opendev/system-config
Code Issues Proposed changes

Implement Gerrit CLA and Contact Store.

Browse Source 
This change fixes bug 1082754 and builds on the following prior
work, which set up the underlying mechanisms and implemented them on
review-dev:

  - https://review.openstack.org/12716
  - https://review.openstack.org/13058
  - https://review.openstack.org/13378
  - https://review.openstack.org/13392
  - https://review.openstack.org/13402
  - https://review.openstack.org/13592
  - https://review.openstack.org/14319
  - https://review.openstack.org/14493
  - https://review.openstack.org/16468

* manifests/site.pp(review.openstack.org): Add
gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables
similar to those used for review-dev.openstack.org.

* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Move the cla_description, cla_file, cla_id
and cla_name variables here, since they'll be used by both review and
review-dev servers. Same goes for the set_agreements.sh file block and
set_contributor_agreements exec block. Also stop loading the
launchpad_sync module and make sure the sync_launchpad_users cron
job is removed from the server.

* modules/openstack_project/manifests/review.pp
(openstack_project::review): Add the contactstore_appsec and
contactstore_pubkey variables being from from hiera. Update the .war
file to one with "Hack out some CLA bits" reverted. Turn on
contactstore, pass the contactstore_appsec and contactstore_pubkey
variables through, and set the production contactstore_url.

* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Remove the definitions for
cla_description, cla_file, cla_id and cla_name, along with the
set_agreements.sh file block and set_contributor_agreements exec block
since they're all in gerrit.pp now.

Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6
Reviewed-on: https://review.openstack.org/14099
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
This commit is contained in:
Jeremy Stanley 2012-10-05 15:44:11 +00:00 committed by Jenkins
parent a62c602aac
commit e04a26c7bb
4 changed files with 32 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/site.pp
View File

@ -34,6 +34,8 @@ node 'review.openstack.org' {
lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'), lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'),
lp_sync_token => hiera('gerrit_lp_access_token'), lp_sync_token => hiera('gerrit_lp_access_token'),
lp_sync_secret => hiera('gerrit_lp_access_secret'), lp_sync_secret => hiera('gerrit_lp_access_secret'),
contactstore_appsec => hiera('gerrit_contactstore_appsec'),
contactstore_pubkey => hiera('gerrit_contactstore_pubkey'),
sysadmins => hiera('sysadmins'), sysadmins => hiera('sysadmins'),
} }
} }

30
modules/openstack_project/manifests/gerrit.pp
View File

@ -1,9 +1,7 @@
# == Class: openstack_project::gerrit # == Class: openstack_project::gerrit
# #
# A wrapper class around the main gerrit class that sets gerrit # A wrapper class around the main gerrit class that sets gerrit
# up for launchpad single sign on, bug/blueprint links and user # up for launchpad single sign on and bug/blueprint links
# import and sync
# TODO: launchpadlib creds for user sync script
class openstack_project::gerrit ( class openstack_project::gerrit (
$vhost_name = $::fqdn, $vhost_name = $::fqdn,
@ -54,6 +52,10 @@ class openstack_project::gerrit (
$replicate_github = true, $replicate_github = true,
$replicate_local = true, $replicate_local = true,
$local_git_dir = '/var/lib/git', $local_git_dir = '/var/lib/git',
$cla_description = 'OpenStack Individual Contributor License Agreement',
$cla_file = 'static/cla.html',
$cla_id = '2',
$cla_name = 'ICLA',
$testmode = false, $testmode = false,
$sysadmins = [] $sysadmins = []
) { ) {
@ -185,11 +187,8 @@ class openstack_project::gerrit (
ensure => absent, ensure => absent,
} }
class { 'launchpad_sync': cron { 'sync_launchpad_users':
user => 'gerrit2', ensure => absent,
script_user => $script_user,
script_key_file => $script_key_file,
script_logging_conf => $script_logging_conf,
} }
file { '/home/gerrit2/review_site/hooks/change-merged': file { '/home/gerrit2/review_site/hooks/change-merged':
@ -264,4 +263,19 @@ class openstack_project::gerrit (
], ],
} }
} }
file { '/home/gerrit2/review_site/bin/set_agreements.sh':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('openstack_project/gerrit_set_agreements.sh.erb'),
replace => true,
require => Class['::gerrit']
}
exec { 'set_contributor_agreements':
path => ['/bin', '/usr/bin'],
command => '/home/gerrit2/review_site/bin/set_agreements.sh',
require => [Class['mysql'],
File['/home/gerrit2/review_site/bin/set_agreements.sh']]
}
} }

9
modules/openstack_project/manifests/review.pp
View File

@ -51,6 +51,8 @@ class openstack_project::review (
$lp_sync_consumer_key='', $lp_sync_consumer_key='',
$lp_sync_token='', $lp_sync_token='',
$lp_sync_secret='', $lp_sync_secret='',
$contactstore_appsec='',
$contactstore_pubkey='',
$replicate_github=true, $replicate_github=true,
$sysadmins = [] $sysadmins = []
) { ) {
@ -79,7 +81,12 @@ class openstack_project::review (
sshd_threads => '100', sshd_threads => '100',
httpd_maxwait => '5000min', httpd_maxwait => '5000min',
war => war =>
'http://tarballs.openstack.org/ci/gerrit-2.4.2-11-gb5a28fb.war', 'http://tarballs.openstack.org/ci/gerrit-2.4.2-16-g27644a5.war',
contactstore => true,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url =>
'http://www.openstack.org/verify/member/',
script_user => 'launchpadsync', script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa', script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf', script_logging_conf => '/home/gerrit2/.sync_logging.conf',

22
modules/openstack_project/manifests/review_dev.pp
View File

@ -15,10 +15,6 @@ class openstack_project::review_dev (
$ssh_rsa_pubkey_contents = '', $ssh_rsa_pubkey_contents = '',
$ssh_project_rsa_key_contents = '', $ssh_project_rsa_key_contents = '',
$ssh_project_rsa_pubkey_contents = '', $ssh_project_rsa_pubkey_contents = '',
$cla_description = 'OpenStack Individual Contributor License Agreement',
$cla_file = 'static/cla.html',
$cla_id = '2',
$cla_name = 'ICLA',
$lp_sync_key = '', # If left empty puppet will not create file. $lp_sync_key = '', # If left empty puppet will not create file.
$lp_sync_pubkey = '', # If left empty puppet will not create file. $lp_sync_pubkey = '', # If left empty puppet will not create file.
$lp_sync_consumer_key = '', $lp_sync_consumer_key = '',
@ -81,15 +77,6 @@ class openstack_project::review_dev (
'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf', 'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2'], require => User['gerrit2'],
} }
file { '/home/gerrit2/review_site/bin/set_agreements.sh':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('openstack_project/gerrit_set_agreements.sh.erb'),
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/.ssh': file { '/home/gerrit2/.ssh':
ensure => directory, ensure => directory,
owner => 'gerrit2', owner => 'gerrit2',
@ -135,13 +122,4 @@ class openstack_project::review_dev (
replace => true, replace => true,
require => User['gerrit2'], require => User['gerrit2'],
} }
exec { 'set_contributor_agreements':
path => ['/bin', '/usr/bin'],
command => '/home/gerrit2/review_site/bin/set_agreements.sh',
require => [
Class['mysql'],
File['/home/gerrit2/review_site/bin/set_agreements.sh'],
],
}
} }