d76f051d22
Manage project creation via yaml files. Also, Modify the manage_projects scripts to configure Gerrit project ACLs. This change expects the project yaml to exist. The change will clone the project for the localhost Gerrit install. It will then checkout the meta/config ref, copy the ACL config file into the repo, commit, and push to the origin. The ACL config location should be specified in the projects.yaml file with the acl_config key. For this to work the ACLs will need to be copied by Puppet from Puppet to the Gerrit host. Add the file resource to do this as well. Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4 Reviewed-on: https://review.openstack.org/15352 Reviewed-by: Jeremy Stanley <fungi@yuggoth.org> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
265 lines
9.2 KiB
Puppet
265 lines
9.2 KiB
Puppet
# A wrapper class around the main gerrit class that sets gerrit
|
|
# up for launchpad single sign on, bug/blueprint links and user
|
|
# import and sync
|
|
# TODO: launchpadlib creds for user sync script
|
|
|
|
class openstack_project::gerrit (
|
|
$vhost_name=$fqdn,
|
|
$canonicalweburl="https://$fqdn/",
|
|
$serveradmin='webmaster@openstack.org',
|
|
$ssh_host_key='/home/gerrit2/review_site/etc/ssh_host_rsa_key',
|
|
$ssh_project_key='/home/gerrit2/review_site/etc/ssh_project_rsa_key',
|
|
$ssl_cert_file='',
|
|
$ssl_key_file='',
|
|
$ssl_chain_file='',
|
|
$ssl_cert_file_contents='',
|
|
$ssl_key_file_contents='',
|
|
$ssl_chain_file_contents='',
|
|
$ssh_dsa_key_contents='', # If left empty puppet will not create file.
|
|
$ssh_dsa_pubkey_contents='', # If left empty puppet will not create file.
|
|
$ssh_rsa_key_contents='', # If left empty puppet will not create file.
|
|
$ssh_rsa_pubkey_contents='', # If left empty puppet will not create file.
|
|
$ssh_project_rsa_key_contents='', # If left empty puppet will not create file.
|
|
$ssh_project_rsa_pubkey_contents='', # If left empty puppet will not create file.
|
|
$email='',
|
|
$database_poollimit='',
|
|
$container_heaplimit='',
|
|
$core_packedgitopenfiles='',
|
|
$core_packedgitlimit='',
|
|
$core_packedgitwindowsize='',
|
|
$sshd_threads='',
|
|
$httpd_acceptorthreads='',
|
|
$httpd_minthreads='',
|
|
$httpd_maxthreads='',
|
|
$httpd_maxwait='',
|
|
$war,
|
|
$contactstore=false,
|
|
$contactstore_appsec='',
|
|
$contactstore_pubkey='',
|
|
$contactstore_url='',
|
|
$script_user='update',
|
|
$script_key_file='/home/gerrit2/.ssh/id_rsa',
|
|
$script_logging_conf='/home/gerrit2/.sync_logging.conf',
|
|
$projects_file='UNDEF',
|
|
$github_username,
|
|
$github_oauth_token,
|
|
$github_project_username,
|
|
$github_project_password,
|
|
$mysql_password,
|
|
$mysql_root_password,
|
|
$trivial_rebase_role_id,
|
|
$email_private_key,
|
|
$replicate_github=true,
|
|
$replicate_local=true,
|
|
$local_git_dir='/var/lib/git',
|
|
$testmode=false,
|
|
$sysadmins=[]
|
|
) {
|
|
class { 'openstack_project::server':
|
|
iptables_public_tcp_ports => [80, 443, 29418],
|
|
sysadmins => $sysadmins
|
|
}
|
|
|
|
class { '::gerrit':
|
|
vhost_name => $vhost_name,
|
|
canonicalweburl => $canonicalweburl,
|
|
# opinions
|
|
enable_melody => 'true',
|
|
melody_session => 'true',
|
|
# passthrough
|
|
ssl_cert_file => $ssl_cert_file,
|
|
ssl_key_file => $ssl_key_file,
|
|
ssl_chain_file => $ssl_chain_file,
|
|
ssl_cert_file_contents => $ssl_cert_file_contents,
|
|
ssl_key_file_contents => $ssl_key_file_contents,
|
|
ssl_chain_file_contents => $ssl_chain_file_contents,
|
|
ssh_dsa_key_contents => $ssh_dsa_key_contents,
|
|
ssh_dsa_pubkey_contents => $ssh_dsa_pubkey_contents,
|
|
ssh_rsa_key_contents => $ssh_rsa_key_contents,
|
|
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
|
|
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
|
|
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
|
|
email => $email,
|
|
openidssourl => "https://login.launchpad.net/+openid",
|
|
database_poollimit => $database_poollimit,
|
|
container_heaplimit => $container_heaplimit,
|
|
core_packedgitopenfiles => $core_packedgitopenfiles,
|
|
core_packedgitlimit => $core_packedgitlimit,
|
|
core_packedgitwindowsize => $core_packedgitwindowsize,
|
|
sshd_threads => $sshd_threads,
|
|
httpd_acceptorthreads => $httpd_acceptorthreads,
|
|
httpd_minthreads => $httpd_minthreads,
|
|
httpd_maxthreads => $httpd_maxthreads,
|
|
httpd_maxwait => $httpd_maxwait,
|
|
commentlinks => [{ name => 'changeid',
|
|
match => '(I[0-9a-f]{8,40})',
|
|
link => '#q,$1,n,z'
|
|
},
|
|
{ name => 'launchpad',
|
|
match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)',
|
|
link => 'https://code.launchpad.net/bugs/$2'
|
|
},
|
|
{ name => 'blueprint',
|
|
match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)',
|
|
link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2'
|
|
},
|
|
],
|
|
war => $war,
|
|
contactstore => $contactstore,
|
|
contactstore_appsec => $contactstore_appsec,
|
|
contactstore_pubkey => $contactstore_pubkey,
|
|
contactstore_url => $contactstore_url,
|
|
mysql_password => $mysql_password,
|
|
mysql_root_password => $mysql_root_password,
|
|
email_private_key => $email_private_key,
|
|
replicate_github => $replicate_github,
|
|
testmode => $testmode,
|
|
require => Class[openstack_project::server],
|
|
}
|
|
if ($testmode == false) {
|
|
class { 'gerrit::cron':
|
|
script_user => $script_user,
|
|
script_key_file => $script_key_file,
|
|
}
|
|
class { 'github':
|
|
username => $github_username,
|
|
project_username => $github_project_username,
|
|
project_password => $github_project_password,
|
|
oauth_token => $github_oauth_token,
|
|
require => Class['::gerrit']
|
|
}
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/static/echosign-cla.html':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => 444,
|
|
ensure => 'present',
|
|
source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html',
|
|
replace => 'true',
|
|
require => Class['::gerrit'],
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/static/cla.html':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => 444,
|
|
ensure => 'present',
|
|
source => 'puppet:///modules/openstack_project/gerrit/cla.html',
|
|
replace => 'true',
|
|
require => Class['::gerrit'],
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/static/title.png':
|
|
ensure => 'present',
|
|
source => "puppet:///modules/openstack_project/openstack.png",
|
|
require => Class['::gerrit'],
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/static/openstack-page-bkg.jpg':
|
|
ensure => 'present',
|
|
source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg',
|
|
require => Class['::gerrit'],
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/etc/GerritSite.css':
|
|
ensure => 'present',
|
|
source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css',
|
|
require => Class['::gerrit'],
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html':
|
|
ensure => 'present',
|
|
source => 'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html',
|
|
require => Class['::gerrit'],
|
|
}
|
|
|
|
cron { "gerritsyncusers":
|
|
ensure => absent,
|
|
}
|
|
|
|
class { "launchpad_sync":
|
|
user => "gerrit2",
|
|
script_user => $script_user,
|
|
script_key_file => $script_key_file,
|
|
script_logging_conf => $script_logging_conf,
|
|
site => "openstack",
|
|
root_team => "openstack",
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/hooks/change-merged':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => 555,
|
|
ensure => 'present',
|
|
source => 'puppet:///modules/openstack_project/gerrit/change-merged',
|
|
replace => 'true',
|
|
require => Class['::gerrit']
|
|
}
|
|
|
|
file { '/home/gerrit2/review_site/hooks/patchset-created':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => 555,
|
|
ensure => 'present',
|
|
content => template('openstack_project/gerrit_patchset-created.erb'),
|
|
replace => 'true',
|
|
require => Class['::gerrit']
|
|
}
|
|
|
|
file { '/usr/local/gerrit/scripts/trivial_rebase.py':
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => 444,
|
|
ensure => 'present',
|
|
source =>
|
|
'puppet:///modules/openstack_project/gerrit/scripts/trivial_rebase.py',
|
|
replace => 'true',
|
|
require => Class['::gerrit']
|
|
}
|
|
|
|
if ($projects_file != 'UNDEF') {
|
|
if ($replicate_local) {
|
|
file { $local_git_dir:
|
|
ensure => directory,
|
|
owner => 'gerrit2',
|
|
require => Class['::gerrit'],
|
|
}
|
|
}
|
|
|
|
file { '/home/gerrit2/projects.yaml':
|
|
ensure => present,
|
|
owner => 'gerrit2',
|
|
group => 'gerrit2',
|
|
mode => '0444',
|
|
content => template($projects_file),
|
|
replace => true,
|
|
require => Class['::gerrit'],
|
|
}
|
|
|
|
file { '/home/gerrit2/acls':
|
|
ensure => directory,
|
|
owner => 'gerrit2',
|
|
group => 'gerrit2',
|
|
mode => '0444',
|
|
recurse => true,
|
|
replace => true,
|
|
source => 'puppet:///modules/openstack_project/gerrit/acls',
|
|
require => Class['::gerrit']
|
|
}
|
|
|
|
exec { 'manage_projects':
|
|
command => '/usr/local/gerrit/scripts/manage_projects.py',
|
|
subscribe => [
|
|
File['/home/gerrit2/projects.yaml'],
|
|
File['/home/gerrit2/acls'],
|
|
],
|
|
refreshonly => true,
|
|
require => [
|
|
File['/home/gerrit2/projects.yaml'],
|
|
File['/home/gerrit2/acls'],
|
|
],
|
|
}
|
|
}
|
|
}
|