projects.ini.erb', $projects_config = 'openstack_project/review.projects.ini.erb',
$gerrit_configure = true,
) { ) {
class { 'project_config': class { 'project_config':
url => $project_config_repo, url => $project_config_repo,
} }
$accountpatchreviewdb_url = "jdbc:mysql://${mysql_host}:3306/accountPatchReviewDb?characterSetResults=utf8&characterEncoding=utf8&connectionCollation=utf8_bin&useUnicode=yes&user=gerrit2&password=${mysql_password}" if ($gerrit_configure) {
class { 'openstack_project::gerrit': $accountpatchreviewdb_url = "jdbc:mysql://${mysql_host}:3306/accountPatchReviewDb?characterSetResults=utf8&characterEncoding=utf8&connectionCollation=utf8_bin&useUnicode=yes&user=gerrit2&password=${mysql_password}"
git_http_url => 'https://git.openstack.org/', class { 'openstack_project::gerrit':
canonical_git_url => 'git://git.openstack.org/', git_http_url => 'https://git.openstack.org/',
ssl_cert_file => $ssl_cert_file, canonical_git_url => 'git://git.openstack.org/',
ssl_key_file => $ssl_key_file, ssl_cert_file => $ssl_cert_file,
ssl_chain_file => $ssl_chain_file, ssl_key_file => $ssl_key_file,
ssl_cert_file_contents => $ssl_cert_file_contents, ssl_chain_file => $ssl_chain_file,
ssl_key_file_contents => $ssl_key_file_contents, ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents, ssl_key_file_contents => $ssl_key_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents, ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents, ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents, ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents, ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents, ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents, ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_replication_rsa_key_contents => $ssh_replication_rsa_key_contents, ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents, ssh_replication_rsa_key_contents => $ssh_replication_rsa_key_contents,
ssh_welcome_rsa_key_contents => $ssh_welcome_rsa_key_contents, ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
ssh_welcome_rsa_pubkey_contents => $ssh_welcome_rsa_pubkey_contents, ssh_welcome_rsa_key_contents => $ssh_welcome_rsa_key_contents,
email => 'review@openstack.org', ssh_welcome_rsa_pubkey_contents => $ssh_welcome_rsa_pubkey_contents,
# 1 + 100 + 9 + 2 + 2 + 25 => 139(rounded up) email => 'review@openstack.org',
database_poollimit => '225', # 1 + 100 + 9 + 2 + 2 + 25 => 139(rounded up)
container_heaplimit => '48g', database_poollimit => '225',
core_packedgitopenfiles => '4096', container_heaplimit => '48g',
core_packedgitlimit => '400m', core_packedgitopenfiles => '4096',
core_packedgitwindowsize => '16k', core_packedgitlimit => '400m',
sshd_threads => '100', core_packedgitwindowsize => '16k',
index_threads => 4, sshd_threads => '100',
httpd_minthreads => '20', index_threads => 4,
httpd_maxthreads => '100', httpd_minthreads => '20',
httpd_maxqueued => '200', httpd_maxthreads => '100',
war => httpd_maxqueued => '200',
'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.13.9.4.2a605d5.war', war =>
acls_dir => $::project_config::gerrit_acls_dir, 'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.13.9.4.2a605d5.war',
notify_impact_file => $::project_config::gerrit_notify_impact_file, acls_dir => $::project_config::gerrit_acls_dir,
projects_file => $::project_config::jeepyb_project_file, notify_impact_file => $::project_config::gerrit_notify_impact_file,
projects_config => $projects_config, projects_file => $::project_config::jeepyb_project_file,
github_username => 'openstack-gerrit', projects_config => $projects_config,
github_oauth_token => $github_oauth_token, github_username => 'openstack-gerrit',
github_project_username => $github_project_username, github_oauth_token => $github_oauth_token,
github_project_password => $github_project_password, github_project_username => $github_project_username,
mysql_host => $mysql_host, github_project_password => $github_project_password,
mysql_password => $mysql_password, mysql_host => $mysql_host,
accountpatchreviewdb_url => $accountpatchreviewdb_url, mysql_password => $mysql_password,
email_private_key => $email_private_key, accountpatchreviewdb_url => $accountpatchreviewdb_url,
token_private_key => $token_private_key, email_private_key => $email_private_key,
swift_username => $swift_username, token_private_key => $token_private_key,
swift_password => $swift_password, swift_username => $swift_username,
commentlinks => [ swift_password => $swift_password,
{ commentlinks => [
name => 'bugheader', {
match => '([Cc]loses|[Pp]artial|[Rr]elated)-[Bb]ug:\\s*#?(\\d+)', name => 'bugheader',
link => 'https://launchpad.net/bugs/$2', match => '([Cc]loses|[Pp]artial|[Rr]elated)-[Bb]ug:\\s*#?(\\d+)',
link => 'https://launchpad.net/bugs/$2',
},
{
name => 'bug',
match => '\\b[Bb]ug:? #?(\\d+)',
link => 'https://launchpad.net/bugs/$1',
},
{
name => 'story',
match => '\\b[Ss]tory:? #?(\\d+)',
link => 'https://storyboard.openstack.org/#!/story/$1',
},
{
name => 'its-storyboard',
match => '\\b[Tt]ask:? #?(\\d+)',
link => 'task: $1',
},
{
name => 'blueprint',
match => '(\\b[Bb]lue[Pp]rint\\b|\\b[Bb][Pp]\\b)[ \\t#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2',
},
{
name => 'testresult',
match => '<li>([^ ]+) <a href=\"[^\"]+\" target=\"_blank\" rel=\"nofollow\">([^<]+)</a> : ([^ ]+)([^<]*)</li>',
html => '<li class=\"comment_test\"><span class=\"comment_test_name\"><a href=\"$2\" rel=\"nofollow\">$1</a></span> <span class=\"comment_test_result\"><span class=\"result_$3\">$3</span>$4</span></li>',
},
{
name => 'launchpadbug',
match => '<a href=\"(https://bugs\\.launchpad\\.net/[a-zA-Z0-9\\-]+/\\+bug/(\\d+))[^\"]*\">[^<]+</a>',
html => '<a href=\"$1\">$1</a>'
},
{
name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '/#/q/$1',
},
{
name => 'gitsha',
match => '(<p>|[\\s(])([0-9a-f]{40})(</p>|[\\s.,;:)])',
html => '$1<a href=\"/#/q/$2\">$2</a>$3',
},
],
its_plugins => [
{
name => 'its-storyboard',
password => $storyboard_password,
url => 'https://storyboard.openstack.org',
},
],
its_rules => [
{
name => 'change_abandoned',
event_type => 'change-abandoned',
action => 'set-status TODO',
},
{
name => 'change_in_progress',
event_type => 'patchset-created,change-restored',
action => 'set-status REVIEW',
},
{
name => 'change_merged',
event_type => 'change-merged',
action => 'set-status MERGED',
},
],
download => {
'command' => ['checkout', 'cherry_pick', 'pull', 'format_patch'],
'scheme' => ['ssh', 'anon_http', 'anon_git'],
'archive' => ['tar', 'tbz2', 'tgz', 'txz'],
}, },
{ replication_force_update => true,
name => 'bug', replication => [
match => '\\b[Bb]ug:? #?(\\d+)', {
link => 'https://launchpad.net/bugs/$1', name => 'github',
}, url => 'git@github.com:',
{ authGroup => 'Anonymous Users',
name => 'story', replicationDelay => '1',
match => '\\b[Ss]tory:? #?(\\d+)', replicatePermissions => false,
link => 'https://storyboard.openstack.org/#!/story/$1', mirror => true,
}, },
{ {
name => 'its-storyboard', name => 'local',
match => '\\b[Tt]ask:? #?(\\d+)', url => 'file:///opt/lib/git/',
link => 'task: $1', replicationDelay => '1',
}, threads => '4',
{ mirror => true,
name => 'blueprint', },
match => '(\\b[Bb]lue[Pp]rint\\b|\\b[Bb][Pp]\\b)[ \\t#:]*([A-Za-z0-9\\-]+)', {
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2', name => 'git01',
}, url => 'cgit@git01.openstack.org:/var/lib/git/',
{ replicationDelay => '1',
name => 'testresult', threads => '4',
match => '<li>([^ ]+) <a href=\"[^\"]+\" target=\"_blank\" rel=\"nofollow\">([^<]+)</a> : ([^ ]+)([^<]*)</li>', mirror => true,
html => '<li class=\"comment_test\"><span class=\"comment_test_name\"><a href=\"$2\" rel=\"nofollow\">$1</a></span> <span class=\"comment_test_result\"><span class=\"result_$3\">$3</span>$4</span></li>', },
}, {
{ name => 'git02',
name => 'launchpadbug', url => 'cgit@git02.openstack.org:/var/lib/git/',
match => '<a href=\"(https://bugs\\.launchpad\\.net/[a-zA-Z0-9\\-]+/\\+bug/(\\d+))[^\"]*\">[^<]+</a>', replicationDelay => '1',
html => '<a href=\"$1\">$1</a>' threads => '4',
}, mirror => true,
{ },
name => 'changeid', {
match => '(I[0-9a-f]{8,40})', name => 'git03',
link => '/#/q/$1', url => 'cgit@git03.openstack.org:/var/lib/git/',
}, replicationDelay => '1',
{ threads => '4',
name => 'gitsha', mirror => true,
match => '(<p>|[\\s(])([0-9a-f]{40})(</p>|[\\s.,;:)])', },
html => '$1<a href=\"/#/q/$2\">$2</a>$3', {
}, name => 'git04',
], url => 'cgit@git04.openstack.org:/var/lib/git/',
its_plugins => [ replicationDelay => '1',
{ threads => '4',
name => 'its-storyboard', mirror => true,
password => $storyboard_password, },
url => 'https://storyboard.openstack.org', {
}, name => 'git05',
], url => 'cgit@git05.openstack.org:/var/lib/git/',
its_rules => [ replicationDelay => '1',
{ threads => '4',
name => 'change_abandoned', mirror => true,
event_type => 'change-abandoned', },
action => 'set-status TODO', {
}, name => 'git06',
{ url => 'cgit@git06.openstack.org:/var/lib/git/',
name => 'change_in_progress', replicationDelay => '1',
event_type => 'patchset-created,change-restored', threads => '4',
action => 'set-status REVIEW', mirror => true,
}, },
{ {
name => 'change_merged', name => 'git07',
event_type => 'change-merged', url => 'cgit@git07.openstack.org:/var/lib/git/',
action => 'set-status MERGED', replicationDelay => '1',
}, threads => '4',
], mirror => true,
download => { },
'command' => ['checkout', 'cherry_pick', 'pull', 'format_patch'], {
'scheme' => ['ssh', 'anon_http', 'anon_git'], name => 'git08',
'archive' => ['tar', 'tbz2', 'tgz', 'txz'], url => 'cgit@git08.openstack.org:/var/lib/git/',
}, replicationDelay => '1',
replication_force_update => true, threads => '4',
replication => [ mirror => true,
{ },
name => 'github', ],
url => 'git@github.com:', require => $::project_config::config_dir,
authGroup => 'Anonymous Users', }
replicationDelay => '1',
replicatePermissions => false,
mirror => true,
},
{
name => 'local',
url => 'file:///opt/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git01',
url => 'cgit@git01.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git02',
url => 'cgit@git02.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git03',
url => 'cgit@git03.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git04',
url => 'cgit@git04.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git05',
url => 'cgit@git05.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git06',
url => 'cgit@git06.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git07',
url => 'cgit@git07.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'git08',
url => 'cgit@git08.openstack.org:/var/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
],
require => $::project_config::config_dir,
}
gerrit::plugin { 'javamelody': version => 'v2.13.3.e4233d6' } gerrit::plugin { 'javamelody': version => 'v2.13.3.e4233d6' }
gerrit::plugin { 'its-storyboard': version => '805f9ac' } gerrit::plugin { 'its-storyboard': version => '805f9ac' }
class { 'gerritbot':
nick => 'openstackgerrit',
password => $gerritbot_password,
server => 'irc.freenode.net',
user => 'gerritbot',
vhost_name => $::fqdn,
ssh_rsa_key_contents => $gerritbot_ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $gerritbot_ssh_rsa_pubkey_contents,
channel_file => $::project_config::gerritbot_channel_file,
require => $::project_config::config_dir,
}
class { 'gerritbot': class { 'gerrit::remotes':
nick => 'openstackgerrit', ensure => absent,
password => $gerritbot_password, }
server => 'irc.freenode.net', } else {
user => 'gerritbot', # Only create gerrit user / group so we can bring a server online.
vhost_name => $::fqdn, include ::gerrit::user
ssh_rsa_key_contents => $gerritbot_ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $gerritbot_ssh_rsa_pubkey_contents,
channel_file => $::project_config::gerritbot_channel_file,
require => $::project_config::config_dir,
}
class { 'gerrit::remotes':
ensure => absent,
} }
package { 'python-launchpadlib': package { 'python-launchpadlib':