opendev/system-config
Code Issues Proposed changes
1bc4dabc45
system-config/modules/openstack_project/manifests/review_dev.pp
Jeremy Stanley d5dad4fd09 Stop using the Gerrit Contact Store 
As part of the "Gerrit ContactStore Removal" specification, now that
owners.py is checking foundation membership when generating voter
rolls it's fine for us to stop using requireContactInformation on
the ICLA and rip out our accompanying configuration.

Note that this should not be merged until the All-Projects config on
review.openstack.org and review-dev.openstack.org has been manually
adjusted to remove the "requireContactInformation = true" line from
the [contributor-agreement "ICLA"] section therein. Further, this
must be done by pushing the necessary edit directly into
refs/meta/config as there is no WebUI control nor API method to
alter contributor-agreement options.

Change-Id: I8c39a6bf43f5b12db3e8aab18bedbf7e1a0f0b7e
Story: #2001094
Task: #4867
2017-08-04 20:24:37 +00:00

236 lines
8.7 KiB
Puppet
Raw Blame History

# == Class: openstack_project::review_dev
#
class openstack_project::review_dev (
$github_oauth_token = '',
$github_project_username = '',
$github_project_password = '',
$mysql_host = '',
$mysql_password = '',
$email_private_key = '',
$ssh_dsa_key_contents = '',
$ssh_dsa_pubkey_contents = '',
$ssh_rsa_key_contents = '',
$ssh_rsa_pubkey_contents = '',
$ssh_project_rsa_key_contents = '',
$ssh_project_rsa_pubkey_contents = '',
# SSH key for outbound ssh-based replication.
$ssh_replication_rsa_key_contents='',
$ssh_replication_rsa_pubkey_contents='',
# Launchpad creds for bug/blueprint updates
$lp_access_token = '',
$lp_access_secret = '',
$lp_consumer_key = '',
$swift_username = '',
$swift_password = '',
$storyboard_password = '',
$storyboard_ssl_cert = '',
$project_config_repo = '',
$projects_config = 'openstack_project/review-dev.projects.ini.erb',
) {
$java_home = $::lsbdistcodename ? {
'precise' => '/usr/lib/jvm/java-7-openjdk-amd64/jre',
'trusty' => '/usr/lib/jvm/java-7-openjdk-amd64/jre',
}
realize (
User::Virtual::Localuser['zaro'],
)
class { 'project_config':
url => $project_config_repo,
base => 'dev/',
}
$accountpatchreviewdb_url = "jdbc:mysql://${mysql_host}:3306/accountPatchReviewDb?characterSetResults=utf8&characterEncoding=utf8&connectionCollation=utf8_bin&useUnicode=yes&user=gerrit2&password=${mysql_password}"
class { 'openstack_project::gerrit':
vhost_name => 'review-dev.openstack.org',
canonicalweburl => 'https://review-dev.openstack.org/',
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_chain_file => '',
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
ssh_replication_rsa_key_contents => $ssh_replication_rsa_key_contents,
ssh_replication_rsa_pubkey_contents => $ssh_replication_rsa_pubkey_contents,
email => 'review-dev@openstack.org',
war =>
'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.13.9.4.2a605d5.war',
acls_dir => $::project_config::gerrit_acls_dir,
notify_impact_file => $::project_config::gerrit_notify_impact_file,
projects_file => $::project_config::jeepyb_project_file,
projects_config => $projects_config,
github_username => 'openstack-gerrit-dev',
github_oauth_token => $github_oauth_token,
github_project_username => $github_project_username,
github_project_password => $github_project_password,
mysql_host => $mysql_host,
mysql_password => $mysql_password,
accountpatchreviewdb_url => $accountpatchreviewdb_url,
email_private_key => $email_private_key,
gitweb => false,
cgit => true,
web_repo_url => 'https://git.openstack.org/cgit/',
web_repo_url_encode => false,
swift_username => $swift_username,
swift_password => $swift_password,
replication_force_update => true,
commentlinks => [
{
name => 'bugheader',
match => '([Cc]loses|[Pp]artial|[Rr]elated)-[Bb]ug:\\s*#?(\\d+)',
link => 'https://launchpad.net/bugs/$2',
},
{
name => 'bug',
match => '\\b[Bb]ug:? #?(\\d+)',
link => 'https://launchpad.net/bugs/$1',
},
{
name => 'story',
match => '\\b[Ss]tory:? #?(\\d+)',
link => 'https://storyboard-dev.openstack.org/#!/story/$1',
},
{
name => 'its-storyboard',
match => '\\b[Tt]ask:? #?(\\d+)',
link => 'task: $1',
},
{
name => 'blueprint',
match => '(\\b[Bb]lue[Pp]rint\\b|\\b[Bb][Pp]\\b)[ \\t#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2',
},
{
name => 'testresult',
match => '<li>([^ ]+) <a href=\"[^\"]+\" target=\"_blank\" rel=\"nofollow\">([^<]+)</a> : ([^ ]+)([^<]*)</li>',
html => '<li class=\"comment_test\"><span class=\"comment_test_name\"><a href=\"$2\" rel=\"nofollow\">$1</a></span> <span class=\"comment_test_result\"><span class=\"result_$3\">$3</span>$4</span></li>',
},
{
name => 'launchpadbug',
match => '<a href=\"(https://bugs\\.launchpad\\.net/[a-zA-Z0-9\\-]+/\\+bug/(\\d+))[^\"]*\">[^<]+</a>',
html => '<a href=\"$1\">$1</a>'
},
{
name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '/#/q/$1',
},
{
name => 'gitsha',
match => '(<p>|[\\s(])([0-9a-f]{40})(</p>|[\\s.,;:)])',
html => '$1<a href=\"/#/q/$2\">$2</a>$3',
},
],
its_plugins => [
{
name => 'its-storyboard',
password => $storyboard_password,
url => 'https://storyboard-dev.openstack.org',
},
],
its_rules => [
{
name => 'LOG',
action => 'log-event error',
},
{
name => 'change_abandoned',
event_type => 'change-abandoned',
action => 'set-status TODO',
},
{
name => 'change_in_progress',
event_type => 'patchset-created,change-restored',
action => 'set-status REVIEW',
},
{
name => 'change_merged',
event_type => 'change-merged',
action => 'set-status MERGED',
},
],
replication => [
{
name => 'github',
url => 'git@github.com:',
authGroup => 'Anonymous Users',
replicationDelay => '1',
replicatePermissions => false,
mirror => true,
},
{
name => 'local',
url => 'file:///opt/lib/git/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
{
name => 'afs',
url => 'file:///afs/openstack.org/mirror/git-sandbox/',
replicationDelay => '1',
threads => '4',
mirror => true,
},
],
require => $::project_config::config_dir,
}
gerrit::plugin { 'javamelody': version => 'v2.13.3.e4233d6' }
gerrit::plugin { 'its-storyboard': version => '805f9ac' }
# create a file containing the ssl certificate
file { '/home/gerrit2/storyboard-dev.crt':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $storyboard_ssl_cert,
replace => true,
require => User['gerrit2'],
}
# Import certificate to java to allow gerrit its plugins to POST to storyboard
exec { 'import-java-certs':
user => 'root',
command => "keytool -import -alias storyboard-dev.openstack.org -keystore $java_home/lib/security/cacerts -file /home/gerrit2/storyboard-dev.crt -storepass changeit -noprompt",
unless => "keytool -list -alias storyboard-dev.openstack.org -storepass changeit -keystore $java_home/lib/security/cacerts >/dev/null 2>&1",
path => '/bin:/usr/bin',
require => [
Package['openjdk-7-jre-headless'],
File['/home/gerrit2/storyboard-dev.crt'],
],
}
package { 'python-launchpadlib':
ensure => present,
}
file { '/home/gerrit2/.launchpadlib':
ensure => directory,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0775',
require => User['gerrit2'],
}
file { '/home/gerrit2/.launchpadlib/creds':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => template('openstack_project/infra_lp_creds.erb'),
replace => true,
require => User['gerrit2'],
}
include bup
bup::site { 'rs-ord':
backup_user => 'bup-review-dev',
backup_server => 'ci-backup-rs-ord.openstack.org',
}
}
View Git Blame Copy Permalink