# Copyright 2013 Hewlett-Packard Development Company, L.P. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Class to configure cgit on a CentOS node. # # == Class: openstack_project::git_backend class openstack_project::git_backend ( $vhost_name = $::fqdn, $sysadmins = [], $git_gerrit_ssh_key = '', $ssl_cert_file_contents = '', $ssl_key_file_contents = '', $ssl_chain_file_contents = '', $behind_proxy = false, $project_config_repo = '', ) { class { 'project_config': url => $project_config_repo, } class { 'openstack_project::server': iptables_public_tcp_ports => [4443, 8080, 29418], sysadmins => $sysadmins, } include jeepyb include pip class { '::cgit': vhost_name => $vhost_name, ssl_cert_file => '/etc/pki/tls/certs/git.openstack.org.pem', ssl_key_file => '/etc/pki/tls/private/git.openstack.org.key', ssl_chain_file => '/etc/pki/tls/certs/intermediate.pem', ssl_cert_file_contents => $ssl_cert_file_contents, ssl_key_file_contents => $ssl_key_file_contents, ssl_chain_file_contents => $ssl_chain_file_contents, behind_proxy => $behind_proxy, } # We don't actually use these variables in this manifest, but jeepyb # requires them to exist. $local_git_dir = '/var/lib/git' $ssh_project_key = '' file { '/etc/cgitrc': ensure => present, owner => 'root', group => 'root', mode => '0644', source => 'puppet:///modules/openstack_project/git/cgitrc' } file { '/home/cgit/.ssh/': ensure => directory, owner => 'cgit', group => 'cgit', mode => '0700', require => User['cgit'], } ssh_authorized_key { 'gerrit-replication-2014-04-25': ensure => present, user => 'cgit', type => 'ssh-rsa', key => $git_gerrit_ssh_key, require => File['/home/cgit/.ssh/'] } ssh_authorized_key { '/home/cgit/.ssh/authorized_keys': ensure => absent, user => 'cgit', } file { '/home/cgit/projects.yaml': ensure => present, owner => 'cgit', group => 'cgit', mode => '0444', source => $::project_config::jeepyb_project_file, require => $::project_config::config_dir, replace => true, } exec { 'create_cgitrepos': command => 'create-cgitrepos', path => '/bin:/usr/bin:/usr/local/bin', environment => [ 'SCRATCH_SUBPATH=zuul', 'SCRATCH_OWNER=zuul', 'SCRATCH_GROUP=zuul', ], require => [ File['/home/cgit/projects.yaml'], User['zuul'], ], subscribe => File['/home/cgit/projects.yaml'], refreshonly => true, } if ($::osfamily == 'RedHat') { class { 'selinux': mode => 'enforcing' } } cron { 'mirror_repack': user => 'cgit', hour => '4', minute => '7', command => 'find /var/lib/git/ -not -path /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;', environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin', require => User['cgit'], } file { '/var/www/cgit/static/openstack.png': ensure => present, source => 'puppet:///modules/openstack_project/openstack.png', require => File['/var/www/cgit/static'], } file { '/var/www/cgit/static/favicon.ico': ensure => present, source => 'puppet:///modules/openstack_project/status/favicon.ico', require => File['/var/www/cgit/static'], } file { '/var/www/cgit/static/openstack-page-bkg.jpg': ensure => present, source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg', require => File['/var/www/cgit/static'], } file { '/var/www/cgit/static/openstack.css': ensure => present, source => 'puppet:///modules/openstack_project/git/openstack.css', require => File['/var/www/cgit/static'], } file { '/usr/local/bin/commit-filter.sh': ensure => present, owner => 'root', group => 'root', mode => '0755', source => 'puppet:///modules/openstack_project/git/commit-filter.sh', } user { 'zuul': ensure => present, home => '/home/zuul', shell => '/bin/bash', gid => 'zuul', managehome => true, require => Group['zuul'], } group { 'zuul': ensure => present, } file {'/home/zuul': ensure => directory, owner => 'zuul', group => 'zuul', mode => '0755', require => User['zuul'], } file { '/var/lib/git/zuul': ensure => directory, owner => 'zuul', group => 'zuul', mode => '0755', require => [ User['zuul'], File['/var/lib/git'], ] } file { '/home/zuul/.ssh': ensure => directory, owner => 'zuul', group => 'zuul', mode => '0700', require => User['zuul'], } file { '/home/zuul/.ssh/authorized_keys': ensure => absent, } cron { 'mirror_repack_zuul': user => 'zuul', weekday => '0', hour => '4', minute => '7', command => 'find /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \; -exec git --git-dir="{}" pack-refs --all \;', environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin', require => User['zuul'], } }