From e04a26c7bb36ba2205abccade4325f67e3f1dc0a Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Fri, 5 Oct 2012 15:44:11 +0000 Subject: [PATCH] Implement Gerrit CLA and Contact Store. This change fixes bug 1082754 and builds on the following prior work, which set up the underlying mechanisms and implemented them on review-dev: - https://review.openstack.org/12716 - https://review.openstack.org/13058 - https://review.openstack.org/13378 - https://review.openstack.org/13392 - https://review.openstack.org/13402 - https://review.openstack.org/13592 - https://review.openstack.org/14319 - https://review.openstack.org/14493 - https://review.openstack.org/16468 * manifests/site.pp(review.openstack.org): Add gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables similar to those used for review-dev.openstack.org. * modules/openstack_project/manifests/gerrit.pp (openstack_project::gerrit): Move the cla_description, cla_file, cla_id and cla_name variables here, since they'll be used by both review and review-dev servers. Same goes for the set_agreements.sh file block and set_contributor_agreements exec block. Also stop loading the launchpad_sync module and make sure the sync_launchpad_users cron job is removed from the server. * modules/openstack_project/manifests/review.pp (openstack_project::review): Add the contactstore_appsec and contactstore_pubkey variables being from from hiera. Update the .war file to one with "Hack out some CLA bits" reverted. Turn on contactstore, pass the contactstore_appsec and contactstore_pubkey variables through, and set the production contactstore_url. * modules/openstack_project/manifests/review_dev.pp (openstack_project::review_dev): Remove the definitions for cla_description, cla_file, cla_id and cla_name, along with the set_agreements.sh file block and set_contributor_agreements exec block since they're all in gerrit.pp now. Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6 Reviewed-on: https://review.openstack.org/14099 Reviewed-by: James E. Blair Reviewed-by: Monty Taylor Approved: Jeremy Stanley Reviewed-by: Jeremy Stanley Tested-by: Jenkins --- manifests/site.pp | 2 ++ modules/openstack_project/manifests/gerrit.pp | 30 ++++++++++++++----- modules/openstack_project/manifests/review.pp | 9 +++++- .../openstack_project/manifests/review_dev.pp | 22 -------------- 4 files changed, 32 insertions(+), 31 deletions(-) diff --git a/manifests/site.pp b/manifests/site.pp index 447d765184..e67e6e7f99 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -34,6 +34,8 @@ node 'review.openstack.org' { lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'), lp_sync_token => hiera('gerrit_lp_access_token'), lp_sync_secret => hiera('gerrit_lp_access_secret'), + contactstore_appsec => hiera('gerrit_contactstore_appsec'), + contactstore_pubkey => hiera('gerrit_contactstore_pubkey'), sysadmins => hiera('sysadmins'), } } diff --git a/modules/openstack_project/manifests/gerrit.pp b/modules/openstack_project/manifests/gerrit.pp index 32bb57a4c4..198f5a28e6 100644 --- a/modules/openstack_project/manifests/gerrit.pp +++ b/modules/openstack_project/manifests/gerrit.pp @@ -1,9 +1,7 @@ # == Class: openstack_project::gerrit # # A wrapper class around the main gerrit class that sets gerrit -# up for launchpad single sign on, bug/blueprint links and user -# import and sync -# TODO: launchpadlib creds for user sync script +# up for launchpad single sign on and bug/blueprint links class openstack_project::gerrit ( $vhost_name = $::fqdn, @@ -54,6 +52,10 @@ class openstack_project::gerrit ( $replicate_github = true, $replicate_local = true, $local_git_dir = '/var/lib/git', + $cla_description = 'OpenStack Individual Contributor License Agreement', + $cla_file = 'static/cla.html', + $cla_id = '2', + $cla_name = 'ICLA', $testmode = false, $sysadmins = [] ) { @@ -185,11 +187,8 @@ class openstack_project::gerrit ( ensure => absent, } - class { 'launchpad_sync': - user => 'gerrit2', - script_user => $script_user, - script_key_file => $script_key_file, - script_logging_conf => $script_logging_conf, + cron { 'sync_launchpad_users': + ensure => absent, } file { '/home/gerrit2/review_site/hooks/change-merged': @@ -264,4 +263,19 @@ class openstack_project::gerrit ( ], } } + file { '/home/gerrit2/review_site/bin/set_agreements.sh': + ensure => present, + owner => 'root', + group => 'root', + mode => '0755', + content => template('openstack_project/gerrit_set_agreements.sh.erb'), + replace => true, + require => Class['::gerrit'] + } + exec { 'set_contributor_agreements': + path => ['/bin', '/usr/bin'], + command => '/home/gerrit2/review_site/bin/set_agreements.sh', + require => [Class['mysql'], + File['/home/gerrit2/review_site/bin/set_agreements.sh']] + } } diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp index 24d2636500..084e3cf745 100644 --- a/modules/openstack_project/manifests/review.pp +++ b/modules/openstack_project/manifests/review.pp @@ -51,6 +51,8 @@ class openstack_project::review ( $lp_sync_consumer_key='', $lp_sync_token='', $lp_sync_secret='', + $contactstore_appsec='', + $contactstore_pubkey='', $replicate_github=true, $sysadmins = [] ) { @@ -79,7 +81,12 @@ class openstack_project::review ( sshd_threads => '100', httpd_maxwait => '5000min', war => - 'http://tarballs.openstack.org/ci/gerrit-2.4.2-11-gb5a28fb.war', + 'http://tarballs.openstack.org/ci/gerrit-2.4.2-16-g27644a5.war', + contactstore => true, + contactstore_appsec => $contactstore_appsec, + contactstore_pubkey => $contactstore_pubkey, + contactstore_url => + 'http://www.openstack.org/verify/member/', script_user => 'launchpadsync', script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa', script_logging_conf => '/home/gerrit2/.sync_logging.conf', diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp index 63bb0247f7..1425f8100d 100644 --- a/modules/openstack_project/manifests/review_dev.pp +++ b/modules/openstack_project/manifests/review_dev.pp @@ -15,10 +15,6 @@ class openstack_project::review_dev ( $ssh_rsa_pubkey_contents = '', $ssh_project_rsa_key_contents = '', $ssh_project_rsa_pubkey_contents = '', - $cla_description = 'OpenStack Individual Contributor License Agreement', - $cla_file = 'static/cla.html', - $cla_id = '2', - $cla_name = 'ICLA', $lp_sync_key = '', # If left empty puppet will not create file. $lp_sync_pubkey = '', # If left empty puppet will not create file. $lp_sync_consumer_key = '', @@ -81,15 +77,6 @@ class openstack_project::review_dev ( 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf', require => User['gerrit2'], } - file { '/home/gerrit2/review_site/bin/set_agreements.sh': - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - content => template('openstack_project/gerrit_set_agreements.sh.erb'), - replace => true, - require => Class['::gerrit'], - } file { '/home/gerrit2/.ssh': ensure => directory, owner => 'gerrit2', @@ -135,13 +122,4 @@ class openstack_project::review_dev ( replace => true, require => User['gerrit2'], } - - exec { 'set_contributor_agreements': - path => ['/bin', '/usr/bin'], - command => '/home/gerrit2/review_site/bin/set_agreements.sh', - require => [ - Class['mysql'], - File['/home/gerrit2/review_site/bin/set_agreements.sh'], - ], - } }