Implement Gerrit CLA and Contact Store.

This change fixes bug 1082754 and builds on the following prior
work, which set up the underlying mechanisms and implemented them on
review-dev:

  - https://review.openstack.org/12716
  - https://review.openstack.org/13058
  - https://review.openstack.org/13378
  - https://review.openstack.org/13392
  - https://review.openstack.org/13402
  - https://review.openstack.org/13592
  - https://review.openstack.org/14319
  - https://review.openstack.org/14493
  - https://review.openstack.org/16468

* manifests/site.pp(review.openstack.org): Add
gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables
similar to those used for review-dev.openstack.org.

* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Move the cla_description, cla_file, cla_id
and cla_name variables here, since they'll be used by both review and
review-dev servers. Same goes for the set_agreements.sh file block and
set_contributor_agreements exec block. Also stop loading the
launchpad_sync module and make sure the sync_launchpad_users cron
job is removed from the server.

* modules/openstack_project/manifests/review.pp
(openstack_project::review): Add the contactstore_appsec and
contactstore_pubkey variables being from from hiera. Update the .war
file to one with "Hack out some CLA bits" reverted. Turn on
contactstore, pass the contactstore_appsec and contactstore_pubkey
variables through, and set the production contactstore_url.

* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Remove the definitions for
cla_description, cla_file, cla_id and cla_name, along with the
set_agreements.sh file block and set_contributor_agreements exec block
since they're all in gerrit.pp now.

Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6
Reviewed-on: https://review.openstack.org/14099
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
This commit is contained in:
Jeremy Stanley 2012-10-05 15:44:11 +00:00 committed by Jenkins
parent a62c602aac
commit e04a26c7bb
4 changed files with 32 additions and 31 deletions

View File

@ -34,6 +34,8 @@ node 'review.openstack.org' {
lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'),
lp_sync_token => hiera('gerrit_lp_access_token'),
lp_sync_secret => hiera('gerrit_lp_access_secret'),
contactstore_appsec => hiera('gerrit_contactstore_appsec'),
contactstore_pubkey => hiera('gerrit_contactstore_pubkey'),
sysadmins => hiera('sysadmins'),
}
}

View File

@ -1,9 +1,7 @@
# == Class: openstack_project::gerrit
#
# A wrapper class around the main gerrit class that sets gerrit
# up for launchpad single sign on, bug/blueprint links and user
# import and sync
# TODO: launchpadlib creds for user sync script
# up for launchpad single sign on and bug/blueprint links
class openstack_project::gerrit (
$vhost_name = $::fqdn,
@ -54,6 +52,10 @@ class openstack_project::gerrit (
$replicate_github = true,
$replicate_local = true,
$local_git_dir = '/var/lib/git',
$cla_description = 'OpenStack Individual Contributor License Agreement',
$cla_file = 'static/cla.html',
$cla_id = '2',
$cla_name = 'ICLA',
$testmode = false,
$sysadmins = []
) {
@ -185,11 +187,8 @@ class openstack_project::gerrit (
ensure => absent,
}
class { 'launchpad_sync':
user => 'gerrit2',
script_user => $script_user,
script_key_file => $script_key_file,
script_logging_conf => $script_logging_conf,
cron { 'sync_launchpad_users':
ensure => absent,
}
file { '/home/gerrit2/review_site/hooks/change-merged':
@ -264,4 +263,19 @@ class openstack_project::gerrit (
],
}
}
file { '/home/gerrit2/review_site/bin/set_agreements.sh':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('openstack_project/gerrit_set_agreements.sh.erb'),
replace => true,
require => Class['::gerrit']
}
exec { 'set_contributor_agreements':
path => ['/bin', '/usr/bin'],
command => '/home/gerrit2/review_site/bin/set_agreements.sh',
require => [Class['mysql'],
File['/home/gerrit2/review_site/bin/set_agreements.sh']]
}
}

View File

@ -51,6 +51,8 @@ class openstack_project::review (
$lp_sync_consumer_key='',
$lp_sync_token='',
$lp_sync_secret='',
$contactstore_appsec='',
$contactstore_pubkey='',
$replicate_github=true,
$sysadmins = []
) {
@ -79,7 +81,12 @@ class openstack_project::review (
sshd_threads => '100',
httpd_maxwait => '5000min',
war =>
'http://tarballs.openstack.org/ci/gerrit-2.4.2-11-gb5a28fb.war',
'http://tarballs.openstack.org/ci/gerrit-2.4.2-16-g27644a5.war',
contactstore => true,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url =>
'http://www.openstack.org/verify/member/',
script_user => 'launchpadsync',
script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa',
script_logging_conf => '/home/gerrit2/.sync_logging.conf',

View File

@ -15,10 +15,6 @@ class openstack_project::review_dev (
$ssh_rsa_pubkey_contents = '',
$ssh_project_rsa_key_contents = '',
$ssh_project_rsa_pubkey_contents = '',
$cla_description = 'OpenStack Individual Contributor License Agreement',
$cla_file = 'static/cla.html',
$cla_id = '2',
$cla_name = 'ICLA',
$lp_sync_key = '', # If left empty puppet will not create file.
$lp_sync_pubkey = '', # If left empty puppet will not create file.
$lp_sync_consumer_key = '',
@ -81,15 +77,6 @@ class openstack_project::review_dev (
'puppet:///modules/openstack_project/gerrit/launchpad_sync_logging.conf',
require => User['gerrit2'],
}
file { '/home/gerrit2/review_site/bin/set_agreements.sh':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('openstack_project/gerrit_set_agreements.sh.erb'),
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/.ssh':
ensure => directory,
owner => 'gerrit2',
@ -135,13 +122,4 @@ class openstack_project::review_dev (
replace => true,
require => User['gerrit2'],
}
exec { 'set_contributor_agreements':
path => ['/bin', '/usr/bin'],
command => '/home/gerrit2/review_site/bin/set_agreements.sh',
require => [
Class['mysql'],
File['/home/gerrit2/review_site/bin/set_agreements.sh'],
],
}
}