The projects list is a common list for devs to interact with. The config
in the list is not, but the config in the list means the file needs to
be in an erb template.
Split the two concerns, similar to zuul. Put the config in a config file
and the project data in a yaml file.
Change-Id: I708b8655b4b1ce377f3b7369e987418c1d72d977
We tried, but something in the DB seemed to break schema migrations
so let's undo this for now while we focus testing on that part
specifically. Once that hurdle is past, we can revert this revert to
try again.
This reverts commit 7011082193da25fb30d95f057c7babd9c46d10f0.
Change-Id: I5f6628c1e4366184ac5b4f72c5aaf43207942bf9
Zaro needs access to review-dev server to test gerrit upgrades. Zaro has read
and agrees to the following http://ci.openstack.org/sysadmin.html#ssh-access
Change-Id: I00b19b2c68debdb73c22e89ef208718c57e5149d
* modules/openstack_project/manifests/review_dev.pp: Following on
771aded, apply a similar change to this file so review-dev.o.o can
apply its Puppet configuration successfully again.
Change-Id: Ie7c0c3efd9066cae4a09f30a90ab950d2b7bdb93
Scoping rules mean that we need to be explicit here or else puppet finds
the wrong thing. Also, puppet needs a trailing slash.
Change-Id: Ifc2f03dbf1dd746515e00ded5d76fe7393ce6c7e
This commit moves the MySQL configuration from the gerrit puppet
module into a seperate mysql puppet module. The purpose of
this change is to allow us to more easily customise gerrit's
mysql configuration for each instance of gerrit that we deploy..
Partial-Bug: 1083101
Change-Id: Ibcc31b3fce8af54229fd4de69a49842ac1c428ae
* modules/openstack_project/manifests/review_dev.pp: Add the bup class
and bup site to backup review-dev to ci-backup-rs-ord.openstack.org.
This will backup the review-dev mysql dumps to an offsite location.
Change-Id: Iad6844e98e6832e23919e125d1c25af38088453e
* modules/openstack_project/manifests/review_dev.pp: Remove
mysql_backup, gerrit.pp will do this for review_dev now.
* modules/openstack_project/manifests/gerrit.pp: Put MySQL backups in
central Gerrit manifest. This will backup MySQL locally for review and
review-dev.
* modules/openstack_project/manifests/wiki.pp: Backup wiki MySQL DB
locally wth the mysql_backup module.
These changes make it possible to do offsite DB backups with bup by
first backing up the databases locally.
Change-Id: I932b439c153e461fa9c6b454e132137949bd08df
* modules/openstack_project/manifests/review_dev.pp: Use the
mysql_backup module to perform local DB backups which can then be backed
up offsite by bup.
Change-Id: Ia9f1c49a151d75e8e6197d965a8b3e51c0f7544b
Modify gerrit's git replication configuration so that it
pulls in from a list of replication targets defined in
puppet rather than individually added stanzas.
Pull the replicate_github variable from files, since it
is no longer required.
The replicate_local variable remains because it's used
in the apache configuration and for setup of the local
replication space for git.
Also add the cgit server to the list of servers.
Change-Id: I68de89bb216565f1754eb9b192bd437adcbf768b
Change-Id: If06499650d1b98f475ed71def182ff5901972c07
Reviewed-on: https://review.openstack.org/36764
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/review_dev.pp: Install
http://tarballs.openstack.org/ci/test/gerrit-2.4.4-14-gab7f4c1.war on
review-dev to test the new 2.4.4 patches.
Change-Id: Ie17b9a2c96720892e4140b36c2ebf81fb2f3e058
Reviewed-on: https://review.openstack.org/35520
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Change-Id: Ied0d87a3f8d1f9154c48d47b9629dc0898b790ff
Reviewed-on: https://review.openstack.org/29197
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/review.pp
* modules/openstack_project/manifests/review_dev.pp: Provide a
missing conduit for openstackwatch swift credentials from the global
site.pp through to the openstack_project::gerrit class.
Change-Id: Ie89c3e098323216373c0b3aecfd7e3f9993fc18e
Reviewed-on: https://review.openstack.org/25357
Reviewed-by: Anita Kuno <akuno@lavabit.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
This change fixes bug 1082754 and builds on the following prior
work, which set up the underlying mechanisms and implemented them on
review-dev:
- https://review.openstack.org/12716
- https://review.openstack.org/13058
- https://review.openstack.org/13378
- https://review.openstack.org/13392
- https://review.openstack.org/13402
- https://review.openstack.org/13592
- https://review.openstack.org/14319
- https://review.openstack.org/14493
- https://review.openstack.org/16468
* manifests/site.pp(review.openstack.org): Add
gerrit_contactstore_appsec and gerrit_contactstore_pubkey variables
similar to those used for review-dev.openstack.org.
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Move the cla_description, cla_file, cla_id
and cla_name variables here, since they'll be used by both review and
review-dev servers. Same goes for the set_agreements.sh file block and
set_contributor_agreements exec block. Also stop loading the
launchpad_sync module and make sure the sync_launchpad_users cron
job is removed from the server.
* modules/openstack_project/manifests/review.pp
(openstack_project::review): Add the contactstore_appsec and
contactstore_pubkey variables being from from hiera. Update the .war
file to one with "Hack out some CLA bits" reverted. Turn on
contactstore, pass the contactstore_appsec and contactstore_pubkey
variables through, and set the production contactstore_url.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Remove the definitions for
cla_description, cla_file, cla_id and cla_name, along with the
set_agreements.sh file block and set_contributor_agreements exec block
since they're all in gerrit.pp now.
Change-Id: I037f1a3e2b03c66768cec6caa7fe5e1c68495ac6
Reviewed-on: https://review.openstack.org/14099
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
* modules/openstack_project/manifests/review_dev.pp: Setting to use
the WAR built from merging https://review.openstack.org/12716 which
will ultimately be used on review.openstack.org starting 2013-02-24.
Change-Id: Ic1f5174398d2a8d2f09fe00511c1d6b297ae56d6
Reviewed-on: https://review.openstack.org/22751
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/review_dev.pp: The
contactstore_url parameter can't reuse canonicalweburl because it's
being set in the same parameter list and thus not available at the
time of parsing. Instead just hardcode it.
Change-Id: I44d4366c4658dfdd17709447bb0592b75604e805
Reviewed-on: https://review.openstack.org/20072
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
* modules/openstack_project/manifests/review_dev.pp: In preparation
for putting the current contact store system into production, this
repoints the testing contactstore on review-dev.openstack.org at its
local fakestore CGI instead so that we don't break it. We can change
this to a development Foundation Membership System server later once
one exists.
Change-Id: Id2d2979633da8fdc54ba5dd1aa9a01ce117e7572
Reviewed-on: https://review.openstack.org/19940
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Now with extra unwrap!
Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a
Reviewed-on: https://review.openstack.org/15052
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
* modules/openstack_project/manifests/review_dev.pp: Set
contactstore_url to the URL of the new OpenStack Foundation contact
store server for testing purposes.
Change-Id: I161fb3cf4f5c414495c79509fb71da633d1cf08f
Reviewed-on: https://review.openstack.org/16468
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Manage project creation via yaml files. Also,
Modify the manage_projects scripts to configure Gerrit project ACLs.
This change expects the project yaml to exist. The change will clone the
project for the localhost Gerrit install. It will then checkout the
meta/config ref, copy the ACL config file into the repo, commit, and
push to the origin. The ACL config location should be specified in the
projects.yaml file with the acl_config key.
For this to work the ACLs will need to be copied by Puppet from Puppet
to the Gerrit host. Add the file resource to do this as well.
Change-Id: I15a1ec13b381dce3c115c01c21f404ab79e72cc4
Reviewed-on: https://review.openstack.org/15352
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
To bootstrap a new gerrit server.
Also, make the consumer_key field in the lp creds file templated
and use a value from hiera so that dev/prod can share the template.
Change-Id: Ie14e560beae4f4c270e558c24a67096a1c4a7d32
Reviewed-on: https://review.openstack.org/14369
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Have hiera and puppet manage gerrits ssh:29418 keys (RSA and DSA). These
keys go in /home/gerrit2/review_site/etc.
Change-Id: If8cb3ec5a2e2c582b7fa6d87c520fc0cb7c2f205
Reviewed-on: https://review.openstack.org/14365
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
To accomodate the migration from oneiric to precise VMs for the gerrit
servers create a new review-dev node. This node will have github
replication disabled until it is ready to take over from review-dev.
Change-Id: Ia163c9404ed76e20152eaf71dbe29f5befe6b317
Reviewed-on: https://review.openstack.org/14306
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Pass review-dev's lp sync credentials in from hiera and ensure the
related files are created with the proper contents.
Change-Id: Ibe6cfb029245a29548d688efd5ea3c060c708256
Reviewed-on: https://review.openstack.org/14305
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Change war override to latest test with
"Hack out some CLA bits" reverted. This is so we can continue testing
CLA implementation on review-dev.o.o in combination with related
upstream bug fixes we've since merged.
Change-Id: Ib9010ab7b5d97c2769ed2b700fd19dd70ca005c6
Reviewed-on: https://review.openstack.org/13592
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Remove cla_description, cla_file, cla_id
and cla_name since they'll be defined in openstack_project::review_dev
instead.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Define cla_description, cla_file,
cla_id and cla_name here instead of inferring them from
openstack_project::gerrit.
Change-Id: Ie786ce5527b30895fdf59d93abc2154261e84155
Reviewed-on: https://review.openstack.org/13402
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Set defaults for contactstore,
contactstore_appsec, contactstore_pubkey and contactstore_url since
openstack_project::review isn't setting any yet.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Retrieve values for cla_description,
cla_file, cla_id and cla_name from openstack::gerrit where they're
defined.
Change-Id: I010a8cffd2f5c2bd1c04f7f8d5b9a4089551e69f
Reviewed-on: https://review.openstack.org/13378
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
This replaces the previous Echosign+Launchpad+Wiki+approver-based
asynchronous contributor license agreement signing process with a
fully-automated one contained entirely within Gerrit itself.
Note that the CLA features in Gerrit's WebUI depend on a modified
gerrit.war with an earlier patch reverted:
https://review.openstack.org/12716
* manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec
and contactstore_pubkey private material from hiera, for use by Gerrit's
contact store feature. Similar entries should be added for
review.openstack.org before going into production.
* modules/gerrit/manifests/init.pp(gerrit): Add contactstore,
contactstore_appsec and contactstore_url variables needed by the
gerrit.config.erb template, and contactstore_pubkey needed by the
contact_information.pub.erb template. Add a conditional block so that if
contactstore is enabled it installs the libbcpg-java package which
Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into
Gerrit's lib directory, and builds contact_information.pub from the
contact_information.pub.erb template.
* modules/gerrit/templates/contact_information.pub.erb: New template
which is effectively an empty file waiting to be filled with the
contents of the contactstore_pubkey variable. The
gerrit_contact_information.pub file built from it gets used to encrypt
contact information filed by users in such a way that it can only be
decrypted by the private key held by the Foundation.
* modules/gerrit/templates/gerrit.config.erb(contactstore): New section,
implemented conditionally for safety. Once enabled, if the
contactstore_appsec and contactstore_url are unset then Gerrit will
refuse to start. If the system referred to by contactstore_url is
unresponsive or contactstore_appsec does not contain the shared secret
it's expecting, contributors will be unable to file initial or updated
contact information through Gerrit's WebUI.
* modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML
copy of http://wiki.openstack.org/CLA retaining all the original
wording. This will probably need updating by OpenStack Foundation staff.
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Add contactstore, contactstore_appsec,
contactstore_pubkey and contactstore_url variables to pass back into the
gerrit module. Also define the cla_description, cla_file, cla_id and
cla_name variables which get used in the gerrit_set_agreements.sh.erb
template. Add an entry to install the cla.html file.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Add the contactstore_appsec and
contactstore_pubkey variables so they can be filled in by hiera.
Override the war to pull in the g69c8fa6 test build which has the
aforementioned CLA bits restored. Turn on contactstore and set
contactstore_url to point to an existing test CGI on the Internet until
the Foundation has theirs ready. Pass contactstore_appsec and
contactstore_pubkey through up into gerrit.pp. Add an entry for the
set_agreements.sh script built from the gerrit_set_agreements.sh.erb
template and then execute it to add the new CLA to Gerrit's DB and mark
the old one expired. Similar changes should be made in review.pp before
going into production.
* modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New
template used to build a set_agreements.sh script which checks Gerrit's
database and, if necessary, expires the old Echosign CLA and adds the
new local CLA. These conditions are checked and associated operations
performed independently, so subsequent runs become a no-op.
Post-migration, this can probably be neutered further and kept around
for pushing future CLA modifications into the database when needed.
Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026
Reviewed-on: https://review.openstack.org/13058
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Adds trivial_rebase.py for bug 881184.
* modules/openstack_project/files/gerrit/scripts/trivial_rebase.py: A
modified version of the contrib/trivial_rebase.py included in upstream
Gerrit's git tree (we'll try to get individual patches submitted
upstream soon):
git clone https://gerrit.googlesource.com/gerrit
* modules/openstack_project/files/gerrit/patchset-created: Moved to
modules/openstack_project/templates/gerrit_patchset-created.erb and
added an entry for the trivial_rebase.py script with variables for its
command-line options sourced from gerrit.pp and review{,_dev}.pp.
* modules/openstack_project/manifests/gerrit.pp: Changed the file
definition for /home/gerrit2/review_site/hooks/patchset-created to use a
template, adding the ssh_host_key and trivial_rebase_role_id variables
it requires. Added a file entry for trivial_rebase.py as well, since
we're putting it in modules/openstack_project instead of modules/gerrit
where the existing scripts reside (we'll eventually want to move all of
modules/gerrit/files/scripts out of there at some point, but not now).
* modules/openstack_project/manifests/review_dev.pp: Override the
trivial_rebase_role_id variable to trivial-rebase@review-dev.o.o on
review-dev.
* modules/openstack_project/manifests/review.pp: Override the
trivial_rebase_role_id variable to trivial-rebase@review.o.o on review.
Change-Id: I941f15525c72b84708ae1de6832834eb53ab6863
Reviewed-on: https://review.openstack.org/12373
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Pass the sysadmins list into each node definition. This allows us to
retrieve the data from hiera rather than hard coding it in the puppet
manifests. Also, update test script to use bogus sysadmin data when
testing.
Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712
Reviewed-on: https://review.openstack.org/12512
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Launchpad user syncing to review-dev's gerrit instance was not working
as it was using the wrong ssh key to ssh into gerrit's command line
interface. Correct the ssh key and add proper logging to the sync script
on this host.
Change-Id: I1cbaafd736dafba6afee35ec04ed0024b0f2565a
Reviewed-on: https://review.openstack.org/12475
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
If replicate_local is set, this will ensure that /var/lib/git is created,
and that projects listed in the projects.config have repos there.
Additionally, it creates a new config file, projects.config which is a
yaml file listing all of the projects and various operational semantics about
them, such as whether or not they should have pull requests closed and whether
or not they track any remotes. This replaces remotes.config and github.config.
Moving forward, there is no reason to not have this script be able to
do github api calls to create the github repo if it's not there, set the
github project description, gerrit api calls to create the project in gerrit,
and initial project permissions templates.
Change-Id: I1ad803b0aa5f7386206d0c3f4cd858017242fe64
Also, moved depends for launchpad sync script to the launchpad sync
module, and put the ntp stuff into an ntp module.
Change-Id: I2568752493fefa305f9108a23da101d80a311552
TODO: Add another script that sets the project description. Add the project
description to the config hash.
Change-Id: If4584b2a1e55e6eb912e1f557e31de216d49a516
