From c510a30e1ecb4b7f807b9a440abd3640892a45f6 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Fri, 27 Jul 2012 17:14:31 +0000 Subject: [PATCH] Modified gerrit to use MySQL and Apache modules. Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4 --- manifests/site.pp | 2 + modules/gerrit/files/my.cnf | 132 ------------------ modules/gerrit/manifests/init.pp | 128 +++++------------ modules/gerrit/templates/gerrit.config.erb | 2 +- modules/gerrit/templates/gerrit.vhost.erb | 16 +-- modules/openstack_project/manifests/gerrit.pp | 2 + modules/openstack_project/manifests/review.pp | 2 + .../openstack_project/manifests/review_dev.pp | 2 + 8 files changed, 53 insertions(+), 233 deletions(-) delete mode 100644 modules/gerrit/files/my.cnf diff --git a/manifests/site.pp b/manifests/site.pp index 89b82e198e..4f9d9b7d8a 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -14,6 +14,7 @@ node "review.openstack.org" { class { 'openstack_project::review': github_oauth_token => hiera('gerrit_github_token'), mysql_password => hiera('gerrit_mysql_password'), + mysql_root_password => hiera('gerrit_mysql_root_password'), email_private_key => hiera('gerrit_email_private_key'), gerritbot_password => hiera('gerrit_gerritbot_password'), } @@ -24,6 +25,7 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" { class { 'openstack_project::review_dev': github_oauth_token => hiera('gerrit_dev_github_token'), mysql_password => hiera('gerrit_dev_mysql_password'), + mysql_root_password => hiera('gerrit_dev_mysql_root_password'), email_private_key => hiera('gerrit_dev_email_private_key') } } diff --git a/modules/gerrit/files/my.cnf b/modules/gerrit/files/my.cnf deleted file mode 100644 index bd6fde04ce..0000000000 --- a/modules/gerrit/files/my.cnf +++ /dev/null @@ -1,132 +0,0 @@ -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -[client] -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -# This was formally known as [safe_mysqld]. Both versions are currently parsed. -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - -[mysqld] -# -# * Basic Settings -# -default-storage-engine=INNODB - -# -# * IMPORTANT -# If you make changes to these settings and your system uses apparmor, you may -# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld. -# - -user = mysql -socket = /var/run/mysqld/mysqld.sock -port = 3306 -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -skip-external-locking -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -bind-address = 127.0.0.1 -# -# * Fine Tuning -# -key_buffer = 16M -max_allowed_packet = 16M -thread_stack = 192K -thread_cache_size = 8 -# This replaces the startup script and checks MyISAM tables if needed -# the first time they are touched -myisam-recover = BACKUP -#max_connections = 100 -#table_cache = 64 -#thread_concurrency = 10 -# -# * Query Cache Configuration -# -query_cache_limit = 1M -query_cache_size = 16M -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! -#general_log_file = /var/log/mysql/mysql.log -#general_log = 1 - -log_error = /var/log/mysql/error.log - -# Here you can see queries with especially long duration -#log_slow_queries = /var/log/mysql/mysql-slow.log -#long_query_time = 2 -#log-queries-not-using-indexes -# -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. -server-id = 1 -log_bin = /var/log/mysql/mysql-bin.log -expire_logs_days = 10 -max_binlog_size = 100M -binlog_format = ROW -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! -# -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem - - - -[mysqldump] -quick -quote-names -max_allowed_packet = 16M - -[mysql] -#no-auto-rehash # faster start of mysql but no tab completition - -[isamchk] -key_buffer = 16M - -# -# * IMPORTANT: Additional settings that can override those from this file! -# The files must end with '.cnf', otherwise they'll be ignored. -# -!includedir /etc/mysql/conf.d/ diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp index 42bd9c0329..a20993d2d4 100644 --- a/modules/gerrit/manifests/init.pp +++ b/modules/gerrit/manifests/init.pp @@ -73,10 +73,19 @@ class gerrit($virtual_hostname=$fqdn, $enable_melody = 'false', $melody_session = 'false', $mysql_password, + $mysql_root_password, $email_private_key, $testmode=false ) { + include apache + require apache::dev + + $java_home = $lsbdistcodename ? { + "precise" => "/usr/lib/jvm/java-6-openjdk-amd64/jre", + default => "/usr/lib/jvm/java-6-openjdk/jre", + } + user { "gerrit2": ensure => present, comment => "Gerrit", @@ -92,9 +101,7 @@ class gerrit($virtual_hostname=$fqdn, } $packages = ["gitweb", - "openjdk-6-jre-headless", - "mysql-server", - "apache2"] + "openjdk-6-jre-headless"] package { $packages: ensure => present, @@ -182,102 +189,40 @@ class gerrit($virtual_hostname=$fqdn, } # Set up MySQL. -# We should probably have or use a puppet module to manage mysql, and then -# use that to satisfy the requirements that gerrit has. - exec { "gerrit-mysql": - creates => "/var/lib/mysql/reviewdb/", - command => "/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -e \"\ - CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY '${mysql_password}';\ - CREATE DATABASE reviewdb;\ - ALTER DATABASE reviewdb charset=latin1;\ - GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';\ - FLUSH PRIVILEGES;\"", - require => Package["mysql-server"], + class {"mysql::server": + config_hash => { + 'root_password' => "${mysql_root_password}", + 'default_engine' => 'InnoDB', + 'bind_address' => '127.0.0.1', + } } - file { "/etc/mysql/my.cnf": - source => 'puppet:///modules/gerrit/my.cnf', - owner => 'root', - group => 'root', - ensure => 'present', - replace => 'true', - mode => 444, - require => Package["mysql-server"], + mysql::db { "reviewdb": + user => "gerrit2", + password => "${mysql_password}", + host => "localhost", + grant => "all", + charset => "latin1", } -# Set up apache. This should also be a separate, generalized module. +# Set up apache. - file { "/etc/apache2/sites-available/gerrit": - content => template('gerrit/gerrit.vhost.erb'), - owner => 'root', - group => 'root', - ensure => 'present', - replace => 'true', - mode => 444, - require => Package["apache2"], + apache::vhost { $virtual_hostname: + port => 443, + docroot => 'MEANINGLESS ARGUMENT', + priority => '50', + template => 'gerrit/gerrit.vhost.erb', + ssl => true, } - - file { "/etc/apache2/sites-enabled/gerrit": - ensure => link, - target => '/etc/apache2/sites-available/gerrit', - require => [ - File['/etc/apache2/sites-available/gerrit'], - File['/etc/apache2/mods-enabled/ssl.conf'], - File['/etc/apache2/mods-enabled/ssl.load'], - File['/etc/apache2/mods-enabled/rewrite.load'], - File['/etc/apache2/mods-enabled/proxy.conf'], - File['/etc/apache2/mods-enabled/proxy.load'], - File['/etc/apache2/mods-enabled/proxy_http.load'], - ], + a2mod { 'rewrite': + ensure => present } - - file { '/etc/apache2/sites-enabled/000-default': - require => File['/etc/apache2/sites-available/gerrit'], - ensure => absent, + a2mod { 'proxy': + ensure => present } - - file { '/etc/apache2/mods-enabled/ssl.conf': - target => '/etc/apache2/mods-available/ssl.conf', - ensure => link, - require => Package['apache2'], - } - - file { '/etc/apache2/mods-enabled/ssl.load': - target => '/etc/apache2/mods-available/ssl.load', - ensure => link, - require => Package['apache2'], - } - - file { '/etc/apache2/mods-enabled/rewrite.load': - target => '/etc/apache2/mods-available/rewrite.load', - ensure => link, - require => Package['apache2'], - } - - file { '/etc/apache2/mods-enabled/proxy.conf': - target => '/etc/apache2/mods-available/proxy.conf', - ensure => link, - require => Package['apache2'], - } - - file { '/etc/apache2/mods-enabled/proxy.load': - target => '/etc/apache2/mods-available/proxy.load', - ensure => link, - require => Package['apache2'], - } - - file { '/etc/apache2/mods-enabled/proxy_http.load': - target => '/etc/apache2/mods-available/proxy_http.load', - ensure => link, - require => Package['apache2'], - } - - exec { "gracefully restart apache": - subscribe => [ File["/etc/apache2/sites-available/gerrit"]], - refreshonly => true, - path => "/bin:/usr/bin:/usr/sbin", - command => "apache2ctl graceful", + a2mod { 'proxy_http': + ensure => present } # Install Gerrit itself. @@ -329,8 +274,7 @@ class gerrit($virtual_hostname=$fqdn, refreshonly => true, require => [Package["openjdk-6-jre-headless"], User["gerrit2"], - Exec["gerrit-mysql"], - File["/etc/mysql/my.cnf"], # For innodb default tables + Mysql::Db["reviewdb"], File["/home/gerrit2/review_site/etc/gerrit.config"], File["/home/gerrit2/review_site/etc/secure.config"]], notify => Exec["gerrit-start"], diff --git a/modules/gerrit/templates/gerrit.config.erb b/modules/gerrit/templates/gerrit.config.erb index 84d6a90412..ff4e7a8fe2 100644 --- a/modules/gerrit/templates/gerrit.config.erb +++ b/modules/gerrit/templates/gerrit.config.erb @@ -22,7 +22,7 @@ smtpServer = localhost [container] user = gerrit2 - javaHome = /usr/lib/jvm/java-6-openjdk/jre + javaHome = <% java_home %> <% if container_heaplimit != "" -%> heapLimit = <%= container_heaplimit %> <% end -%> diff --git a/modules/gerrit/templates/gerrit.vhost.erb b/modules/gerrit/templates/gerrit.vhost.erb index 4b647802b7..86a836ab75 100644 --- a/modules/gerrit/templates/gerrit.vhost.erb +++ b/modules/gerrit/templates/gerrit.vhost.erb @@ -5,13 +5,13 @@ CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined - Redirect / <%= canonicalweburl %> + Redirect / <%= scope.lookupvar("gerrit::canonicalweburl") %> - ServerName <%= virtual_hostname %> + ServerName <%= scope.lookupvar("gerrit::virtual_hostname") %> ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log @@ -21,10 +21,10 @@ SSLEngine on - SSLCertificateFile <%= ssl_cert_file %> - SSLCertificateKeyFile <%= ssl_key_file %> -<% if ssl_chain_file != "" %> - SSLCertificateChainFile <%= ssl_chain_file %> + SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %> + SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %> +<% if scope.lookupvar("gerrit::ssl_chain_file") != "" %> + SSLCertificateChainFile <%= scope.lookupvar("gerrit::ssl_chain_file") %> <% end %> @@ -41,8 +41,8 @@ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown RewriteEngine on - RewriteCond %{HTTP_HOST} !<%= virtual_hostname %> - RewriteRule ^.*$ <%= canonicalweburl %> + RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::virtual_hostname") %> + RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %> RewriteCond %{REQUEST_URI} !^/p/ RewriteRule ^/(.*)$ http://localhost:8081/$1 [P] diff --git a/modules/openstack_project/manifests/gerrit.pp b/modules/openstack_project/manifests/gerrit.pp index d9415197a5..55edca19c9 100644 --- a/modules/openstack_project/manifests/gerrit.pp +++ b/modules/openstack_project/manifests/gerrit.pp @@ -27,6 +27,7 @@ class openstack_project::gerrit ( $github_username, $github_oauth_token, $mysql_password, + $mysql_root_password, $email_private_key, $testmode=false, ) { @@ -82,6 +83,7 @@ class openstack_project::gerrit ( script_user => $script_user, script_key_file => $script_key_file, mysql_password => $mysql_password, + mysql_root_password => $mysql_root_password, email_private_key => $email_private_key, testmode => $testmode, } diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp index a8afa43aba..8f323299d4 100644 --- a/modules/openstack_project/manifests/review.pp +++ b/modules/openstack_project/manifests/review.pp @@ -27,6 +27,7 @@ class openstack_project::review( $github_oauth_token, $mysql_password, + $mysql_root_password, $email_private_key, $gerritbot_password) { include openstack_project @@ -49,6 +50,7 @@ class openstack_project::review( github_username => 'openstack-gerrit', github_oauth_token => $github_oauth_token, mysql_password => $mysql_password, + mysql_root_password => $mysql_root_password, email_private_key => $email_private_key, } class { 'gerritbot': diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp index 0b99912508..60c12c026d 100644 --- a/modules/openstack_project/manifests/review_dev.pp +++ b/modules/openstack_project/manifests/review_dev.pp @@ -1,6 +1,7 @@ class openstack_project::review_dev( $github_oauth_token, $mysql_password, + $mysql_root_password, $email_private_key) { class { 'openstack_project::gerrit': virtual_hostname => 'review-dev.openstack.org', @@ -19,6 +20,7 @@ class openstack_project::review_dev( github_username => 'openstack-gerrit-dev', github_oauth_token => $github_oauth_token, mysql_password => $mysql_password, + mysql_root_password => $mysql_root_password, email_private_key => $email_private_key, } }