system-config/modules/openstack_project/manifests/gerrit.pp
Clark Boylan a14e20e900 Have hiera and puppet manage gerrit ssh:29418 keys
Have hiera and puppet manage gerrits ssh:29418 keys (RSA and DSA). These
keys go in /home/gerrit2/review_site/etc.

Change-Id: If8cb3ec5a2e2c582b7fa6d87c520fc0cb7c2f205
Reviewed-on: https://review.openstack.org/14365
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-11 23:21:01 +00:00

211 lines
7.1 KiB
Puppet

# A wrapper class around the main gerrit class that sets gerrit
# up for launchpad single sign on, bug/blueprint links and user
# import and sync
# TODO: launchpadlib creds for user sync script
class openstack_project::gerrit (
$vhost_name=$fqdn,
$canonicalweburl="https://$fqdn/",
$serveradmin='webmaster@openstack.org',
$ssh_host_key='/home/gerrit2/review_site/etc/ssh_host_rsa_key',
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file='',
$ssl_cert_file_contents='',
$ssl_key_file_contents='',
$ssl_chain_file_contents='',
$ssh_dsa_key_contents='', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents='', # If left empty puppet will not create file.
$email='',
$database_poollimit='',
$container_heaplimit='',
$core_packedgitopenfiles='',
$core_packedgitlimit='',
$core_packedgitwindowsize='',
$sshd_threads='',
$httpd_acceptorthreads='',
$httpd_minthreads='',
$httpd_maxthreads='',
$httpd_maxwait='',
$war,
$contactstore=false,
$contactstore_appsec='',
$contactstore_pubkey='',
$contactstore_url='',
$script_user='update',
$script_key_file='/home/gerrit2/.ssh/id_rsa',
$script_logging_conf='/home/gerrit2/.sync_logging.conf',
$projects_file='UNDEF',
$github_username,
$github_oauth_token,
$mysql_password,
$mysql_root_password,
$trivial_rebase_role_id,
$email_private_key,
$replicate_github=true,
$testmode=false,
$sysadmins=[]
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 29418],
sysadmins => $sysadmins
}
class { '::gerrit':
vhost_name => $vhost_name,
canonicalweburl => $canonicalweburl,
# opinions
enable_melody => 'true',
melody_session => 'true',
# passthrough
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
email => $email,
openidssourl => "https://login.launchpad.net/+openid",
database_poollimit => $database_poollimit,
container_heaplimit => $container_heaplimit,
core_packedgitopenfiles => $core_packedgitopenfiles,
core_packedgitlimit => $core_packedgitlimit,
core_packedgitwindowsize => $core_packedgitwindowsize,
sshd_threads => $sshd_threads,
httpd_acceptorthreads => $httpd_acceptorthreads,
httpd_minthreads => $httpd_minthreads,
httpd_maxthreads => $httpd_maxthreads,
httpd_maxwait => $httpd_maxwait,
commentlinks => [{ name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z'
},
{ name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => 'https://code.launchpad.net/bugs/$2'
},
{ name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2'
},
],
war => $war,
contactstore => $contactstore,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url => $contactstore_url,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
email_private_key => $email_private_key,
projects_file => $projects_file,
replicate_github => $replicate_github,
testmode => $testmode,
require => Class[openstack_project::server],
}
if ($testmode == false) {
class { 'gerrit::cron':
script_user => $script_user,
script_key_file => $script_key_file,
}
class { 'github':
username => $github_username,
oauth_token => $github_oauth_token,
require => Class['::gerrit']
}
}
file { '/home/gerrit2/review_site/static/echosign-cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html',
replace => 'true',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
replace => 'true',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/title.png':
ensure => 'present',
source => "puppet:///modules/openstack_project/openstack.png",
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/openstack-page-bkg.jpg':
ensure => 'present',
source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/etc/GerritSite.css':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
require => Class['::gerrit'],
}
cron { "gerritsyncusers":
ensure => absent,
}
class { "launchpad_sync":
user => "gerrit2",
script_user => $script_user,
script_key_file => $script_key_file,
script_logging_conf => $script_logging_conf,
site => "openstack",
root_team => "openstack",
}
file { '/home/gerrit2/review_site/hooks/change-merged':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
replace => 'true',
require => Class['::gerrit']
}
file { '/home/gerrit2/review_site/hooks/patchset-created':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
content => template('openstack_project/gerrit_patchset-created.erb'),
replace => 'true',
require => Class['::gerrit']
}
file { '/usr/local/gerrit/scripts/trivial_rebase.py':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source =>
'puppet:///modules/openstack_project/gerrit/scripts/trivial_rebase.py',
replace => 'true',
require => Class['::gerrit']
}
}