Pass review-dev's lp sync credentials in from hiera and ensure the
related files are created with the proper contents.
Change-Id: Ibe6cfb029245a29548d688efd5ea3c060c708256
Reviewed-on: https://review.openstack.org/14305
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
The jenkins slave template manifest depends on having the jenkins ssh
key variable in scope. To make this happen have
openstack_project::slave_template inherit openstack_project which
includes the ssh key variable.
Change-Id: I231f030e42e7bb2cf780f04f2a3ca1e668cf61f9
Reviewed-on: https://review.openstack.org/14186
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
In openstack_project::base use the Apt module to configure the upstream
puppet labs apt repository and pin puppet to version 2.7.*.
Change-Id: I0a09e02e3d26eb9452215e5bccef143487e9e58d
Reviewed-on: https://review.openstack.org/14194
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Killed trailing whitespace in the puppet repo files using
`sed -r 's/\s+$//'`. Skip binary files and html templates for lodgeit
and mailman.
Change-Id: Ib43493161d8f0e8fae1426b22fb1737832ca14cd
Reviewed-on: https://review.openstack.org/12969
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Use Hiera to store the review.o.o SSL certs and pass them down to the
gerrit module.
While modifying these files fix indentation and rocket ship alignment
according to puppet lint in the sections touched.
Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315
Reviewed-on: https://review.openstack.org/13975
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Use hiera to store the jenkins.o.o cert contents and populate the cert
files from the values in hiera.
Change-Id: Iffd724b7fabf9403506f08f76fa927c3b461ba19
Reviewed-on: https://review.openstack.org/13933
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
The puppet master had its disk fill up with puppet reports. Add a cron
job to the puppet master to delete puppet reports that are more than one
week old. This should prevent the disk from filling up again for this
reason.
Change-Id: I0a937e6121285573eb9fbb93eb70bdffa481352d
Reviewed-on: https://review.openstack.org/14013
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
After some discussion in #openstack-infra using modules from puppetforge
is a good thing. So, this is a simple change to use an existing module
that I maintain.
Change-Id: Ic2290ef10ff96220b6620958537730e828e59402
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/13959
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Have pip install the latest virtualenv.
Change-Id: Ifc5d32c36bf4231d1c0085e3e69ad879746bfb20
Reviewed-on: https://review.openstack.org/13804
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
He hasn't logged in in quite some time, so remove his key to reduce
our exposure. He's welcome back any time.
Change-Id: I1404cf6cd5d0a598a583580a16b39735b0d22087
Reviewed-on: https://review.openstack.org/13772
Reviewed-by: Devananda van der Veen <devananda.vdv@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Once our gate-ci-puppet-lint job goes live, this will help to get it to
pass.
Change-Id: I2eb363038b8e63e4b17a3f80cc40dc6c6bf90bee
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/13722
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
With the help of puppet-lint our base.pp manifest is now formatted
correctly per the puppet style guide.
Change-Id: I37de863b489bfd1b1a67b657a0749a5824ffe91d
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/13603
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Change war override to latest test with
"Hack out some CLA bits" reverted. This is so we can continue testing
CLA implementation on review-dev.o.o in combination with related
upstream bug fixes we've since merged.
Change-Id: Ib9010ab7b5d97c2769ed2b700fd19dd70ca005c6
Reviewed-on: https://review.openstack.org/13592
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Remove cla_description, cla_file, cla_id
and cla_name since they'll be defined in openstack_project::review_dev
instead.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Define cla_description, cla_file,
cla_id and cla_name here instead of inferring them from
openstack_project::gerrit.
Change-Id: Ie786ce5527b30895fdf59d93abc2154261e84155
Reviewed-on: https://review.openstack.org/13402
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Set defaults for contactstore,
contactstore_appsec, contactstore_pubkey and contactstore_url since
openstack_project::review isn't setting any yet.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Retrieve values for cla_description,
cla_file, cla_id and cla_name from openstack::gerrit where they're
defined.
Change-Id: I010a8cffd2f5c2bd1c04f7f8d5b9a4089551e69f
Reviewed-on: https://review.openstack.org/13378
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
This replaces the previous Echosign+Launchpad+Wiki+approver-based
asynchronous contributor license agreement signing process with a
fully-automated one contained entirely within Gerrit itself.
Note that the CLA features in Gerrit's WebUI depend on a modified
gerrit.war with an earlier patch reverted:
https://review.openstack.org/12716
* manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec
and contactstore_pubkey private material from hiera, for use by Gerrit's
contact store feature. Similar entries should be added for
review.openstack.org before going into production.
* modules/gerrit/manifests/init.pp(gerrit): Add contactstore,
contactstore_appsec and contactstore_url variables needed by the
gerrit.config.erb template, and contactstore_pubkey needed by the
contact_information.pub.erb template. Add a conditional block so that if
contactstore is enabled it installs the libbcpg-java package which
Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into
Gerrit's lib directory, and builds contact_information.pub from the
contact_information.pub.erb template.
* modules/gerrit/templates/contact_information.pub.erb: New template
which is effectively an empty file waiting to be filled with the
contents of the contactstore_pubkey variable. The
gerrit_contact_information.pub file built from it gets used to encrypt
contact information filed by users in such a way that it can only be
decrypted by the private key held by the Foundation.
* modules/gerrit/templates/gerrit.config.erb(contactstore): New section,
implemented conditionally for safety. Once enabled, if the
contactstore_appsec and contactstore_url are unset then Gerrit will
refuse to start. If the system referred to by contactstore_url is
unresponsive or contactstore_appsec does not contain the shared secret
it's expecting, contributors will be unable to file initial or updated
contact information through Gerrit's WebUI.
* modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML
copy of http://wiki.openstack.org/CLA retaining all the original
wording. This will probably need updating by OpenStack Foundation staff.
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Add contactstore, contactstore_appsec,
contactstore_pubkey and contactstore_url variables to pass back into the
gerrit module. Also define the cla_description, cla_file, cla_id and
cla_name variables which get used in the gerrit_set_agreements.sh.erb
template. Add an entry to install the cla.html file.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Add the contactstore_appsec and
contactstore_pubkey variables so they can be filled in by hiera.
Override the war to pull in the g69c8fa6 test build which has the
aforementioned CLA bits restored. Turn on contactstore and set
contactstore_url to point to an existing test CGI on the Internet until
the Foundation has theirs ready. Pass contactstore_appsec and
contactstore_pubkey through up into gerrit.pp. Add an entry for the
set_agreements.sh script built from the gerrit_set_agreements.sh.erb
template and then execute it to add the new CLA to Gerrit's DB and mark
the old one expired. Similar changes should be made in review.pp before
going into production.
* modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New
template used to build a set_agreements.sh script which checks Gerrit's
database and, if necessary, expires the old Echosign CLA and adds the
new local CLA. These conditions are checked and associated operations
performed independently, so subsequent runs become a no-op.
Post-migration, this can probably be neutered further and kept around
for pushing future CLA modifications into the database when needed.
Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026
Reviewed-on: https://review.openstack.org/13058
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: I104d7aa9f2fd2fc0b04e0541c9120c4ee15693e0
Reviewed-on: https://review.openstack.org/13234
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Add a new job template for translation management. Add two jobs for
translation management. The first will will update transifex with the
new .pot and .po files after every merge to a project. The second will
commit the new .pot and .po files and submit for review once a day.
Add puppet manifest for the slave that these jobs will be running on.
Apply the template to nova.
Change-Id: I5242f81bd6ff13d1ed8610ef9e3b39fd3dbd7301
Reviewed-on: https://review.openstack.org/11369
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
openstack_project/static.pp needs to include openstack_project in order
to use openstack_project::jenkins_ssh_key. Make it so.
Change-Id: I4abe98492e32307aa1ba18c1efa485e8b5181b2e
Reviewed-on: https://review.openstack.org/12722
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Adds trivial_rebase.py for bug 881184.
* modules/openstack_project/files/gerrit/scripts/trivial_rebase.py: A
modified version of the contrib/trivial_rebase.py included in upstream
Gerrit's git tree (we'll try to get individual patches submitted
upstream soon):
git clone https://gerrit.googlesource.com/gerrit
* modules/openstack_project/files/gerrit/patchset-created: Moved to
modules/openstack_project/templates/gerrit_patchset-created.erb and
added an entry for the trivial_rebase.py script with variables for its
command-line options sourced from gerrit.pp and review{,_dev}.pp.
* modules/openstack_project/manifests/gerrit.pp: Changed the file
definition for /home/gerrit2/review_site/hooks/patchset-created to use a
template, adding the ssh_host_key and trivial_rebase_role_id variables
it requires. Added a file entry for trivial_rebase.py as well, since
we're putting it in modules/openstack_project instead of modules/gerrit
where the existing scripts reside (we'll eventually want to move all of
modules/gerrit/files/scripts out of there at some point, but not now).
* modules/openstack_project/manifests/review_dev.pp: Override the
trivial_rebase_role_id variable to trivial-rebase@review-dev.o.o on
review-dev.
* modules/openstack_project/manifests/review.pp: Override the
trivial_rebase_role_id variable to trivial-rebase@review.o.o on review.
Change-Id: I941f15525c72b84708ae1de6832834eb53ab6863
Reviewed-on: https://review.openstack.org/12373
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Pass the sysadmins list into each node definition. This allows us to
retrieve the data from hiera rather than hard coding it in the puppet
manifests. Also, update test script to use bogus sysadmin data when
testing.
Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712
Reviewed-on: https://review.openstack.org/12512
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Launchpad user syncing to review-dev's gerrit instance was not working
as it was using the wrong ssh key to ssh into gerrit's command line
interface. Correct the ssh key and add proper logging to the sync script
on this host.
Change-Id: I1cbaafd736dafba6afee35ec04ed0024b0f2565a
Reviewed-on: https://review.openstack.org/12475
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Change-Id: Ib1d05a42e98613e746cbd7865cd97ce25f6a26c0
Reviewed-on: https://review.openstack.org/11940
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: James E. Blair <corvus@inaugust.com>
Use the logging package to properly log in the lp to gerrit user sync
script.
Change-Id: I329ea96a5257f7ea140406127b27621dd0253c09
Reviewed-on: https://review.openstack.org/11663
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Use puppet agent --test for puppet cron.
We don't need the private ssh or gpg key on the slaves anymore.
We do need the glance testing stuff, so stick that into hiera.
Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce
Reviewed-on: https://review.openstack.org/10851
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
And invoke it correctly on static.o.o.
Change-Id: Ic4699828500f4acf4af60248ba87200c0e703fc6
Reviewed-on: https://review.openstack.org/11496
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: I41116f1732754772ef4968d8c020073e21f6cb7c
Reviewed-on: https://review.openstack.org/11413
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Put jenkins_master into jenkins::master and jenkins_job_builder into
jenkins::job_builder and jenkins_slave into jenkins::slave.
Change-Id: Icb0e3071894730c17d8f36f49e9d34979d9c568e
Reviewed-on: https://review.openstack.org/11249
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Put jenkins_master into jenkins::master and jenkins_job_builder into
jenkins::job_builder and jenkins_slave into jenkins::slave.
Change-Id: I2a1d242ecab0e765ab1b1556bbebd2db8f632888
Reviewed-on: https://review.openstack.org/10842
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Add node definition for static.openstack.org and create first simple
implementation of what the static.openstack.org host would look like.
Change-Id: I04952154246c4985e7ff44909e892918a1336fba
Reviewed-on: https://review.openstack.org/11193
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: I774b08719297979c0079c37679c3face3788e111
Reviewed-on: https://review.openstack.org/11151
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: Ia0b5c80c479f8acd5cc1e0dc0a4515d88e6b5db8
Reviewed-on: https://review.openstack.org/11091
Reviewed-by: Devananda van der Veen <devananda.vdv@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Fixes 1034130.
Oneiric git is very slow with precise due to a version mismatch madness.
Change-Id: I2eb54848cd671e091879dd2f6a57f32a2ac6405b
Reviewed-on: https://review.openstack.org/10843
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
The conditional to realize users was triggered by install_useres instead
of install_users so things didn't quite work properly. Correct that
issue.
Change-Id: I84ff3e0116a9b4de07cb649b81574b813aaea578
Reviewed-on: https://review.openstack.org/10935
Reviewed-by: linuxjedi <andrew@linuxjedi.co.uk>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: Idcf8af9712f8d10b50cfffc0aa74f7caa1a24c77
Reviewed-on: https://review.openstack.org/10833
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Naming it after what it installs. Also, split the target cronjob into
a define.
Change-Id: I73a4383f529c60bc35c60241dfc91508965d755e
Reviewed-on: https://review.openstack.org/10885
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Add a templated zuul.conf with apikey filled in by hiera.
Made an openstack_project::zuul class to encapsulate installation
and config of zuul with our config files.
Change-Id: Idc09819b27672879b74b90bdbf699b07aa416a2a
Reviewed-on: https://review.openstack.org/10460
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
If replicate_local is set, this will ensure that /var/lib/git is created,
and that projects listed in the projects.config have repos there.
Additionally, it creates a new config file, projects.config which is a
yaml file listing all of the projects and various operational semantics about
them, such as whether or not they should have pull requests closed and whether
or not they track any remotes. This replaces remotes.config and github.config.
Moving forward, there is no reason to not have this script be able to
do github api calls to create the github repo if it's not there, set the
github project description, gerrit api calls to create the project in gerrit,
and initial project permissions templates.
Change-Id: I1ad803b0aa5f7386206d0c3f4cd858017242fe64
Also, moved depends for launchpad sync script to the launchpad sync
module, and put the ntp stuff into an ntp module.
Change-Id: I2568752493fefa305f9108a23da101d80a311552
