Install and manage more of Gerrit.
Upgrade gerrit to 2.3.0. Add management of the apache virtualhost. Remove gerrit body styling (including the javascript hack) in favor of using the gerrit theme config options for body styling. Keep header and top menu changes. This should make it easier to keep up with new gerrit versions without chasing weird GWT changes. Add management of the gerrit init script. Add management of MySQL. Add installation and upgrading of Gerrit. Change-Id: Idf9e551552d335a2ae82cd27a63edcf6daf94115
This commit is contained in:
parent
d8d26c9db2
commit
c4eaff3957
@ -28,7 +28,11 @@ node "gerrit.openstack.org", "review.openstack.org" {
|
|||||||
iptables_public_tcp_ports => [80, 443, 29418]
|
iptables_public_tcp_ports => [80, 443, 29418]
|
||||||
}
|
}
|
||||||
class { 'gerrit':
|
class { 'gerrit':
|
||||||
|
virtual_hostname => 'review.openstack.org',
|
||||||
canonicalweburl => "https://review.openstack.org/",
|
canonicalweburl => "https://review.openstack.org/",
|
||||||
|
ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem',
|
||||||
|
ssl_key_file => '/etc/ssl/private/review.openstack.org.key',
|
||||||
|
ssl_chain_file => '/etc/ssl/certs/intermediate.pem',
|
||||||
email => "review@openstack.org",
|
email => "review@openstack.org",
|
||||||
github_projects => [ {
|
github_projects => [ {
|
||||||
name => 'openstack/keystone',
|
name => 'openstack/keystone',
|
||||||
@ -109,7 +113,8 @@ node "gerrit.openstack.org", "review.openstack.org" {
|
|||||||
name => 'openstack-dev/openstack-nose',
|
name => 'openstack-dev/openstack-nose',
|
||||||
close_pull => 'true'
|
close_pull => 'true'
|
||||||
} ],
|
} ],
|
||||||
logo => 'openstack.png'
|
logo => 'openstack.png',
|
||||||
|
war => 'http://ci.openstack.org/tarballs/gerrit-2.3-5-gaec571e.war',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -119,13 +124,18 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
class { 'gerrit':
|
class { 'gerrit':
|
||||||
|
virtual_hostname => 'review-dev.openstack.org',
|
||||||
canonicalweburl => "https://review-dev.openstack.org/",
|
canonicalweburl => "https://review-dev.openstack.org/",
|
||||||
|
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
||||||
|
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
|
||||||
|
ssl_chain_file => '',
|
||||||
email => "review-dev@openstack.org",
|
email => "review-dev@openstack.org",
|
||||||
github_projects => [ {
|
github_projects => [ {
|
||||||
name => 'gtest-org/test',
|
name => 'gtest-org/test',
|
||||||
close_pull => 'true'
|
close_pull => 'true'
|
||||||
} ],
|
} ],
|
||||||
logo => 'openstack.png'
|
logo => 'openstack.png',
|
||||||
|
war => 'http://ci.openstack.org/tarballs/gerrit-2.3-5-gaec571e.war',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,7 +34,11 @@ node "review.stackforge.org" {
|
|||||||
iptables_public_tcp_ports => [80, 443, 29418]
|
iptables_public_tcp_ports => [80, 443, 29418]
|
||||||
}
|
}
|
||||||
class { 'gerrit':
|
class { 'gerrit':
|
||||||
|
virtual_hostname => 'review.stackforge.org',
|
||||||
canonicalweburl => "https://review.stackforge.org/",
|
canonicalweburl => "https://review.stackforge.org/",
|
||||||
|
ssl_cert_file => '/etc/ssl/certs/review.stackforge.org.crt',
|
||||||
|
ssl_key_file => '/etc/ssl/private/review.stackforge.org.key',
|
||||||
|
ssl_chain_file => '/etc/ssl/certs/intermediate.crt',
|
||||||
email => "review@stackforge.org",
|
email => "review@stackforge.org",
|
||||||
github_projects => [ {
|
github_projects => [ {
|
||||||
name => 'stackforge/MRaaS',
|
name => 'stackforge/MRaaS',
|
||||||
@ -43,7 +47,8 @@ node "review.stackforge.org" {
|
|||||||
name => 'stackforge/reddwarf',
|
name => 'stackforge/reddwarf',
|
||||||
close_pull => 'true'
|
close_pull => 'true'
|
||||||
} ],
|
} ],
|
||||||
logo => 'stackforge.png'
|
logo => 'stackforge.png',
|
||||||
|
war => 'http://ci.openstack.org/tarballs/gerrit-2.3-5-gaec571e.war',
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -11,20 +11,6 @@ a.gwt-InlineHyperlink {background: none !important}
|
|||||||
|
|
||||||
#gerrit_topmenu tbody tr td table {border: 0}
|
#gerrit_topmenu tbody tr td table {border: 0}
|
||||||
|
|
||||||
#gerrit_body table {background: none;}
|
|
||||||
#gerrit_body:not(.patch) td {border-bottom: 1px solid #C5E2EA; border-right: 1px solid #C5E2EA}
|
|
||||||
#gerrit_body:not(.patch) tr:nth-child(even) {background: #EEF3F5; color: #353535}
|
|
||||||
#gerrit_body:not(.patch) tr:nth-child(odd) {background: #FFF; color: #353535}
|
|
||||||
#gerrit_body.patch tr {background: #FFF; color: #353535}
|
|
||||||
|
|
||||||
#gerrit_body:not(.patch) tr:nth-child(even)>td {background: #EEF3F5; color: #353535}
|
|
||||||
#gerrit_body:not(.patch) tr:nth-child(odd)>td {background: #FFF; color: #353535}
|
|
||||||
#gerrit_body tr:nth-child(even)>td.header {background: #EEF3F5; font-style: normal; color: #353535; font-weight: bold;}
|
|
||||||
#gerrit_body tr:nth-child(odd)>td.header {background: #FFF; font-style: normal; color: #353535; font-weight: bold;}
|
|
||||||
#gerrit_body tr>td div {background-color: transparent; color: #353535}
|
|
||||||
#gerrit_body tr>td div a {background-color: transparent; color: #353535}
|
|
||||||
#gerrit_body tr:first-child>td {color: #353535; background: #FFF}
|
|
||||||
|
|
||||||
#gerrit_topmenu tbody tr td table.gwt-TabBar {color: #353535; border-bottom: 1px solid #C5E2EA;}
|
#gerrit_topmenu tbody tr td table.gwt-TabBar {color: #353535; border-bottom: 1px solid #C5E2EA;}
|
||||||
#gerrit_topmenu .gwt-Button {padding: 3px 6px}
|
#gerrit_topmenu .gwt-Button {padding: 3px 6px}
|
||||||
.gwt-TabBarItem-selected {color: #CF2F19 !important; border-bottom: 3px solid #CF2F19;}
|
.gwt-TabBarItem-selected {color: #CF2F19 !important; border-bottom: 3px solid #CF2F19;}
|
||||||
|
@ -1,23 +1,3 @@
|
|||||||
<div>
|
<div>
|
||||||
<h1 style="color: #CF2F19"><img src="static/title.png" style="vertical-align:middle;" /> Code Review</h1>
|
<h1 style="color: #CF2F19"><img src="static/title.png" style="vertical-align:middle;" /> Code Review</h1>
|
||||||
<script type="text/javascript">
|
|
||||||
function getHash() {
|
|
||||||
var hash = window.location.hash;
|
|
||||||
return hash.substring(1); // remove #
|
|
||||||
}
|
|
||||||
|
|
||||||
window.onload = setTimeout(add_patch_tag, 1000)
|
|
||||||
window.onhashchange = add_patch_tag
|
|
||||||
|
|
||||||
function add_patch_tag() {
|
|
||||||
var hash_arr= getHash().split(",");
|
|
||||||
var elem = document.getElementById("gerrit_body");
|
|
||||||
if (hash_arr[0] == 'patch') {
|
|
||||||
elem.className = elem.className + ' patch';
|
|
||||||
} else {
|
|
||||||
elem.className = elem.className.replace(' patch', '');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
</script>
|
|
||||||
</div>
|
</div>
|
||||||
|
1
modules/gerrit/files/gerritcodereview.default
Normal file
1
modules/gerrit/files/gerritcodereview.default
Normal file
@ -0,0 +1 @@
|
|||||||
|
GERRIT_SITE=/home/gerrit2/review_site
|
131
modules/gerrit/files/my.cnf
Normal file
131
modules/gerrit/files/my.cnf
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
#
|
||||||
|
# The MySQL database server configuration file.
|
||||||
|
#
|
||||||
|
# You can copy this to one of:
|
||||||
|
# - "/etc/mysql/my.cnf" to set global options,
|
||||||
|
# - "~/.my.cnf" to set user-specific options.
|
||||||
|
#
|
||||||
|
# One can use all long options that the program supports.
|
||||||
|
# Run program with --help to get a list of available options and with
|
||||||
|
# --print-defaults to see which it would actually understand and use.
|
||||||
|
#
|
||||||
|
# For explanations see
|
||||||
|
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
|
||||||
|
|
||||||
|
# This will be passed to all mysql clients
|
||||||
|
# It has been reported that passwords should be enclosed with ticks/quotes
|
||||||
|
# escpecially if they contain "#" chars...
|
||||||
|
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
|
||||||
|
[client]
|
||||||
|
port = 3306
|
||||||
|
socket = /var/run/mysqld/mysqld.sock
|
||||||
|
|
||||||
|
# Here is entries for some specific programs
|
||||||
|
# The following values assume you have at least 32M ram
|
||||||
|
|
||||||
|
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
|
||||||
|
[mysqld_safe]
|
||||||
|
socket = /var/run/mysqld/mysqld.sock
|
||||||
|
nice = 0
|
||||||
|
|
||||||
|
[mysqld]
|
||||||
|
#
|
||||||
|
# * Basic Settings
|
||||||
|
#
|
||||||
|
default-storage-engine=INNODB
|
||||||
|
|
||||||
|
#
|
||||||
|
# * IMPORTANT
|
||||||
|
# If you make changes to these settings and your system uses apparmor, you may
|
||||||
|
# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
|
||||||
|
#
|
||||||
|
|
||||||
|
user = mysql
|
||||||
|
socket = /var/run/mysqld/mysqld.sock
|
||||||
|
port = 3306
|
||||||
|
basedir = /usr
|
||||||
|
datadir = /var/lib/mysql
|
||||||
|
tmpdir = /tmp
|
||||||
|
skip-external-locking
|
||||||
|
#
|
||||||
|
# Instead of skip-networking the default is now to listen only on
|
||||||
|
# localhost which is more compatible and is not less secure.
|
||||||
|
bind-address = 127.0.0.1
|
||||||
|
#
|
||||||
|
# * Fine Tuning
|
||||||
|
#
|
||||||
|
key_buffer = 16M
|
||||||
|
max_allowed_packet = 16M
|
||||||
|
thread_stack = 192K
|
||||||
|
thread_cache_size = 8
|
||||||
|
# This replaces the startup script and checks MyISAM tables if needed
|
||||||
|
# the first time they are touched
|
||||||
|
myisam-recover = BACKUP
|
||||||
|
#max_connections = 100
|
||||||
|
#table_cache = 64
|
||||||
|
#thread_concurrency = 10
|
||||||
|
#
|
||||||
|
# * Query Cache Configuration
|
||||||
|
#
|
||||||
|
query_cache_limit = 1M
|
||||||
|
query_cache_size = 16M
|
||||||
|
#
|
||||||
|
# * Logging and Replication
|
||||||
|
#
|
||||||
|
# Both location gets rotated by the cronjob.
|
||||||
|
# Be aware that this log type is a performance killer.
|
||||||
|
# As of 5.1 you can enable the log at runtime!
|
||||||
|
#general_log_file = /var/log/mysql/mysql.log
|
||||||
|
#general_log = 1
|
||||||
|
|
||||||
|
log_error = /var/log/mysql/error.log
|
||||||
|
|
||||||
|
# Here you can see queries with especially long duration
|
||||||
|
#log_slow_queries = /var/log/mysql/mysql-slow.log
|
||||||
|
#long_query_time = 2
|
||||||
|
#log-queries-not-using-indexes
|
||||||
|
#
|
||||||
|
# The following can be used as easy to replay backup logs or for replication.
|
||||||
|
# note: if you are setting up a replication slave, see README.Debian about
|
||||||
|
# other settings you may need to change.
|
||||||
|
server-id = 1
|
||||||
|
log_bin = /var/log/mysql/mysql-bin.log
|
||||||
|
expire_logs_days = 10
|
||||||
|
max_binlog_size = 100M
|
||||||
|
#binlog_do_db = include_database_name
|
||||||
|
#binlog_ignore_db = include_database_name
|
||||||
|
#
|
||||||
|
# * InnoDB
|
||||||
|
#
|
||||||
|
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
|
||||||
|
# Read the manual for more InnoDB related options. There are many!
|
||||||
|
#
|
||||||
|
# * Security Features
|
||||||
|
#
|
||||||
|
# Read the manual, too, if you want chroot!
|
||||||
|
# chroot = /var/lib/mysql/
|
||||||
|
#
|
||||||
|
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
|
||||||
|
#
|
||||||
|
# ssl-ca=/etc/mysql/cacert.pem
|
||||||
|
# ssl-cert=/etc/mysql/server-cert.pem
|
||||||
|
# ssl-key=/etc/mysql/server-key.pem
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
[mysqldump]
|
||||||
|
quick
|
||||||
|
quote-names
|
||||||
|
max_allowed_packet = 16M
|
||||||
|
|
||||||
|
[mysql]
|
||||||
|
#no-auto-rehash # faster start of mysql but no tab completition
|
||||||
|
|
||||||
|
[isamchk]
|
||||||
|
key_buffer = 16M
|
||||||
|
|
||||||
|
#
|
||||||
|
# * IMPORTANT: Additional settings that can override those from this file!
|
||||||
|
# The files must end with '.cnf', otherwise they'll be ignored.
|
||||||
|
#
|
||||||
|
!includedir /etc/mysql/conf.d/
|
@ -1,4 +1,50 @@
|
|||||||
class gerrit($canonicalweburl='',
|
# Install and maintain Gerrit Code Review.
|
||||||
|
# params:
|
||||||
|
# virtual_hostname:
|
||||||
|
# used in the Apache virtual host, eg., review.example.com
|
||||||
|
# canonicalweburl:
|
||||||
|
# Used in the Gerrit config to generate links, eg., https://review.example.com/
|
||||||
|
# ssl_cert_file:
|
||||||
|
# ssl_key_file:
|
||||||
|
# Used in the Apache virtual host to specify the SSL cert and key files.
|
||||||
|
# ssl_chain_file:
|
||||||
|
# Optional, if you have an intermediate cert Apache should serve.
|
||||||
|
# openidssourl:
|
||||||
|
# The URL to use for OpenID in SSO mode.
|
||||||
|
# email:
|
||||||
|
# The email address Gerrit should use when sending mail.
|
||||||
|
# commentlinks:
|
||||||
|
# A list of regexes Gerrit should hyperlink.
|
||||||
|
# logo:
|
||||||
|
# The name of the image file for the site header.
|
||||||
|
# war:
|
||||||
|
# The URL of the Gerrit WAR that should be downloaded and installed.
|
||||||
|
# Note that only the final component is used for comparing to the most
|
||||||
|
# recently installed WAR. In other words, if you update the war from:
|
||||||
|
#
|
||||||
|
# http://ci.openstack.org/tarballs/gerrit.war
|
||||||
|
# to:
|
||||||
|
# http://somewhereelse.example.com/gerrit.war
|
||||||
|
#
|
||||||
|
# Gerrit won't be updated unless you delete gerrit.war from
|
||||||
|
# ~gerrit2/gerrit-wars. But if you change the URL from:
|
||||||
|
#
|
||||||
|
# http://ci.openstack.org/tarballs/gerrit-2.2.2.war
|
||||||
|
# to:
|
||||||
|
# http://ci.openstack.org/tarballs/gerrit-2.3.0.war
|
||||||
|
# Gerrit will be upgraded on the next puppet run.
|
||||||
|
|
||||||
|
# TODO: move closing github pull requests to another module
|
||||||
|
# TODO: move gerritbot configuration to another module
|
||||||
|
# TODO: move apache configuration to another module
|
||||||
|
# TODO: move mysql configuration to another module
|
||||||
|
# TODO: make more gerrit options configurable here
|
||||||
|
|
||||||
|
class gerrit($virtual_hostname='',
|
||||||
|
$canonicalweburl='',
|
||||||
|
$ssl_cert_file='',
|
||||||
|
$ssl_key_file='',
|
||||||
|
$ssl_chain_file='',
|
||||||
$openidssourl="https://login.launchpad.net/+openid",
|
$openidssourl="https://login.launchpad.net/+openid",
|
||||||
$email='',
|
$email='',
|
||||||
$github_projects = [],
|
$github_projects = [],
|
||||||
@ -13,11 +59,15 @@ $commentlinks = [ { name => 'changeid',
|
|||||||
{ name => 'blueprint',
|
{ name => 'blueprint',
|
||||||
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
|
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
|
||||||
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' },
|
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' },
|
||||||
|
|
||||||
],
|
],
|
||||||
$logo
|
$logo,
|
||||||
|
$war
|
||||||
) {
|
) {
|
||||||
|
|
||||||
|
# Set this to true to disable cron jobs and replication, which can
|
||||||
|
# interfere with testing.
|
||||||
|
$testmode = false
|
||||||
|
|
||||||
user { "gerrit2":
|
user { "gerrit2":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
comment => "Gerrit",
|
comment => "Gerrit",
|
||||||
@ -32,22 +82,29 @@ $logo
|
|||||||
ensure => present
|
ensure => present
|
||||||
}
|
}
|
||||||
|
|
||||||
package { "gitweb":
|
$packages = ["gitweb",
|
||||||
ensure => latest
|
"python-dev",
|
||||||
}
|
"openjdk-6-jre-headless",
|
||||||
package { "python-dev":
|
"mysql-server",
|
||||||
ensure => latest
|
"apache2"]
|
||||||
|
|
||||||
|
package { $packages:
|
||||||
|
ensure => "latest",
|
||||||
}
|
}
|
||||||
|
|
||||||
package { "python-pip":
|
package { "python-pip":
|
||||||
ensure => latest,
|
ensure => latest,
|
||||||
require => Package[python-dev]
|
require => Package[python-dev]
|
||||||
}
|
}
|
||||||
|
|
||||||
package { "github2":
|
package { "github2":
|
||||||
ensure => latest,
|
ensure => latest,
|
||||||
provider => pip,
|
provider => pip,
|
||||||
require => Package[python-pip]
|
require => Package[python-pip]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Skip cron jobs if we're in test mode
|
||||||
|
if ($testmode == false) {
|
||||||
cron { "gerritupdateci":
|
cron { "gerritupdateci":
|
||||||
user => gerrit2,
|
user => gerrit2,
|
||||||
minute => "*/15",
|
minute => "*/15",
|
||||||
@ -81,13 +138,16 @@ $logo
|
|||||||
command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
|
command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;',
|
||||||
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
|
environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin",
|
||||||
}
|
}
|
||||||
|
} # testmode==false
|
||||||
|
|
||||||
file { "/var/log/gerrit":
|
file { "/var/log/gerrit":
|
||||||
ensure => "directory",
|
ensure => "directory",
|
||||||
owner => 'gerrit2'
|
owner => 'gerrit2'
|
||||||
}
|
}
|
||||||
|
|
||||||
# directory creation hacks until we can automate gerrit installation
|
# Prepare gerrit directories. Even though some of these would be created
|
||||||
|
# by the init command, we can go ahead and create them now and populate them.
|
||||||
|
# That way the config files are already in place before init runs.
|
||||||
|
|
||||||
file { "/home/gerrit2/review_site":
|
file { "/home/gerrit2/review_site":
|
||||||
ensure => "directory",
|
ensure => "directory",
|
||||||
@ -101,6 +161,12 @@ $logo
|
|||||||
require => File["/home/gerrit2/review_site"]
|
require => File["/home/gerrit2/review_site"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
file { "/home/gerrit2/review_site/bin":
|
||||||
|
ensure => "directory",
|
||||||
|
owner => "gerrit2",
|
||||||
|
require => File["/home/gerrit2/review_site"]
|
||||||
|
}
|
||||||
|
|
||||||
file { "/home/gerrit2/review_site/hooks":
|
file { "/home/gerrit2/review_site/hooks":
|
||||||
ensure => "directory",
|
ensure => "directory",
|
||||||
owner => "gerrit2",
|
owner => "gerrit2",
|
||||||
@ -143,6 +209,8 @@ $logo
|
|||||||
source => 'puppet:///modules/gerrit/GerritSiteHeader.html'
|
source => 'puppet:///modules/gerrit/GerritSiteHeader.html'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Skip replication if we're in test mode
|
||||||
|
if ($testmode == false) {
|
||||||
file { '/home/gerrit2/review_site/etc/replication.config':
|
file { '/home/gerrit2/review_site/etc/replication.config':
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'root',
|
group => 'root',
|
||||||
@ -152,6 +220,7 @@ $logo
|
|||||||
replace => 'true',
|
replace => 'true',
|
||||||
require => File["/home/gerrit2/review_site/etc"]
|
require => File["/home/gerrit2/review_site/etc"]
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
file { '/home/gerrit2/review_site/etc/gerrit.config':
|
file { '/home/gerrit2/review_site/etc/gerrit.config':
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
@ -193,4 +262,228 @@ $logo
|
|||||||
require => File["/home/gerrit2/review_site/static"]
|
require => File["/home/gerrit2/review_site/static"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Secret files.
|
||||||
|
# TODO: move the first two into other modules since they aren't for gerrit.
|
||||||
|
# TODO: move secure.config to a puppet master
|
||||||
|
|
||||||
|
file { '/home/gerrit2/github.secure.config':
|
||||||
|
owner => 'root',
|
||||||
|
group => 'gerrit2',
|
||||||
|
mode => 440,
|
||||||
|
ensure => 'present',
|
||||||
|
source => 'file:///root/secret-files/github.secure.config',
|
||||||
|
replace => 'true',
|
||||||
|
require => User['gerrit2']
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/home/gerrit2/gerritbot.config':
|
||||||
|
owner => 'root',
|
||||||
|
group => 'gerrit2',
|
||||||
|
mode => 440,
|
||||||
|
ensure => 'present',
|
||||||
|
source => 'file:///root/secret-files/gerritbot.config',
|
||||||
|
replace => 'true',
|
||||||
|
require => User['gerrit2']
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/home/gerrit2/review_site/etc/secure.config':
|
||||||
|
owner => 'root',
|
||||||
|
group => 'gerrit2',
|
||||||
|
mode => 440,
|
||||||
|
ensure => 'present',
|
||||||
|
source => 'file:///root/secret-files/secure.config',
|
||||||
|
replace => 'true',
|
||||||
|
require => File["/home/gerrit2/review_site/etc"]
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set up MySQL.
|
||||||
|
# We should probably have or use a puppet module to manage mysql, and then
|
||||||
|
# use that to satisfy the requirements that gerrit has.
|
||||||
|
|
||||||
|
exec { "gerrit-mysql":
|
||||||
|
creates => "/var/lib/mysql/reviewdb/",
|
||||||
|
command => "/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -e \"\
|
||||||
|
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY '`grep password /home/gerrit2/review_site/etc/secure.config |cut -d= -f2|sed -e 's/ //'`';\
|
||||||
|
CREATE DATABASE reviewdb;\
|
||||||
|
ALTER DATABASE reviewdb charset=latin1;\
|
||||||
|
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';\
|
||||||
|
FLUSH PRIVILEGES;\"",
|
||||||
|
require => [File['/home/gerrit2/review_site/etc/secure.config'], Package["mysql-server"]],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/mysql/my.cnf":
|
||||||
|
source => 'puppet:///modules/gerrit/my.cnf',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
ensure => 'present',
|
||||||
|
replace => 'true',
|
||||||
|
mode => 444,
|
||||||
|
require => Package["mysql-server"],
|
||||||
|
}
|
||||||
|
|
||||||
|
# Set up apache. This should also be a separate, generalized module.
|
||||||
|
|
||||||
|
file { "/etc/apache2/sites-available/gerrit":
|
||||||
|
content => template('gerrit/gerrit.vhost.erb'),
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
ensure => 'present',
|
||||||
|
replace => 'true',
|
||||||
|
mode => 444,
|
||||||
|
require => Package["apache2"],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/apache2/sites-enabled/gerrit":
|
||||||
|
ensure => link,
|
||||||
|
target => '/etc/apache2/sites-available/gerrit',
|
||||||
|
require => [
|
||||||
|
File['/etc/apache2/sites-available/gerrit'],
|
||||||
|
File['/etc/apache2/mods-enabled/ssl.conf'],
|
||||||
|
File['/etc/apache2/mods-enabled/ssl.load'],
|
||||||
|
File['/etc/apache2/mods-enabled/rewrite.load'],
|
||||||
|
File['/etc/apache2/mods-enabled/proxy.conf'],
|
||||||
|
File['/etc/apache2/mods-enabled/proxy.load'],
|
||||||
|
File['/etc/apache2/mods-enabled/proxy_http.load'],
|
||||||
|
],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/apache2/sites-enabled/000-default':
|
||||||
|
require => File['/etc/apache2/sites-available/gerrit'],
|
||||||
|
ensure => absent,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/apache2/mods-enabled/ssl.conf':
|
||||||
|
target => '/etc/apache2/mods-available/ssl.conf',
|
||||||
|
ensure => link,
|
||||||
|
require => Package['apache2'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/apache2/mods-enabled/ssl.load':
|
||||||
|
target => '/etc/apache2/mods-available/ssl.load',
|
||||||
|
ensure => link,
|
||||||
|
require => Package['apache2'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/apache2/mods-enabled/rewrite.load':
|
||||||
|
target => '/etc/apache2/mods-available/rewrite.load',
|
||||||
|
ensure => link,
|
||||||
|
require => Package['apache2'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/apache2/mods-enabled/proxy.conf':
|
||||||
|
target => '/etc/apache2/mods-available/proxy.conf',
|
||||||
|
ensure => link,
|
||||||
|
require => Package['apache2'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/apache2/mods-enabled/proxy.load':
|
||||||
|
target => '/etc/apache2/mods-available/proxy.load',
|
||||||
|
ensure => link,
|
||||||
|
require => Package['apache2'],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/apache2/mods-enabled/proxy_http.load':
|
||||||
|
target => '/etc/apache2/mods-available/proxy_http.load',
|
||||||
|
ensure => link,
|
||||||
|
require => Package['apache2'],
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { "gracefully restart apache":
|
||||||
|
subscribe => [ File["/etc/apache2/sites-available/gerrit"]],
|
||||||
|
refreshonly => true,
|
||||||
|
path => "/bin:/usr/bin:/usr/sbin",
|
||||||
|
command => "apache2ctl graceful",
|
||||||
|
}
|
||||||
|
|
||||||
|
# Install Gerrit itself.
|
||||||
|
|
||||||
|
# The Gerrit WAR is specified as a url like 'http://ci.openstack.org/tarballs/gerrit-2.2.2-363-gd0a67ce.war'
|
||||||
|
# Set $basewar so that we can work with filenames like gerrit-2.2.2-363-gd0a67ce.war'.
|
||||||
|
|
||||||
|
if $war =~ /.*\/(.*)/ {
|
||||||
|
$basewar = $1
|
||||||
|
} else {
|
||||||
|
$basewar = $war
|
||||||
|
}
|
||||||
|
|
||||||
|
# This directory is used to download and cache gerrit war files.
|
||||||
|
# That way the download and install steps are kept separate.
|
||||||
|
file { "/home/gerrit2/gerrit-wars":
|
||||||
|
ensure => "directory",
|
||||||
|
require => User["gerrit2"]
|
||||||
|
}
|
||||||
|
|
||||||
|
# If we don't already have the specified WAR, download it.
|
||||||
|
exec { "download:$war":
|
||||||
|
command => "/usr/bin/wget $war -O /home/gerrit2/gerrit-wars/$basewar",
|
||||||
|
creates => "/home/gerrit2/gerrit-wars/$basewar",
|
||||||
|
require => File["/home/gerrit2/gerrit-wars"],
|
||||||
|
}
|
||||||
|
|
||||||
|
# If gerrit.war isn't the same as $basewar, install it.
|
||||||
|
file { "/home/gerrit2/review_site/bin/gerrit.war":
|
||||||
|
source => "file:///home/gerrit2/gerrit-wars/$basewar",
|
||||||
|
require => Exec["download:$war"],
|
||||||
|
ensure => present,
|
||||||
|
replace => 'true',
|
||||||
|
# user, group, and mode have to be set this way to avoid retriggering gerrit-init on every run
|
||||||
|
# because gerrit init sets them this way
|
||||||
|
owner => 'gerrit2',
|
||||||
|
group => 'gerrit2',
|
||||||
|
mode => 644,
|
||||||
|
}
|
||||||
|
|
||||||
|
# If gerrit.war was just installed, run the Gerrit "init" command.
|
||||||
|
# Stop is included here because it may not be running or the init
|
||||||
|
# script may not exist, and in those cases, we don't care if it fails.
|
||||||
|
# Running the init script as the gerrit2 user _does_ work.
|
||||||
|
exec { "gerrit-init":
|
||||||
|
user => 'gerrit2',
|
||||||
|
command => "/etc/init.d/gerrit stop; /usr/bin/java -jar /home/gerrit2/review_site/bin/gerrit.war init -d /home/gerrit2/review_site --batch --no-auto-start",
|
||||||
|
subscribe => File["/home/gerrit2/review_site/bin/gerrit.war"],
|
||||||
|
refreshonly => true,
|
||||||
|
require => [Package["openjdk-6-jre-headless"],
|
||||||
|
User["gerrit2"],
|
||||||
|
Exec["gerrit-mysql"],
|
||||||
|
File["/etc/mysql/my.cnf"], # For innodb default tables
|
||||||
|
File["/home/gerrit2/review_site/etc/gerrit.config"],
|
||||||
|
File["/home/gerrit2/review_site/etc/secure.config"]],
|
||||||
|
notify => Exec["gerrit-start"],
|
||||||
|
}
|
||||||
|
|
||||||
|
# Symlink the init script.
|
||||||
|
file { "/etc/init.d/gerrit":
|
||||||
|
ensure => link,
|
||||||
|
target => '/home/gerrit2/review_site/bin/gerrit.sh',
|
||||||
|
require => Exec['gerrit-init'],
|
||||||
|
}
|
||||||
|
|
||||||
|
# The init script requires the path to gerrit to be set.
|
||||||
|
file { "/etc/default/gerritcodereview":
|
||||||
|
source => 'puppet:///modules/gerrit/gerritcodereview.default',
|
||||||
|
ensure => present,
|
||||||
|
replace => 'true',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => 444,
|
||||||
|
}
|
||||||
|
|
||||||
|
# Make sure the init script starts on boot.
|
||||||
|
file { ['/etc/rc0.d/K10gerrit',
|
||||||
|
'/etc/rc1.d/K10gerrit',
|
||||||
|
'/etc/rc2.d/S90gerrit',
|
||||||
|
'/etc/rc3.d/S90gerrit',
|
||||||
|
'/etc/rc4.d/S90gerrit',
|
||||||
|
'/etc/rc5.d/S90gerrit',
|
||||||
|
'/etc/rc6.d/K10gerrit']:
|
||||||
|
ensure => link,
|
||||||
|
target => '/etc/init.d/gerrit',
|
||||||
|
require => File['/etc/init.d/gerrit'],
|
||||||
|
}
|
||||||
|
|
||||||
|
exec { "gerrit-start":
|
||||||
|
command => '/etc/init.d/gerrit start',
|
||||||
|
require => File['/etc/init.d/gerrit'],
|
||||||
|
refreshonly => true,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -38,3 +38,9 @@
|
|||||||
match = "<%= commentlink['match'] %>"
|
match = "<%= commentlink['match'] %>"
|
||||||
link = "<%= commentlink['link'] %>"
|
link = "<%= commentlink['link'] %>"
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
[theme]
|
||||||
|
backgroundColor = ffffff
|
||||||
|
topMenuColor = ffffff
|
||||||
|
textColor = 264d69
|
||||||
|
trimColor = eef3f5
|
||||||
|
selectionColor = d1e6ea
|
||||||
|
54
modules/gerrit/templates/gerrit.vhost.erb
Normal file
54
modules/gerrit/templates/gerrit.vhost.erb
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
|
||||||
|
|
||||||
|
Redirect / <%= canonicalweburl %>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost _default_:443>
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
|
||||||
|
SSLCertificateFile <%= ssl_cert_file %>
|
||||||
|
SSLCertificateKeyFile <%= ssl_key_file %>
|
||||||
|
<% if ssl_chain_file != "" %>
|
||||||
|
SSLCertificateChainFile <%= ssl_chain_file %>
|
||||||
|
<% end %>
|
||||||
|
|
||||||
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</FilesMatch>
|
||||||
|
<Directory /usr/lib/cgi-bin>
|
||||||
|
SSLOptions +StdEnvVars
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
BrowserMatch "MSIE [2-6]" \
|
||||||
|
nokeepalive ssl-unclean-shutdown \
|
||||||
|
downgrade-1.0 force-response-1.0
|
||||||
|
# MSIE 7 and newer should be able to use keepalive
|
||||||
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{HTTP_HOST} !<%= virtual_hostname %>
|
||||||
|
RewriteRule ^.*$ <%= canonicalweburl %>
|
||||||
|
|
||||||
|
ProxyPassReverse / http://localhost:8081/
|
||||||
|
<Location />
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
ProxyPass http://localhost:8081/ retry=0
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
Loading…
x
Reference in New Issue
Block a user