Non instance variable representation is deprecated
so needs to be changed. This change changes varibles
to their instance variable representation.
See more details see:
http://docs.puppetlabs.com/guides/templating.html
Change-Id: Ib77827e01011ef6c0380c9ec7a9d147eafd8ce2f
Gerrit by default wraps all file downloads in zipped archive. This
can be overridden using the mimetype setting[1]. This change allows
downloading of xml, yaml, rst, html, and txt files without being
wrapped inside of a zipped archives.
[1] https://review.openstack.org/Documentation/config-gerrit.html
Change-Id: I47563de12a2bc8c8a3755fa777abf029cc4e0c28
This rebuilds secondary indexes on gerrit initial-init and init. They
are optional in gerrit 2.8, and mandatory in gerrit 2.9.
A few common strings are refactored into variables to make this more
concise, and less likely to get fat fingered. If desired, further
symbolic refactoring can be done here as well.
Question remains if we need to make this 2.8 conditional, and how we
can get access to the gerrit revision in this part of puppet.
Partial-Bug: #1082781
Change-Id: Iee94934baaa220313a7e888ba0e2a6530eab0d52
* Gerrit: make the path to the local replica configurable
(default to /var/lib/git)
* Set the local replica path on review-dev to /opt/lib/git
* Gerrit: make the jeepyb cache dir configurable
(default to /opt/lib/jeepyb)
Change-Id: I9b94fa540bb400abcc746c5c962bb3b5e2b372e3
In further support of using a trove db, remove the gerrit::mysql
module from review-dev. Plumb mysql_host throughout and remove
the no longer necessary mysql_root_password. Configure review-dev
to use mysql_host from hiera, but configure review to use
'localhost'.
Change-Id: Id13cea66601f80c5b17d2a4069a14f7b458ea09d
This patch addresses:
LDAP not requiring username or password (anonymous bind)
This is required to support configurations where LDAP is on a secure network,
and anonymous bind is enabled.
LDAP using a self signed SSL cert (verify ssl on or off)
This is required to support configurations where LDAP requires SSL, but ssl is
using an internal or self signed certificate, and therefore fails cert checks.
This also covers testing conditions where a consumer might use OS with LDAP+ssl
unsigned.
LDAP using a nonstandard cn naming convention (ie email address).
This is required to deal with an edge case where 'cn' in ldap might be something
other than a bare username. Gerrit pulls the ssh username from that value and
will not accept a non-alphanumeric address. By setting 'accountSshUserName' in
puppet, that is setable.
LDAP prepopulating account Full name.
Gerrit has a configuration option to pull Full Name from LDAP, this change exposes
that option.
Change-Id: Ibd41d59ff98e406b42e1e14cc17e23b3d6211d58
Scoping rules mean that we need to be explicit here or else puppet finds
the wrong thing. Also, puppet needs a trailing slash.
Change-Id: Ifc2f03dbf1dd746515e00ded5d76fe7393ce6c7e
This time, make the default value false instead of empty string.
This reverts commit 99d3283dc246da4b4d2d26ecfb193b308881f05d
Change-Id: I88108ff75f1c2bd3aa78856c186312340258ec3c
Make it possible to configure with LDAP or OPENID_SSO.
Also, it's possible to not want to need CLAs.
Change-Id: Ie6660c819f4078dd4dd5be052e74aaa98c54cab4
We have a cgit server now, which means we should replace
all references to github with references to git.openstack.org.
Change-Id: I68ad1ce514fb4326c7d9940b5a84999af5b58562
Will take effect when Zuul is running this change:
I74702fd7d37358e6f4caa7e7ac0a3ede73184077
This change also adds that feature to the Zuul config and enables
it for OpenStack. It also adds the ability to specify HTML in a
commentlink (and uses it).
Change-Id: Idb4ad8e6079165d681271987a92cab5d8b7c81be
Modify gerrit's git replication configuration so that it
pulls in from a list of replication targets defined in
puppet rather than individually added stanzas.
Pull the replicate_github variable from files, since it
is no longer required.
The replicate_local variable remains because it's used
in the apache configuration and for setup of the local
replication space for git.
Also add the cgit server to the list of servers.
Change-Id: I68de89bb216565f1754eb9b192bd437adcbf768b
Actually, it's support for parameterized listen_address, but the
real thing you want it for is setting the port.
Change-Id: If75fedce32f35a8f72c92fc709d5c9e8b2d35235
Reviewed-on: https://review.openstack.org/33925
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
And slow down bing (msnbot).
Change-Id: Id8361047abc2cfb52260b3d0ef01275ec3a923f5
Reviewed-on: https://review.openstack.org/32435
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com>
Reviewed-by: Anita Kuno <anita.kuno@enovance.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* modules/gerrit/templates/gerrit.vhost.erb: If the contactstore
feature is enabled, don't shadow the URL to the fakestore CGI with
the Gerrit loopback proxy.
Change-Id: Ic6d01d671b762370b91f732c1a980051cdb5f6c2
Reviewed-on: https://review.openstack.org/20053
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
This is useful for testing Gerrit's contactstore features if you
don't have a real contact store server set up already.
* modules/gerrit/files/fakestore.cgi: An extremely trivial shell
script which returns the content Gerrit expects from a successful
submission to a contactstore server. Note this does not check the
application security key or store any of the post variables--it is
simply a black hole for contact updates.
* modules/gerrit/manifests/init.pp: If the contactstore feature is
enabled in Gerrit, install the fakestore.cgi script so it can be
available for testing.
* modules/gerrit/templates/gerrit.vhost.erb: If the contactstore
feature is enabled, ScriptAlias the /fakestore URL to the
fakestore.cgi script.
Change-Id: Ifa0f80bab9e8b8e207f0ffd83f01c8a3d904618e
Reviewed-on: https://review.openstack.org/19939
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Change-Id: I409bd50ae374e0288531f07cfeea34856c5f8067
Reviewed-on: https://review.openstack.org/17319
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: James E. Blair <corvus@inaugust.com>
This replaces the previous Echosign+Launchpad+Wiki+approver-based
asynchronous contributor license agreement signing process with a
fully-automated one contained entirely within Gerrit itself.
Note that the CLA features in Gerrit's WebUI depend on a modified
gerrit.war with an earlier patch reverted:
https://review.openstack.org/12716
* manifests/site.pp(review-dev.openstack.org): Fill contactstore_appsec
and contactstore_pubkey private material from hiera, for use by Gerrit's
contact store feature. Similar entries should be added for
review.openstack.org before going into production.
* modules/gerrit/manifests/init.pp(gerrit): Add contactstore,
contactstore_appsec and contactstore_url variables needed by the
gerrit.config.erb template, and contactstore_pubkey needed by the
contact_information.pub.erb template. Add a conditional block so that if
contactstore is enabled it installs the libbcpg-java package which
Bouncy Castle needs for OpenPGP operations, links the bcpg.jar into
Gerrit's lib directory, and builds contact_information.pub from the
contact_information.pub.erb template.
* modules/gerrit/templates/contact_information.pub.erb: New template
which is effectively an empty file waiting to be filled with the
contents of the contactstore_pubkey variable. The
gerrit_contact_information.pub file built from it gets used to encrypt
contact information filed by users in such a way that it can only be
decrypted by the private key held by the Foundation.
* modules/gerrit/templates/gerrit.config.erb(contactstore): New section,
implemented conditionally for safety. Once enabled, if the
contactstore_appsec and contactstore_url are unset then Gerrit will
refuse to start. If the system referred to by contactstore_url is
unresponsive or contactstore_appsec does not contain the shared secret
it's expecting, contributors will be unable to file initial or updated
contact information through Gerrit's WebUI.
* modules/openstack_project/files/gerrit/cla.html: A stripped-down HTML
copy of http://wiki.openstack.org/CLA retaining all the original
wording. This will probably need updating by OpenStack Foundation staff.
* modules/openstack_project/manifests/gerrit.pp
(openstack_project::gerrit): Add contactstore, contactstore_appsec,
contactstore_pubkey and contactstore_url variables to pass back into the
gerrit module. Also define the cla_description, cla_file, cla_id and
cla_name variables which get used in the gerrit_set_agreements.sh.erb
template. Add an entry to install the cla.html file.
* modules/openstack_project/manifests/review_dev.pp
(openstack_project::review_dev): Add the contactstore_appsec and
contactstore_pubkey variables so they can be filled in by hiera.
Override the war to pull in the g69c8fa6 test build which has the
aforementioned CLA bits restored. Turn on contactstore and set
contactstore_url to point to an existing test CGI on the Internet until
the Foundation has theirs ready. Pass contactstore_appsec and
contactstore_pubkey through up into gerrit.pp. Add an entry for the
set_agreements.sh script built from the gerrit_set_agreements.sh.erb
template and then execute it to add the new CLA to Gerrit's DB and mark
the old one expired. Similar changes should be made in review.pp before
going into production.
* modules/openstack_project/templates/gerrit_set_agreements.sh.erb: New
template used to build a set_agreements.sh script which checks Gerrit's
database and, if necessary, expires the old Echosign CLA and adds the
new local CLA. These conditions are checked and associated operations
performed independently, so subsequent runs become a no-op.
Post-migration, this can probably be neutered further and kept around
for pushing future CLA modifications into the database when needed.
Change-Id: Ib7136fef23dbd5602955649b33a57bc8d7106026
Reviewed-on: https://review.openstack.org/13058
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: Iff55f35c0d9888f1029115c17d4644a68d4e8b4c
Reviewed-on: https://review.openstack.org/10727
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
If replicate_local is set, this will ensure that /var/lib/git is created,
and that projects listed in the projects.config have repos there.
Additionally, it creates a new config file, projects.config which is a
yaml file listing all of the projects and various operational semantics about
them, such as whether or not they should have pull requests closed and whether
or not they track any remotes. This replaces remotes.config and github.config.
Moving forward, there is no reason to not have this script be able to
do github api calls to create the github repo if it's not there, set the
github project description, gerrit api calls to create the project in gerrit,
and initial project permissions templates.
Change-Id: I1ad803b0aa5f7386206d0c3f4cd858017242fe64
Variable interpolation needs <%= not just <%. :)
Also, while I was in there, I replaced default with "oneiric",
because I don't actually know that the value is a good default value,
and I removed a couple of comments about moving to MySQL and Apache
modules from upstream.
Change-Id: Iec5b10cee2cbd0e0a2573fefa707d34d2a363cb4
TODO: Add another script that sets the project description. Add the project
description to the config hash.
Change-Id: If4584b2a1e55e6eb912e1f557e31de216d49a516
Assumes that every project in gerrit has a corresponding repo in
/var/lib/git that can be replicated to. That's probably a one-time offline
creation, followed by an additional step in the adding a project docs.
Change-Id: If9b987717550d5b251366c1408d949c55e64828a
Set the timeout to 5000 minutes, which, due to a bug in gerrit
really means 5 minutes, which is the documented default value.
Change-Id: I85127cc44ed6f182a0e06083641d2d872f11d8b3
Increase the heap size and dramatically increase the ssh threads.
Add some more recommended parameters (see site manifest for details).
Parameterize tunables in gerrit config file.
Change-Id: Ia6446b29426f56a77425eed93a7f0e448c3cd7b1
