109a5731c7
The referenced key has been added to hiera. Change-Id: Id94db69498c462cb97c3721e96a645e5192a0b97 Depends-On: https://review.openstack.org/555968 Story: 2001382 Task: 6092
247 lines
7.4 KiB
Puppet
247 lines
7.4 KiB
Puppet
# Copyright 2013 Hewlett-Packard Development Company, L.P.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
#
|
|
# Class to configure cgit on a CentOS node.
|
|
#
|
|
# == Class: openstack_project::git_backend
|
|
class openstack_project::git_backend (
|
|
$vhost_name = $::fqdn,
|
|
$git_gerrit_ssh_key = '',
|
|
$ssl_cert_file_contents = '',
|
|
$ssl_key_file_contents = '',
|
|
$ssl_chain_file_contents = '',
|
|
$git_zuul_ci_org_ssl_cert_file_contents = '',
|
|
$git_zuul_ci_org_ssl_key_file_contents = '',
|
|
$git_zuul_ci_org_ssl_chain_file_contents = '',
|
|
$behind_proxy = false,
|
|
$project_config_repo = '',
|
|
$selinux_mode = 'enforcing',
|
|
) {
|
|
|
|
package { 'lsof':
|
|
ensure => present,
|
|
}
|
|
|
|
class { 'project_config':
|
|
url => $project_config_repo,
|
|
}
|
|
|
|
include jeepyb
|
|
include pip
|
|
|
|
if ($::osfamily == 'RedHat') {
|
|
class { 'selinux':
|
|
mode => $selinux_mode
|
|
}
|
|
}
|
|
|
|
class { '::cgit':
|
|
vhost_name => $vhost_name,
|
|
ssl_cert_file => "/etc/pki/tls/certs/${vhost_name}.pem",
|
|
ssl_key_file => "/etc/pki/tls/private/${vhost_name}.key",
|
|
ssl_chain_file => '/etc/pki/tls/certs/intermediate.pem',
|
|
ssl_cert_file_contents => $ssl_cert_file_contents,
|
|
ssl_key_file_contents => $ssl_key_file_contents,
|
|
ssl_chain_file_contents => $ssl_chain_file_contents,
|
|
behind_proxy => $behind_proxy,
|
|
cgitrc_settings => {
|
|
'clone-prefix' => 'git://git.openstack.org https://git.openstack.org',
|
|
'commit-filter' => '/usr/local/bin/commit-filter.sh',
|
|
'css' => '/static/openstack.css',
|
|
'favicon' => '/static/favicon.ico',
|
|
'logo' => '/static/openstack.svg',
|
|
'root-title' => 'OpenStack git repository browser',
|
|
'max-repo-count' => 2500,
|
|
'robots' => 'index',
|
|
},
|
|
manage_cgitrc => true,
|
|
selinux_mode => $selinux_mode
|
|
}
|
|
|
|
::cgit::site { 'git.zuul-ci.org':
|
|
cgit_vhost_name => 'git.zuul-ci.org',
|
|
ssl_cert_file => "/etc/pki/tls/certs/git.zuul-ci.org.pem",
|
|
ssl_key_file => "/etc/pki/tls/private/git.zuul-ci.org.key",
|
|
ssl_chain_file => '/etc/pki/tls/certs/git.zuul-ci.org.intermediate.pem',
|
|
ssl_cert_file_contents => $git_zuul_ci_org_ssl_cert_file_contents,
|
|
ssl_key_file_contents => $git_zuul_ci_org_ssl_key_file_contents,
|
|
ssl_chain_file_contents => $git_zuul_ci_org_ssl_chain_file_contents,
|
|
behind_proxy => $behind_proxy,
|
|
cgitrc_settings => {
|
|
'clone-prefix' => 'https://git.zuul-ci.org',
|
|
'commit-filter' => '/usr/local/bin/commit-filter.sh',
|
|
'css' => '/cgit-data/cgit.css',
|
|
'favicon' => '/cgit-data/favicon.ico',
|
|
'logo' => '/cgit-data/cgit.png',
|
|
'root-title' => 'Zuul git repository browser',
|
|
'max-repo-count' => 2500,
|
|
'robots' => 'index',
|
|
'include' => '/etc/cgitrepos_git.zuul-ci.org',
|
|
},
|
|
manage_cgitrc => true,
|
|
cgitrc_path => '/etc/cgitrc_git.zuul-ci.org',
|
|
local_git_dir => '/var/lib/git-alias/git.zuul-ci.org',
|
|
cgitdir => '/var/www/cgit_git.zuul-ci.org',
|
|
staticfiles => '/var/www/cgit_git.zuul-ci.org/static',
|
|
selinux_mode => $selinux_mode
|
|
}
|
|
|
|
# We don't actually use these variables in this manifest, but jeepyb
|
|
# requires them to exist.
|
|
$local_git_dir = '/var/lib/git'
|
|
$ssh_project_key = ''
|
|
|
|
file { '/home/cgit/.ssh/':
|
|
ensure => directory,
|
|
owner => 'cgit',
|
|
group => 'cgit',
|
|
mode => '0700',
|
|
require => User['cgit'],
|
|
}
|
|
|
|
ssh_authorized_key { 'gerrit-replication-2014-04-25':
|
|
ensure => present,
|
|
user => 'cgit',
|
|
type => 'ssh-rsa',
|
|
key => $git_gerrit_ssh_key,
|
|
require => File['/home/cgit/.ssh/']
|
|
}
|
|
ssh_authorized_key { '/home/cgit/.ssh/authorized_keys':
|
|
ensure => absent,
|
|
user => 'cgit',
|
|
}
|
|
|
|
file { '/home/cgit/projects.yaml':
|
|
ensure => present,
|
|
owner => 'cgit',
|
|
group => 'cgit',
|
|
mode => '0444',
|
|
source => $::project_config::jeepyb_project_file,
|
|
require => $::project_config::config_dir,
|
|
replace => true,
|
|
}
|
|
|
|
exec { 'create_cgitrepos':
|
|
command => 'create-cgitrepos',
|
|
path => '/bin:/usr/bin:/usr/local/bin',
|
|
environment => [
|
|
'SCRATCH_SUBPATH=zuul',
|
|
'SCRATCH_OWNER=zuul',
|
|
'SCRATCH_GROUP=zuul',
|
|
],
|
|
require => [
|
|
File['/home/cgit/projects.yaml'],
|
|
User['zuul'],
|
|
Class['jeepyb'],
|
|
],
|
|
subscribe => File['/home/cgit/projects.yaml'],
|
|
refreshonly => true,
|
|
}
|
|
|
|
cron { 'mirror_repack':
|
|
ensure => absent,
|
|
user => 'cgit',
|
|
}
|
|
|
|
cron { 'mirror_gitgc':
|
|
user => 'cgit',
|
|
hour => '4',
|
|
minute => '7',
|
|
command => 'find /var/lib/git/ -not -path /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" gc \;',
|
|
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => User['cgit'],
|
|
}
|
|
|
|
file { '/var/www/cgit/static/openstack.svg':
|
|
ensure => present,
|
|
source => 'puppet:///modules/openstack_project/openstack.svg',
|
|
require => File['/var/www/cgit/static'],
|
|
}
|
|
|
|
file { '/var/www/cgit/static/favicon.ico':
|
|
ensure => present,
|
|
source => 'puppet:///modules/openstack_project/status/favicon.ico',
|
|
require => File['/var/www/cgit/static'],
|
|
}
|
|
|
|
file { '/var/www/cgit/static/openstack.css':
|
|
ensure => present,
|
|
source => 'puppet:///modules/openstack_project/git/openstack.css',
|
|
require => File['/var/www/cgit/static'],
|
|
}
|
|
|
|
file { '/usr/local/bin/commit-filter.sh':
|
|
ensure => present,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
source => 'puppet:///modules/openstack_project/git/commit-filter.sh',
|
|
}
|
|
|
|
user { 'zuul':
|
|
ensure => present,
|
|
home => '/home/zuul',
|
|
shell => '/bin/bash',
|
|
gid => 'zuul',
|
|
managehome => true,
|
|
require => Group['zuul'],
|
|
}
|
|
|
|
group { 'zuul':
|
|
ensure => present,
|
|
}
|
|
|
|
file {'/home/zuul':
|
|
ensure => directory,
|
|
owner => 'zuul',
|
|
group => 'zuul',
|
|
mode => '0755',
|
|
require => User['zuul'],
|
|
}
|
|
|
|
file { '/var/lib/git/zuul':
|
|
ensure => directory,
|
|
owner => 'zuul',
|
|
group => 'zuul',
|
|
mode => '0755',
|
|
require => [
|
|
User['zuul'],
|
|
File['/var/lib/git'],
|
|
]
|
|
}
|
|
|
|
file { '/home/zuul/.ssh':
|
|
ensure => directory,
|
|
owner => 'zuul',
|
|
group => 'zuul',
|
|
mode => '0700',
|
|
require => User['zuul'],
|
|
}
|
|
|
|
file { '/home/zuul/.ssh/authorized_keys':
|
|
ensure => absent,
|
|
}
|
|
|
|
cron { 'mirror_gitgc_zuul':
|
|
user => 'zuul',
|
|
weekday => '0',
|
|
hour => '4',
|
|
minute => '7',
|
|
command => 'find /var/lib/git/zuul -type d -name "*.git" -print -exec git --git-dir="{}" git gc \;',
|
|
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
|
|
require => User['zuul'],
|
|
}
|
|
|
|
}
|