We now host etherpad.openstack.org. To properly test upgrades and things
add a proper etherpad-dev host to puppet. Currently the configuration is
set to mimic that which is on etherpad.o.o. Once the -dev host is up and
running it will be used to test upgrades to more modern etherpad lite
and node.js version.
Also at some point we will probably want to use the puppetlabs-mysql
module to manage the mysql instances for etherpad. This dev host makes
that easier.
Change-Id: I63500026a1a38d7c4dd5b00cc869586eb2483497
Reviewed-on: https://review.openstack.org/14861
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: I67cc116ad8a2b2586856965ae1e341d735d69fd3
Reviewed-on: https://review.openstack.org/14582
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
As copied from jenkins. Both old and new names for the
cert contents are in hiera.
Change-Id: Ic6d8258479c260ac37346c49c1ecde8339c96a37
Reviewed-on: https://review.openstack.org/14432
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Add a node for jenkins2 (what will be the new openstack rackspace
jenkins server). Do not include zuul configs and modify
openstack_project::jenkins to disable Jenkins Job Builder.
Change-Id: Iced5cb3b287452c5570ab3dcd2d84441fff55147
Reviewed-on: https://review.openstack.org/14403
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
To bootstrap a new gerrit server.
Also, make the consumer_key field in the lp creds file templated
and use a value from hiera so that dev/prod can share the template.
Change-Id: Ie14e560beae4f4c270e558c24a67096a1c4a7d32
Reviewed-on: https://review.openstack.org/14369
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Have hiera and puppet manage gerrits ssh:29418 keys (RSA and DSA). These
keys go in /home/gerrit2/review_site/etc.
Change-Id: If8cb3ec5a2e2c582b7fa6d87c520fc0cb7c2f205
Reviewed-on: https://review.openstack.org/14365
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
To accomodate the migration from oneiric to precise VMs for the gerrit
servers create a new review-dev node. This node will have github
replication disabled until it is ready to take over from review-dev.
Change-Id: Ia163c9404ed76e20152eaf71dbe29f5befe6b317
Reviewed-on: https://review.openstack.org/14306
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Pass review-dev's lp sync credentials in from hiera and ensure the
related files are created with the proper contents.
Change-Id: Ibe6cfb029245a29548d688efd5ea3c060c708256
Reviewed-on: https://review.openstack.org/14305
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Use Hiera to store the review.o.o SSL certs and pass them down to the
gerrit module.
While modifying these files fix indentation and rocket ship alignment
according to puppet lint in the sections touched.
Change-Id: I914b0dea72c77dedb44a4e6f51417985e673b315
Reviewed-on: https://review.openstack.org/13975
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Use hiera to store the jenkins.o.o cert contents and populate the cert
files from the values in hiera.
Change-Id: Iffd724b7fabf9403506f08f76fa927c3b461ba19
Reviewed-on: https://review.openstack.org/13933
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Change-Id: I40d54189eb6d5cd4512080ec5010fe339bac96e0
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/13830
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
This replaces the previous Echosign+Launchpad+Wiki+approver-based
asynchronous contributor license agreement signing process with a
fully-automated one contained entirely within Gerrit itself.
Note that the CLA features in Gerrit's WebUI depend on a modified
gerrit.war with an earlier patch reverted:
https://review.openstack.org/12716
* manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec
and contactstore_pubkey private material from hiera, for use by Gerrit's
contact store feature. Similar entries should be added for
review.openstack.org before going into production.
* modules/gerrit/manifests/init.pp(gerrit): Add contactstore,
contactstore_appsec and contactstore_url variables needed by the
gerrit.config.erb template, and contactstore_pubkey needed by the
contact_information.pub.erb template. Add a conditional block so that if
contactstore is enabled it installs the libbcpg-java package which
Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into
Gerrit's lib directory, and builds contact_information.pub from the
contact_information.pub.erb template.
* modules/gerrit/templates/contact_information.pub.erb: New template
which is effectively an empty file waiting to be filled with the
contents of the contactstore_pubkey variable. The
gerrit_contact_information.pub file built from it gets used to encrypt
contact information filed by users in such a way that it can only be
decrypted by the private key held by the Foundation.
* modules/gerrit/templates/gerrit.config.erb(contactstore): New section,
implemented conditionally for safety. Once enabled, if the
contactstore_appsec and contactstore_url are unset then Gerrit will
refuse to start. If the system referred to by contactstore_url is
unresponsive or contactstore_appsec does not contain the shared secret
it's expecting, contributors will be unable to file initial or updated
contact information through Gerrit's WebUI.
* modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML
copy of http://wiki.openstack.org/CLA retaining all the original
wording. This will probably need updating by OpenStack Foundation staff.
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Add contactstore, contactstore_appsec,
contactstore_pubkey and contactstore_url variables to pass back into the
gerrit module. Also define the cla_description, cla_file, cla_id and
cla_name variables which get used in the gerrit_set_agreements.sh.erb
template. Add an entry to install the cla.html file.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Add the contactstore_appsec and
contactstore_pubkey variables so they can be filled in by hiera.
Override the war to pull in the g69c8fa6 test build which has the
aforementioned CLA bits restored. Turn on contactstore and set
contactstore_url to point to an existing test CGI on the Internet until
the Foundation has theirs ready. Pass contactstore_appsec and
contactstore_pubkey through up into gerrit.pp. Add an entry for the
set_agreements.sh script built from the gerrit_set_agreements.sh.erb
template and then execute it to add the new CLA to Gerrit's DB and mark
the old one expired. Similar changes should be made in review.pp before
going into production.
* modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New
template used to build a set_agreements.sh script which checks Gerrit's
database and, if necessary, expires the old Echosign CLA and adds the
new local CLA. These conditions are checked and associated operations
performed independently, so subsequent runs become a no-op.
Post-migration, this can probably be neutered further and kept around
for pushing future CLA modifications into the database when needed.
Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026
Reviewed-on: https://review.openstack.org/13058
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Add a new job template for translation management. Add two jobs for
translation management. The first will will update transifex with the
new .pot and .po files after every merge to a project. The second will
commit the new .pot and .po files and submit for review once a day.
Add puppet manifest for the slave that these jobs will be running on.
Apply the template to nova.
Change-Id: I5242f81bd6ff13d1ed8610ef9e3b39fd3dbd7301
Reviewed-on: https://review.openstack.org/11369
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
The jenkins node includes the jenkins class and zuul class. Hiera
sysadmin data should be passed to the jenkins class and not the zuul
class. Move the argument to the jenkins class.
Change-Id: I0510446991749345d461c59083055a7750aede79
Reviewed-on: https://review.openstack.org/12723
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Pass the sysadmins list into each node definition. This allows us to
retrieve the data from hiera rather than hard coding it in the puppet
manifests. Also, update test script to use bogus sysadmin data when
testing.
Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712
Reviewed-on: https://review.openstack.org/12512
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: Ib1d05a42e98613e746cbd7865cd97ce25f6a26c0
Reviewed-on: https://review.openstack.org/11940
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: James E. Blair <corvus@inaugust.com>
Use puppet agent --test for puppet cron.
We don't need the private ssh or gpg key on the slaves anymore.
We do need the glance testing stuff, so stick that into hiera.
Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce
Reviewed-on: https://review.openstack.org/10851
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Put jenkins_master into jenkins::master and jenkins_job_builder into
jenkins::job_builder and jenkins_slave into jenkins::slave.
Change-Id: Icb0e3071894730c17d8f36f49e9d34979d9c568e
Reviewed-on: https://review.openstack.org/11249
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Put jenkins_master into jenkins::master and jenkins_job_builder into
jenkins::job_builder and jenkins_slave into jenkins::slave.
Change-Id: I2a1d242ecab0e765ab1b1556bbebd2db8f632888
Reviewed-on: https://review.openstack.org/10842
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Add node definition for static.openstack.org and create first simple
implementation of what the static.openstack.org host would look like.
Change-Id: I04952154246c4985e7ff44909e892918a1336fba
Reviewed-on: https://review.openstack.org/11193
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Add a templated zuul.conf with apikey filled in by hiera.
Made an openstack_project::zuul class to encapsulate installation
and config of zuul with our config files.
Change-Id: Idc09819b27672879b74b90bdbf699b07aa416a2a
Reviewed-on: https://review.openstack.org/10460
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Apply the jenkins slave cgroups and ulimit limits that had been applied
to precise8 to the remaining precise slaves.
Change-Id: Idb58d678c1428f1c3ca5cc1817c814c6f5933519
Need /usr/bin/test.
Rename openstack_project::jenkins_slave to openstack_project::slave to
deal with scoping issues.
Change-Id: Ia703cdd0407eef4afe4c6cf07263150699cc47c9
Adding a yml file to the project but not listing it in the .pp file
only really ever caused bugs.
Moved the full openstack project list to a variable for re-use.
Change-Id: I211b5cf54d5a84c6136a4b04ea819c688cc1e2b6
