Add gerrit_configure flag to review01.o.o

This will allow us to bootstrap a server with gerrit users, then attach the volumes with hold the git repos for gerrit, then we can remove this flag and properly puppet the rest of the server. We also create a 2nd node in site.pp as we need both server to be online for about 2 weeks, this is to give users enough time to make firewall changes if needed for the new IP address Related-to: I9159c941ece4f6928204601b9933d7a953baa2dd Change-Id: I88826298818a690d4c98b60a9fbf444fba48cef6 Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2018-03-22 11:06:15 -04:00 · 2018-03-22 11:06:15 -04:00 · a630bec2eb
commit a630bec2eb
parent 39259a4858
2 changed files with 268 additions and 215 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -65,6 +65,53 @@ node 'review.openstack.org' {
  }
 }

+# Node-OS: xenial
+node 'review01.openstack.org' {
+  $iptables_rules =
+    ['-p tcp --syn --dport 29418 -m connlimit --connlimit-above 100 -j REJECT']
+  class { 'openstack_project::server':
+    iptables_public_tcp_ports => [80, 443, 29418],
+    iptables_rules6           => $iptables_rules,
+    iptables_rules4           => $iptables_rules,
+    sysadmins                 => hiera('sysadmins', []),
+    extra_aliases             => { 'gerrit2' => 'root' },
+  }
+
+  class { 'openstack_project::review':
+    gerrit_configure                    => false,
+    project_config_repo                 => 'https://git.openstack.org/openstack-infra/project-config',
+    github_oauth_token                  => hiera('gerrit_github_token'),
+    github_project_username             => hiera('github_project_username', 'username'),
+    github_project_password             => hiera('github_project_password'),
+    mysql_host                          => hiera('gerrit_mysql_host', 'localhost'),
+    mysql_password                      => hiera('gerrit_mysql_password'),
+    email_private_key                   => hiera('gerrit_email_private_key'),
+    token_private_key                   => hiera('gerrit_rest_token_private_key'),
+    gerritbot_password                  => hiera('gerrit_gerritbot_password'),
+    gerritbot_ssh_rsa_key_contents      => hiera('gerritbot_ssh_rsa_key_contents'),
+    gerritbot_ssh_rsa_pubkey_contents   => hiera('gerritbot_ssh_rsa_pubkey_contents'),
+    ssl_cert_file_contents              => hiera('gerrit_ssl_cert_file_contents'),
+    ssl_key_file_contents               => hiera('gerrit_ssl_key_file_contents'),
+    ssl_chain_file_contents             => hiera('gerrit_ssl_chain_file_contents'),
+    ssh_dsa_key_contents                => hiera('gerrit_ssh_dsa_key_contents'),
+    ssh_dsa_pubkey_contents             => hiera('gerrit_ssh_dsa_pubkey_contents'),
+    ssh_rsa_key_contents                => hiera('gerrit_ssh_rsa_key_contents'),
+    ssh_rsa_pubkey_contents             => hiera('gerrit_ssh_rsa_pubkey_contents'),
+    ssh_project_rsa_key_contents        => hiera('gerrit_project_ssh_rsa_key_contents'),
+    ssh_project_rsa_pubkey_contents     => hiera('gerrit_project_ssh_rsa_pubkey_contents'),
+    ssh_welcome_rsa_key_contents        => hiera('welcome_message_gerrit_ssh_private_key'),
+    ssh_welcome_rsa_pubkey_contents     => hiera('welcome_message_gerrit_ssh_public_key'),
+    ssh_replication_rsa_key_contents    => hiera('gerrit_replication_ssh_rsa_key_contents'),
+    ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
+    lp_access_token                     => hiera('gerrit_lp_access_token'),
+    lp_access_secret                    => hiera('gerrit_lp_access_secret'),
+    lp_consumer_key                     => hiera('gerrit_lp_consumer_key'),
+    swift_username                      => hiera('swift_store_user', 'username'),
+    swift_password                      => hiera('swift_store_key'),
+    storyboard_password                 => hiera('gerrit_storyboard_token'),
+  }
+}
+
 # Node-OS: xenial
 node /^review-dev\d*\.openstack\.org$/ {
  $group = "review-dev"
--- a/modules/openstack_project/manifests/review.pp
+++ b/modules/openstack_project/manifests/review.pp
@ -80,12 +80,14 @@ class openstack_project::review (
  $storyboard_password = '',
  $project_config_repo = '',
  $projects_config = 'openstack_project/review.projects.ini.erb',
+  $gerrit_configure = true,
 ) {

  class { 'project_config':
    url  => $project_config_repo,
  }

+  if ($gerrit_configure) {
    $accountpatchreviewdb_url = "jdbc:mysql://${mysql_host}:3306/accountPatchReviewDb?characterSetResults=utf8&characterEncoding=utf8&connectionCollation=utf8_bin&useUnicode=yes&user=gerrit2&password=${mysql_password}"
    class { 'openstack_project::gerrit':
      git_http_url                        => 'https://git.openstack.org/',
@ -291,7 +293,6 @@ class openstack_project::review (
    gerrit::plugin { 'javamelody': version       => 'v2.13.3.e4233d6' }
    gerrit::plugin { 'its-storyboard': version   => '805f9ac' }

-
    class { 'gerritbot':
      nick                    => 'openstackgerrit',
      password                => $gerritbot_password,
@ -303,9 +304,14 @@ class openstack_project::review (
      channel_file            => $::project_config::gerritbot_channel_file,
      require                 => $::project_config::config_dir,
    }
+
    class { 'gerrit::remotes':
      ensure => absent,
    }
+  } else {
+    # Only create gerrit user / group so we can bring a server online.
+    include ::gerrit::user
+  }

  package { 'python-launchpadlib':
    ensure => present,