diff --git a/manifests/site.pp b/manifests/site.pp
index d0e706bd55..834981b568 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -28,7 +28,11 @@ node "gerrit.openstack.org", "review.openstack.org" {
iptables_public_tcp_ports => [80, 443, 29418]
}
class { 'gerrit':
+ virtual_hostname => 'review.openstack.org',
canonicalweburl => "https://review.openstack.org/",
+ ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem',
+ ssl_key_file => '/etc/ssl/private/review.openstack.org.key',
+ ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
email => "review@openstack.org",
github_projects => [ {
name => 'openstack/keystone',
@@ -109,7 +113,8 @@ node "gerrit.openstack.org", "review.openstack.org" {
name => 'openstack-dev/openstack-nose',
close_pull => 'true'
} ],
- logo => 'openstack.png'
+ logo => 'openstack.png',
+ war => 'http://ci.openstack.org/tarballs/gerrit-2.3-5-gaec571e.war',
}
}
@@ -119,13 +124,18 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
}
class { 'gerrit':
+ virtual_hostname => 'review-dev.openstack.org',
canonicalweburl => "https://review-dev.openstack.org/",
+ ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+ ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
+ ssl_chain_file => '',
email => "review-dev@openstack.org",
github_projects => [ {
name => 'gtest-org/test',
close_pull => 'true'
} ],
- logo => 'openstack.png'
+ logo => 'openstack.png',
+ war => 'http://ci.openstack.org/tarballs/gerrit-2.3-5-gaec571e.war',
}
}
diff --git a/manifests/stackforge.pp b/manifests/stackforge.pp
index 37d48779ae..cf38851bc7 100644
--- a/manifests/stackforge.pp
+++ b/manifests/stackforge.pp
@@ -34,7 +34,11 @@ node "review.stackforge.org" {
iptables_public_tcp_ports => [80, 443, 29418]
}
class { 'gerrit':
+ virtual_hostname => 'review.stackforge.org',
canonicalweburl => "https://review.stackforge.org/",
+ ssl_cert_file => '/etc/ssl/certs/review.stackforge.org.crt',
+ ssl_key_file => '/etc/ssl/private/review.stackforge.org.key',
+ ssl_chain_file => '/etc/ssl/certs/intermediate.crt',
email => "review@stackforge.org",
github_projects => [ {
name => 'stackforge/MRaaS',
@@ -43,7 +47,8 @@ node "review.stackforge.org" {
name => 'stackforge/reddwarf',
close_pull => 'true'
} ],
- logo => 'stackforge.png'
+ logo => 'stackforge.png',
+ war => 'http://ci.openstack.org/tarballs/gerrit-2.3-5-gaec571e.war',
}
}
diff --git a/modules/gerrit/files/GerritSite.css b/modules/gerrit/files/GerritSite.css
index 08575ea4df..e82c0b475e 100644
--- a/modules/gerrit/files/GerritSite.css
+++ b/modules/gerrit/files/GerritSite.css
@@ -11,20 +11,6 @@ a.gwt-InlineHyperlink {background: none !important}
#gerrit_topmenu tbody tr td table {border: 0}
-#gerrit_body table {background: none;}
-#gerrit_body:not(.patch) td {border-bottom: 1px solid #C5E2EA; border-right: 1px solid #C5E2EA}
-#gerrit_body:not(.patch) tr:nth-child(even) {background: #EEF3F5; color: #353535}
-#gerrit_body:not(.patch) tr:nth-child(odd) {background: #FFF; color: #353535}
-#gerrit_body.patch tr {background: #FFF; color: #353535}
-
-#gerrit_body:not(.patch) tr:nth-child(even)>td {background: #EEF3F5; color: #353535}
-#gerrit_body:not(.patch) tr:nth-child(odd)>td {background: #FFF; color: #353535}
-#gerrit_body tr:nth-child(even)>td.header {background: #EEF3F5; font-style: normal; color: #353535; font-weight: bold;}
-#gerrit_body tr:nth-child(odd)>td.header {background: #FFF; font-style: normal; color: #353535; font-weight: bold;}
-#gerrit_body tr>td div {background-color: transparent; color: #353535}
-#gerrit_body tr>td div a {background-color: transparent; color: #353535}
-#gerrit_body tr:first-child>td {color: #353535; background: #FFF}
-
#gerrit_topmenu tbody tr td table.gwt-TabBar {color: #353535; border-bottom: 1px solid #C5E2EA;}
#gerrit_topmenu .gwt-Button {padding: 3px 6px}
.gwt-TabBarItem-selected {color: #CF2F19 !important; border-bottom: 3px solid #CF2F19;}
diff --git a/modules/gerrit/files/GerritSiteHeader.html b/modules/gerrit/files/GerritSiteHeader.html
index 26032c543f..d20aae1e17 100644
--- a/modules/gerrit/files/GerritSiteHeader.html
+++ b/modules/gerrit/files/GerritSiteHeader.html
@@ -1,23 +1,3 @@
Code Review
-
diff --git a/modules/gerrit/files/gerritcodereview.default b/modules/gerrit/files/gerritcodereview.default
new file mode 100644
index 0000000000..8eb82bd168
--- /dev/null
+++ b/modules/gerrit/files/gerritcodereview.default
@@ -0,0 +1 @@
+GERRIT_SITE=/home/gerrit2/review_site
diff --git a/modules/gerrit/files/my.cnf b/modules/gerrit/files/my.cnf
new file mode 100644
index 0000000000..f221959d0c
--- /dev/null
+++ b/modules/gerrit/files/my.cnf
@@ -0,0 +1,131 @@
+#
+# The MySQL database server configuration file.
+#
+# You can copy this to one of:
+# - "/etc/mysql/my.cnf" to set global options,
+# - "~/.my.cnf" to set user-specific options.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# For explanations see
+# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
+
+# This will be passed to all mysql clients
+# It has been reported that passwords should be enclosed with ticks/quotes
+# escpecially if they contain "#" chars...
+# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
+[client]
+port = 3306
+socket = /var/run/mysqld/mysqld.sock
+
+# Here is entries for some specific programs
+# The following values assume you have at least 32M ram
+
+# This was formally known as [safe_mysqld]. Both versions are currently parsed.
+[mysqld_safe]
+socket = /var/run/mysqld/mysqld.sock
+nice = 0
+
+[mysqld]
+#
+# * Basic Settings
+#
+default-storage-engine=INNODB
+
+#
+# * IMPORTANT
+# If you make changes to these settings and your system uses apparmor, you may
+# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
+#
+
+user = mysql
+socket = /var/run/mysqld/mysqld.sock
+port = 3306
+basedir = /usr
+datadir = /var/lib/mysql
+tmpdir = /tmp
+skip-external-locking
+#
+# Instead of skip-networking the default is now to listen only on
+# localhost which is more compatible and is not less secure.
+bind-address = 127.0.0.1
+#
+# * Fine Tuning
+#
+key_buffer = 16M
+max_allowed_packet = 16M
+thread_stack = 192K
+thread_cache_size = 8
+# This replaces the startup script and checks MyISAM tables if needed
+# the first time they are touched
+myisam-recover = BACKUP
+#max_connections = 100
+#table_cache = 64
+#thread_concurrency = 10
+#
+# * Query Cache Configuration
+#
+query_cache_limit = 1M
+query_cache_size = 16M
+#
+# * Logging and Replication
+#
+# Both location gets rotated by the cronjob.
+# Be aware that this log type is a performance killer.
+# As of 5.1 you can enable the log at runtime!
+#general_log_file = /var/log/mysql/mysql.log
+#general_log = 1
+
+log_error = /var/log/mysql/error.log
+
+# Here you can see queries with especially long duration
+#log_slow_queries = /var/log/mysql/mysql-slow.log
+#long_query_time = 2
+#log-queries-not-using-indexes
+#
+# The following can be used as easy to replay backup logs or for replication.
+# note: if you are setting up a replication slave, see README.Debian about
+# other settings you may need to change.
+server-id = 1
+log_bin = /var/log/mysql/mysql-bin.log
+expire_logs_days = 10
+max_binlog_size = 100M
+#binlog_do_db = include_database_name
+#binlog_ignore_db = include_database_name
+#
+# * InnoDB
+#
+# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
+# Read the manual for more InnoDB related options. There are many!
+#
+# * Security Features
+#
+# Read the manual, too, if you want chroot!
+# chroot = /var/lib/mysql/
+#
+# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
+#
+# ssl-ca=/etc/mysql/cacert.pem
+# ssl-cert=/etc/mysql/server-cert.pem
+# ssl-key=/etc/mysql/server-key.pem
+
+
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet = 16M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+key_buffer = 16M
+
+#
+# * IMPORTANT: Additional settings that can override those from this file!
+# The files must end with '.cnf', otherwise they'll be ignored.
+#
+!includedir /etc/mysql/conf.d/
diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp
index 134d556382..5674aef678 100644
--- a/modules/gerrit/manifests/init.pp
+++ b/modules/gerrit/manifests/init.pp
@@ -1,23 +1,73 @@
-class gerrit($canonicalweburl='',
-$openidssourl="https://login.launchpad.net/+openid",
-$email='',
-$github_projects = [],
-$commentlinks = [ { name => 'changeid',
- match => '(I[0-9a-f]{8,40})',
- link => '#q,$1,n,z' },
+# Install and maintain Gerrit Code Review.
+# params:
+# virtual_hostname:
+# used in the Apache virtual host, eg., review.example.com
+# canonicalweburl:
+# Used in the Gerrit config to generate links, eg., https://review.example.com/
+# ssl_cert_file:
+# ssl_key_file:
+# Used in the Apache virtual host to specify the SSL cert and key files.
+# ssl_chain_file:
+# Optional, if you have an intermediate cert Apache should serve.
+# openidssourl:
+# The URL to use for OpenID in SSO mode.
+# email:
+# The email address Gerrit should use when sending mail.
+# commentlinks:
+# A list of regexes Gerrit should hyperlink.
+# logo:
+# The name of the image file for the site header.
+# war:
+# The URL of the Gerrit WAR that should be downloaded and installed.
+# Note that only the final component is used for comparing to the most
+# recently installed WAR. In other words, if you update the war from:
+#
+# http://ci.openstack.org/tarballs/gerrit.war
+# to:
+# http://somewhereelse.example.com/gerrit.war
+#
+# Gerrit won't be updated unless you delete gerrit.war from
+# ~gerrit2/gerrit-wars. But if you change the URL from:
+#
+# http://ci.openstack.org/tarballs/gerrit-2.2.2.war
+# to:
+# http://ci.openstack.org/tarballs/gerrit-2.3.0.war
+# Gerrit will be upgraded on the next puppet run.
- { name => 'launchpad',
- match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
- link => 'https://code.launchpad.net/bugs/$2' },
+# TODO: move closing github pull requests to another module
+# TODO: move gerritbot configuration to another module
+# TODO: move apache configuration to another module
+# TODO: move mysql configuration to another module
+# TODO: make more gerrit options configurable here
- { name => 'blueprint',
- match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
- link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' },
+class gerrit($virtual_hostname='',
+ $canonicalweburl='',
+ $ssl_cert_file='',
+ $ssl_key_file='',
+ $ssl_chain_file='',
+ $openidssourl="https://login.launchpad.net/+openid",
+ $email='',
+ $github_projects = [],
+ $commentlinks = [ { name => 'changeid',
+ match => '(I[0-9a-f]{8,40})',
+ link => '#q,$1,n,z' },
+ { name => 'launchpad',
+ match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
+ link => 'https://code.launchpad.net/bugs/$2' },
+
+ { name => 'blueprint',
+ match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
+ link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' },
],
-$logo
+ $logo,
+ $war
) {
+ # Set this to true to disable cron jobs and replication, which can
+ # interfere with testing.
+ $testmode = false
+
user { "gerrit2":
ensure => present,
comment => "Gerrit",
@@ -32,62 +82,72 @@ $logo
ensure => present
}
- package { "gitweb":
- ensure => latest
- }
- package { "python-dev":
- ensure => latest
+ $packages = ["gitweb",
+ "python-dev",
+ "openjdk-6-jre-headless",
+ "mysql-server",
+ "apache2"]
+
+ package { $packages:
+ ensure => "latest",
}
+
package { "python-pip":
ensure => latest,
require => Package[python-dev]
}
+
package { "github2":
ensure => latest,
provider => pip,
require => Package[python-pip]
}
- cron { "gerritupdateci":
- user => gerrit2,
- minute => "*/15",
- command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
- }
+ # Skip cron jobs if we're in test mode
+ if ($testmode == false) {
+ cron { "gerritupdateci":
+ user => gerrit2,
+ minute => "*/15",
+ command => 'sleep $((RANDOM\%60)) && cd /home/gerrit2/openstack-ci && /usr/bin/git pull -q origin master'
+ }
- cron { "gerritsyncusers":
- user => gerrit2,
- minute => "*/15",
- command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
- }
+ cron { "gerritsyncusers":
+ user => gerrit2,
+ minute => "*/15",
+ command => 'sleep $((RANDOM\%60+60)) && cd /home/gerrit2/openstack-ci && python gerrit/update_gerrit_users.py'
+ }
- cron { "gerritclosepull":
- user => gerrit2,
- minute => "*/5",
- command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
- }
+ cron { "gerritclosepull":
+ user => gerrit2,
+ minute => "*/5",
+ command => 'sleep $((RANDOM\%60+90)) && cd /home/gerrit2/openstack-ci && python gerrit/close_pull_requests.py'
+ }
- cron { "expireoldreviews":
- user => gerrit2,
- hour => 6,
- minute => 3,
- command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
- }
+ cron { "expireoldreviews":
+ user => gerrit2,
+ hour => 6,
+ minute => 3,
+ command => 'cd /home/gerrit2/openstack-ci && python gerrit/expire_old_reviews.py'
+ }
- cron { "gerrit_repack":
- user => gerrit2,
- weekday => 0,
- hour => 4,
- minute => 7,
- command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
- environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
- }
+ cron { "gerrit_repack":
+ user => gerrit2,
+ weekday => 0,
+ hour => 4,
+ minute => 7,
+ command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
+ environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
+ }
+ } # testmode==false
file { "/var/log/gerrit":
ensure => "directory",
owner => 'gerrit2'
}
-# directory creation hacks until we can automate gerrit installation
+ # Prepare gerrit directories. Even though some of these would be created
+ # by the init command, we can go ahead and create them now and populate them.
+ # That way the config files are already in place before init runs.
file { "/home/gerrit2/review_site":
ensure => "directory",
@@ -101,6 +161,12 @@ $logo
require => File["/home/gerrit2/review_site"]
}
+ file { "/home/gerrit2/review_site/bin":
+ ensure => "directory",
+ owner => "gerrit2",
+ require => File["/home/gerrit2/review_site"]
+ }
+
file { "/home/gerrit2/review_site/hooks":
ensure => "directory",
owner => "gerrit2",
@@ -143,14 +209,17 @@ $logo
source => 'puppet:///modules/gerrit/GerritSiteHeader.html'
}
- file { '/home/gerrit2/review_site/etc/replication.config':
- owner => 'root',
- group => 'root',
- mode => 444,
- ensure => 'present',
- source => 'puppet:///modules/gerrit/replication.config',
- replace => 'true',
- require => File["/home/gerrit2/review_site/etc"]
+ # Skip replication if we're in test mode
+ if ($testmode == false) {
+ file { '/home/gerrit2/review_site/etc/replication.config':
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ ensure => 'present',
+ source => 'puppet:///modules/gerrit/replication.config',
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/etc"]
+ }
}
file { '/home/gerrit2/review_site/etc/gerrit.config':
@@ -193,4 +262,228 @@ $logo
require => File["/home/gerrit2/review_site/static"]
}
+ # Secret files.
+ # TODO: move the first two into other modules since they aren't for gerrit.
+ # TODO: move secure.config to a puppet master
+
+ file { '/home/gerrit2/github.secure.config':
+ owner => 'root',
+ group => 'gerrit2',
+ mode => 440,
+ ensure => 'present',
+ source => 'file:///root/secret-files/github.secure.config',
+ replace => 'true',
+ require => User['gerrit2']
+ }
+
+ file { '/home/gerrit2/gerritbot.config':
+ owner => 'root',
+ group => 'gerrit2',
+ mode => 440,
+ ensure => 'present',
+ source => 'file:///root/secret-files/gerritbot.config',
+ replace => 'true',
+ require => User['gerrit2']
+ }
+
+ file { '/home/gerrit2/review_site/etc/secure.config':
+ owner => 'root',
+ group => 'gerrit2',
+ mode => 440,
+ ensure => 'present',
+ source => 'file:///root/secret-files/secure.config',
+ replace => 'true',
+ require => File["/home/gerrit2/review_site/etc"]
+ }
+
+# Set up MySQL.
+# We should probably have or use a puppet module to manage mysql, and then
+# use that to satisfy the requirements that gerrit has.
+
+ exec { "gerrit-mysql":
+ creates => "/var/lib/mysql/reviewdb/",
+ command => "/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -e \"\
+ CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY '`grep password /home/gerrit2/review_site/etc/secure.config |cut -d= -f2|sed -e 's/ //'`';\
+ CREATE DATABASE reviewdb;\
+ ALTER DATABASE reviewdb charset=latin1;\
+ GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';\
+ FLUSH PRIVILEGES;\"",
+ require => [File['/home/gerrit2/review_site/etc/secure.config'], Package["mysql-server"]],
+ }
+
+ file { "/etc/mysql/my.cnf":
+ source => 'puppet:///modules/gerrit/my.cnf',
+ owner => 'root',
+ group => 'root',
+ ensure => 'present',
+ replace => 'true',
+ mode => 444,
+ require => Package["mysql-server"],
+ }
+
+# Set up apache. This should also be a separate, generalized module.
+
+ file { "/etc/apache2/sites-available/gerrit":
+ content => template('gerrit/gerrit.vhost.erb'),
+ owner => 'root',
+ group => 'root',
+ ensure => 'present',
+ replace => 'true',
+ mode => 444,
+ require => Package["apache2"],
+ }
+
+ file { "/etc/apache2/sites-enabled/gerrit":
+ ensure => link,
+ target => '/etc/apache2/sites-available/gerrit',
+ require => [
+ File['/etc/apache2/sites-available/gerrit'],
+ File['/etc/apache2/mods-enabled/ssl.conf'],
+ File['/etc/apache2/mods-enabled/ssl.load'],
+ File['/etc/apache2/mods-enabled/rewrite.load'],
+ File['/etc/apache2/mods-enabled/proxy.conf'],
+ File['/etc/apache2/mods-enabled/proxy.load'],
+ File['/etc/apache2/mods-enabled/proxy_http.load'],
+ ],
+ }
+
+ file { '/etc/apache2/sites-enabled/000-default':
+ require => File['/etc/apache2/sites-available/gerrit'],
+ ensure => absent,
+ }
+
+ file { '/etc/apache2/mods-enabled/ssl.conf':
+ target => '/etc/apache2/mods-available/ssl.conf',
+ ensure => link,
+ require => Package['apache2'],
+ }
+
+ file { '/etc/apache2/mods-enabled/ssl.load':
+ target => '/etc/apache2/mods-available/ssl.load',
+ ensure => link,
+ require => Package['apache2'],
+ }
+
+ file { '/etc/apache2/mods-enabled/rewrite.load':
+ target => '/etc/apache2/mods-available/rewrite.load',
+ ensure => link,
+ require => Package['apache2'],
+ }
+
+ file { '/etc/apache2/mods-enabled/proxy.conf':
+ target => '/etc/apache2/mods-available/proxy.conf',
+ ensure => link,
+ require => Package['apache2'],
+ }
+
+ file { '/etc/apache2/mods-enabled/proxy.load':
+ target => '/etc/apache2/mods-available/proxy.load',
+ ensure => link,
+ require => Package['apache2'],
+ }
+
+ file { '/etc/apache2/mods-enabled/proxy_http.load':
+ target => '/etc/apache2/mods-available/proxy_http.load',
+ ensure => link,
+ require => Package['apache2'],
+ }
+
+ exec { "gracefully restart apache":
+ subscribe => [ File["/etc/apache2/sites-available/gerrit"]],
+ refreshonly => true,
+ path => "/bin:/usr/bin:/usr/sbin",
+ command => "apache2ctl graceful",
+ }
+
+ # Install Gerrit itself.
+
+ # The Gerrit WAR is specified as a url like 'http://ci.openstack.org/tarballs/gerrit-2.2.2-363-gd0a67ce.war'
+ # Set $basewar so that we can work with filenames like gerrit-2.2.2-363-gd0a67ce.war'.
+
+ if $war =~ /.*\/(.*)/ {
+ $basewar = $1
+ } else {
+ $basewar = $war
+ }
+
+ # This directory is used to download and cache gerrit war files.
+ # That way the download and install steps are kept separate.
+ file { "/home/gerrit2/gerrit-wars":
+ ensure => "directory",
+ require => User["gerrit2"]
+ }
+
+ # If we don't already have the specified WAR, download it.
+ exec { "download:$war":
+ command => "/usr/bin/wget $war -O /home/gerrit2/gerrit-wars/$basewar",
+ creates => "/home/gerrit2/gerrit-wars/$basewar",
+ require => File["/home/gerrit2/gerrit-wars"],
+ }
+
+ # If gerrit.war isn't the same as $basewar, install it.
+ file { "/home/gerrit2/review_site/bin/gerrit.war":
+ source => "file:///home/gerrit2/gerrit-wars/$basewar",
+ require => Exec["download:$war"],
+ ensure => present,
+ replace => 'true',
+ # user, group, and mode have to be set this way to avoid retriggering gerrit-init on every run
+ # because gerrit init sets them this way
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => 644,
+ }
+
+ # If gerrit.war was just installed, run the Gerrit "init" command.
+ # Stop is included here because it may not be running or the init
+ # script may not exist, and in those cases, we don't care if it fails.
+ # Running the init script as the gerrit2 user _does_ work.
+ exec { "gerrit-init":
+ user => 'gerrit2',
+ command => "/etc/init.d/gerrit stop; /usr/bin/java -jar /home/gerrit2/review_site/bin/gerrit.war init -d /home/gerrit2/review_site --batch --no-auto-start",
+ subscribe => File["/home/gerrit2/review_site/bin/gerrit.war"],
+ refreshonly => true,
+ require => [Package["openjdk-6-jre-headless"],
+ User["gerrit2"],
+ Exec["gerrit-mysql"],
+ File["/etc/mysql/my.cnf"], # For innodb default tables
+ File["/home/gerrit2/review_site/etc/gerrit.config"],
+ File["/home/gerrit2/review_site/etc/secure.config"]],
+ notify => Exec["gerrit-start"],
+ }
+
+ # Symlink the init script.
+ file { "/etc/init.d/gerrit":
+ ensure => link,
+ target => '/home/gerrit2/review_site/bin/gerrit.sh',
+ require => Exec['gerrit-init'],
+ }
+
+ # The init script requires the path to gerrit to be set.
+ file { "/etc/default/gerritcodereview":
+ source => 'puppet:///modules/gerrit/gerritcodereview.default',
+ ensure => present,
+ replace => 'true',
+ owner => 'root',
+ group => 'root',
+ mode => 444,
+ }
+
+ # Make sure the init script starts on boot.
+ file { ['/etc/rc0.d/K10gerrit',
+ '/etc/rc1.d/K10gerrit',
+ '/etc/rc2.d/S90gerrit',
+ '/etc/rc3.d/S90gerrit',
+ '/etc/rc4.d/S90gerrit',
+ '/etc/rc5.d/S90gerrit',
+ '/etc/rc6.d/K10gerrit']:
+ ensure => link,
+ target => '/etc/init.d/gerrit',
+ require => File['/etc/init.d/gerrit'],
+ }
+
+ exec { "gerrit-start":
+ command => '/etc/init.d/gerrit start',
+ require => File['/etc/init.d/gerrit'],
+ refreshonly => true,
+ }
}
diff --git a/modules/gerrit/templates/gerrit.config.erb b/modules/gerrit/templates/gerrit.config.erb
index c7eba25d38..a6f6c65ae3 100644
--- a/modules/gerrit/templates/gerrit.config.erb
+++ b/modules/gerrit/templates/gerrit.config.erb
@@ -10,7 +10,7 @@
database = reviewdb
username = gerrit2
poolLimit = 32
- connectionpool = true
+ connectionpool = true
[auth]
type = OPENID_SSO
openIdSsoUrl = <%= openidssourl %>
@@ -38,3 +38,9 @@
match = "<%= commentlink['match'] %>"
link = "<%= commentlink['link'] %>"
<% end -%>
+[theme]
+ backgroundColor = ffffff
+ topMenuColor = ffffff
+ textColor = 264d69
+ trimColor = eef3f5
+ selectionColor = d1e6ea
diff --git a/modules/gerrit/templates/gerrit.vhost.erb b/modules/gerrit/templates/gerrit.vhost.erb
new file mode 100644
index 0000000000..941623ef1b
--- /dev/null
+++ b/modules/gerrit/templates/gerrit.vhost.erb
@@ -0,0 +1,54 @@
+
+ ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
+
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
+
+ Redirect / <%= canonicalweburl %>
+
+
+
+
+
+ ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
+
+ LogLevel warn
+
+ CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
+
+ SSLEngine on
+
+ SSLCertificateFile <%= ssl_cert_file %>
+ SSLCertificateKeyFile <%= ssl_key_file %>
+<% if ssl_chain_file != "" %>
+ SSLCertificateChainFile <%= ssl_chain_file %>
+<% end %>
+
+
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ RewriteEngine on
+ RewriteCond %{HTTP_HOST} !<%= virtual_hostname %>
+ RewriteRule ^.*$ <%= canonicalweburl %>
+
+ ProxyPassReverse / http://localhost:8081/
+
+ Order allow,deny
+ Allow from all
+ ProxyPass http://localhost:8081/ retry=0
+
+
+
+
+