system-config/modules/openstack_project/manifests/gerrit.pp
Monty Taylor d76f051d22 Attempt to more fully manage project creation.
Manage project creation via yaml files. Also,
Modify the manage_projects scripts to configure Gerrit project ACLs.
This change expects the project yaml to exist. The change will clone the
project for the localhost Gerrit install. It will then checkout the
meta/config ref, copy the ACL config file into the repo, commit, and
push to the origin. The ACL config location should be specified in the
projects.yaml file with the acl_config key.

For this to work the ACLs will need to be copied by Puppet from Puppet
to the Gerrit host. Add the file resource to do this as well.

Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4
Reviewed-on: https://review.openstack.org/15352
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
2012-11-14 01:18:23 +00:00

265 lines
9.2 KiB
Puppet

# A wrapper class around the main gerrit class that sets gerrit
# up for launchpad single sign on, bug/blueprint links and user
# import and sync
# TODO: launchpadlib creds for user sync script
class openstack_project::gerrit (
$vhost_name=$fqdn,
$canonicalweburl="https://$fqdn/",
$serveradmin='webmaster@openstack.org',
$ssh_host_key='/home/gerrit2/review_site/etc/ssh_host_rsa_key',
$ssh_project_key='/home/gerrit2/review_site/etc/ssh_project_rsa_key',
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file='',
$ssl_cert_file_contents='',
$ssl_key_file_contents='',
$ssl_chain_file_contents='',
$ssh_dsa_key_contents='', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents='', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents='', # If left empty puppet will not create file.
$ssh_project_rsa_pubkey_contents='', # If left empty puppet will not create file.
$email='',
$database_poollimit='',
$container_heaplimit='',
$core_packedgitopenfiles='',
$core_packedgitlimit='',
$core_packedgitwindowsize='',
$sshd_threads='',
$httpd_acceptorthreads='',
$httpd_minthreads='',
$httpd_maxthreads='',
$httpd_maxwait='',
$war,
$contactstore=false,
$contactstore_appsec='',
$contactstore_pubkey='',
$contactstore_url='',
$script_user='update',
$script_key_file='/home/gerrit2/.ssh/id_rsa',
$script_logging_conf='/home/gerrit2/.sync_logging.conf',
$projects_file='UNDEF',
$github_username,
$github_oauth_token,
$github_project_username,
$github_project_password,
$mysql_password,
$mysql_root_password,
$trivial_rebase_role_id,
$email_private_key,
$replicate_github=true,
$replicate_local=true,
$local_git_dir='/var/lib/git',
$testmode=false,
$sysadmins=[]
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 29418],
sysadmins => $sysadmins
}
class { '::gerrit':
vhost_name => $vhost_name,
canonicalweburl => $canonicalweburl,
# opinions
enable_melody => 'true',
melody_session => 'true',
# passthrough
ssl_cert_file => $ssl_cert_file,
ssl_key_file => $ssl_key_file,
ssl_chain_file => $ssl_chain_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssh_dsa_key_contents => $ssh_dsa_key_contents,
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
ssh_rsa_key_contents => $ssh_rsa_key_contents,
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
email => $email,
openidssourl => "https://login.launchpad.net/+openid",
database_poollimit => $database_poollimit,
container_heaplimit => $container_heaplimit,
core_packedgitopenfiles => $core_packedgitopenfiles,
core_packedgitlimit => $core_packedgitlimit,
core_packedgitwindowsize => $core_packedgitwindowsize,
sshd_threads => $sshd_threads,
httpd_acceptorthreads => $httpd_acceptorthreads,
httpd_minthreads => $httpd_minthreads,
httpd_maxthreads => $httpd_maxthreads,
httpd_maxwait => $httpd_maxwait,
commentlinks => [{ name => 'changeid',
match => '(I[0-9a-f]{8,40})',
link => '#q,$1,n,z'
},
{ name => 'launchpad',
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
link => 'https://code.launchpad.net/bugs/$2'
},
{ name => 'blueprint',
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2'
},
],
war => $war,
contactstore => $contactstore,
contactstore_appsec => $contactstore_appsec,
contactstore_pubkey => $contactstore_pubkey,
contactstore_url => $contactstore_url,
mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
email_private_key => $email_private_key,
replicate_github => $replicate_github,
testmode => $testmode,
require => Class[openstack_project::server],
}
if ($testmode == false) {
class { 'gerrit::cron':
script_user => $script_user,
script_key_file => $script_key_file,
}
class { 'github':
username => $github_username,
project_username => $github_project_username,
project_password => $github_project_password,
oauth_token => $github_oauth_token,
require => Class['::gerrit']
}
}
file { '/home/gerrit2/review_site/static/echosign-cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html',
replace => 'true',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/cla.html':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
replace => 'true',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/title.png':
ensure => 'present',
source => "puppet:///modules/openstack_project/openstack.png",
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/static/openstack-page-bkg.jpg':
ensure => 'present',
source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/etc/GerritSite.css':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
require => Class['::gerrit'],
}
file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html':
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
require => Class['::gerrit'],
}
cron { "gerritsyncusers":
ensure => absent,
}
class { "launchpad_sync":
user => "gerrit2",
script_user => $script_user,
script_key_file => $script_key_file,
script_logging_conf => $script_logging_conf,
site => "openstack",
root_team => "openstack",
}
file { '/home/gerrit2/review_site/hooks/change-merged':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
replace => 'true',
require => Class['::gerrit']
}
file { '/home/gerrit2/review_site/hooks/patchset-created':
owner => 'root',
group => 'root',
mode => 555,
ensure => 'present',
content => template('openstack_project/gerrit_patchset-created.erb'),
replace => 'true',
require => Class['::gerrit']
}
file { '/usr/local/gerrit/scripts/trivial_rebase.py':
owner => 'root',
group => 'root',
mode => 444,
ensure => 'present',
source =>
'puppet:///modules/openstack_project/gerrit/scripts/trivial_rebase.py',
replace => 'true',
require => Class['::gerrit']
}
if ($projects_file != 'UNDEF') {
if ($replicate_local) {
file { $local_git_dir:
ensure => directory,
owner => 'gerrit2',
require => Class['::gerrit'],
}
}
file { '/home/gerrit2/projects.yaml':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0444',
content => template($projects_file),
replace => true,
require => Class['::gerrit'],
}
file { '/home/gerrit2/acls':
ensure => directory,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0444',
recurse => true,
replace => true,
source => 'puppet:///modules/openstack_project/gerrit/acls',
require => Class['::gerrit']
}
exec { 'manage_projects':
command => '/usr/local/gerrit/scripts/manage_projects.py',
subscribe => [
File['/home/gerrit2/projects.yaml'],
File['/home/gerrit2/acls'],
],
refreshonly => true,
require => [
File['/home/gerrit2/projects.yaml'],
File['/home/gerrit2/acls'],
],
}
}
}