Giuseppe Lavagetto has uploaded a new change for review.
https://gerrit.wikimedia.org/r/167215
Change subject: gerrit: move to module
......................................................................
gerrit: move to module
Change-Id: I7976a20686b1fc5244cbefb8bb04a2ad96e44fca
Signed-off-by: Giuseppe Lavagetto <glavage...@wikimedia.org>
---
D files/misc/robots-txt-disallow
D manifests/gerrit.pp
M manifests/site.pp
R modules/gerrit/files/gerrit
R modules/gerrit/files/its/action.config
R modules/gerrit/files/its/templates/DraftPublished.vm
R modules/gerrit/files/mail/ChangeSubject.vm
A modules/gerrit/files/robots-txt-disallow
R modules/gerrit/files/skin/GerritSite.css
R modules/gerrit/files/skin/GerritSiteHeader.html
R modules/gerrit/files/skin/page-bkg.jpg
R modules/gerrit/files/skin/wikimedia-codereview-logo.png
A modules/gerrit/manifests/crons.pp
A modules/gerrit/manifests/instance.pp
A modules/gerrit/manifests/jetty.pp
A modules/gerrit/manifests/proxy.pp
A modules/gerrit/manifests/replicationdest.pp
R modules/gerrit/templates/gerrit.config.erb
R modules/gerrit/templates/gerrit.wikimedia.org
R modules/gerrit/templates/replication.config.erb
R modules/gerrit/templates/secure.config.erb
21 files changed, 378 insertions(+), 383 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/15/167215/1
diff --git a/files/misc/robots-txt-disallow b/files/misc/robots-txt-disallow
deleted file mode 100644
index 6ba092a..0000000
--- a/files/misc/robots-txt-disallow
+++ /dev/null
@@ -1,6 +0,0 @@
-# THIS FILE IS MANAGED BY PUPPET
-#
-# puppet:///files/misc/robots-txt-disallow
-#
-User-agent: *
-Disallow: /
diff --git a/manifests/gerrit.pp b/manifests/gerrit.pp
deleted file mode 100644
index 58e2ce3..0000000
--- a/manifests/gerrit.pp
+++ /dev/null
@@ -1,376 +0,0 @@
-# manifests/gerrit.pp
-# Manifest to setup a Gerrit instance
-
-class gerrit::instance($apache_ssl = false,
- $slave = false,
- $ssh_port = '29418',
- $db_host = '',
- $db_name = 'reviewdb',
- $host = '',
- $db_user = 'gerrit',
- $ssh_key = '',
- $ssl_cert = 'ssl-cert-snakeoil',
- $ssl_cert_key= 'ssl-cert-snakeoil',
- $replication = '',
- $smtp_host = '') {
-
- include standard,
- ldap::role::config::labs
-
- # Main config
- include passwords::gerrit
- $email_key = $passwords::gerrit::gerrit_email_key
- $sshport = $ssh_port
- $dbhost = $db_host
- $dbname = $db_name
- $dbuser = $db_user
- $dbpass = $passwords::gerrit::gerrit_db_pass
- $bzpass = $passwords::gerrit::gerrit_bz_pass
- $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365')
-
- # Setup LDAP
- include ldap::role::config::labs
- $ldapconfig = $ldap::role::config::labs::ldapconfig
-
- $ldap_hosts = $ldapconfig['servernames']
- $ldap_base_dn = $ldapconfig['basedn']
- $ldap_proxyagent = $ldapconfig['proxyagent']
- $ldap_proxyagent_pass = $ldapconfig['proxypass']
-
- # Configure the base URL
- $url = "https://${host}/r";
-
- class { 'gerrit::proxy':
- ssl_cert => $ssl_cert,
- ssl_cert_key => $ssl_cert_key,
- host => $host
- }
-
- class { 'gerrit::jetty':
- ldap_hosts => $ldap_hosts,
- ldap_base_dn => $ldap_base_dn,
- url => $url,
- dbhost => $dbhost,
- dbname => $dbname,
- dbuser => $dbuser,
- hostname => $host,
- ldap_proxyagent => $ldap_proxyagent,
- ldap_proxyagent_pass => $ldap_proxyagent_pass,
- sshport => $sshport,
- replication => $replication,
- smtp_host => $smtp_host,
- ssh_key => $ssh_key,
- }
-}
-
-class gerrit::jetty ($ldap_hosts,
- $ldap_base_dn,
- $url,
- $dbhost,
- $dbname,
- $dbuser,
- $hostname,
- $sshport,
- $ldap_proxyagent,
- $ldap_proxyagent_pass,
- $replication,
- $smtp_host,
- $ssh_key) {
-
- include gerrit::crons
- include nrpe
-
- package { 'openjdk-7-jre':
- ensure => latest,
- }
-
- package { 'python-paramiko':
- ensure => latest,
- }
-
- package { 'gerrit':
- ensure => present,
- }
-
- # TODO: Make this go away -- need to stop using gerrit2 for hook actions
- ssh_authorized_key { $name:
- ensure => present,
- key => $ssh_key,
- type => 'ssh-rsa',
- user => 'gerrit2',
- require => Package['gerrit'],
- }
-
- file { '/etc/default/gerritcodereview':
- source => 'puppet:///files/gerrit/gerrit',
- owner => 'root',
- group => 'root',
- mode => '0444',
- }
-
- file { '/var/lib/gerrit2/':
- ensure => directory,
- mode => '0755',
- owner => 'gerrit2',
- require => Package['gerrit'],
- }
-
- file { '/var/lib/gerrit2/.ssh':
- ensure => directory,
- mode => '0600',
- owner => 'gerrit2',
- require => File['/var/lib/gerrit2'],
- }
-
- file { '/var/lib/gerrit2/.ssh/id_rsa':
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0600',
- require => File['/var/lib/gerrit2/.ssh'],
- source => 'puppet:///private/gerrit/id_rsa',
- }
-
- file { '/var/lib/gerrit2/review_site':
- ensure => directory,
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0755',
- require => [File['/var/lib/gerrit2'],
- Package['gerrit']],
- }
-
- file { '/var/lib/gerrit2/review_site/etc':
- ensure => directory,
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0755',
- require => File['/var/lib/gerrit2/review_site'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/gerrit.config':
- content => template('gerrit/gerrit.config.erb'),
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- require => File['/var/lib/gerrit2/review_site/etc'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/secure.config':
- content => template('gerrit/secure.config.erb'),
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- require => File['/var/lib/gerrit2/review_site/etc'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/replication.config':
- content => template('gerrit/replication.config.erb'),
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- require => File['/var/lib/gerrit2/review_site/etc'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/mail/ChangeSubject.vm':
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- source => 'puppet:///files/gerrit/mail/ChangeSubject.vm',
- require => Exec['install_gerrit_jetty'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/GerritSite.css':
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- source => 'puppet:///files/gerrit/skin/GerritSite.css',
- }
-
- file { '/var/lib/gerrit2/review_site/etc/GerritSiteHeader.html':
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- source => 'puppet:///files/gerrit/skin/GerritSiteHeader.html',
- }
-
- file { '/var/lib/gerrit2/review_site/etc/its':
- ensure => directory,
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0755',
- require => File['/var/lib/gerrit2/review_site/etc'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/its/action.config':
- source => 'puppet:///files/gerrit/its/action.config',
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0755',
- require => File['/var/lib/gerrit2/review_site/etc/its'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/its/templates':
- ensure => directory,
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0755',
- require => File['/var/lib/gerrit2/review_site/etc/its'],
- }
-
- file { '/var/lib/gerrit2/review_site/etc/its/templates/DraftPublished.vm':
- source => 'puppet:///files/gerrit/its/templates/DraftPublished.vm',
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0755',
- require => File['/var/lib/gerrit2/review_site/etc/its/templates'],
- }
-
- file { '/var/lib/gerrit2/review_site/static/page-bkg.jpg':
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- source => 'puppet:///files/gerrit/skin/page-bkg.jpg',
- }
-
- file { '/var/lib/gerrit2/review_site/static/wikimedia-codereview-logo.png':
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0444',
- source => 'puppet:///files/gerrit/skin/wikimedia-codereview-logo.png',
- }
-
- file { '/var/lib/gerrit2/review_site/hooks':
- ensure => directory,
- owner => 'gerrit2',
- group => 'gerrit2',
- mode => '0755',
- require => Exec['install_gerrit_jetty'],
- }
-
- git::clone { 'operations/gerrit/plugins':
- directory => '/var/lib/gerrit2/review_site/plugins',
- branch => 'master',
- origin =>
'https://gerrit.wikimedia.org/r/p/operations/gerrit/plugins.git',
- owner => 'gerrit2',
- group => 'gerrit2',
- require => File['/var/lib/gerrit2/review_site'],
- }
-
- exec { 'install_gerrit_jetty':
- creates => '/var/lib/gerrit2/review_site/bin',
- user => 'gerrit2',
- group => 'gerrit2',
- cwd => '/var/lib/gerrit2',
- command => '/usr/bin/java -jar gerrit.war init -d review_site --batch
--no-auto-start',
- require => [Package['gerrit'],
- File['/var/lib/gerrit2/review_site/etc/gerrit.config'],
- File['/var/lib/gerrit2/review_site/etc/secure.config']
- ],
- }
-
- service { 'gerrit':
- ensure => running,
- subscribe => [File['/var/lib/gerrit2/review_site/etc/gerrit.config'],
- File['/var/lib/gerrit2/review_site/etc/secure.config']],
- enable => true,
- hasstatus => false,
- status => '/etc/init.d/gerrit check',
- require => Exec['install_gerrit_jetty'],
- }
-
- nrpe::monitor_service { 'gerrit':
- description => 'gerrit process',
- nrpe_command => "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1
--ereg-argument-array '^GerritCodeReview .*-jar
/var/lib/gerrit2/review_site/bin/gerrit.war'"
- }
-}
-
-class gerrit::proxy($host = '',
- $ssl_cert = '',
- $ssl_cert_key= '') {
-
- apache::site { 'gerrit.wikimedia.org':
- content => template('apache/sites/gerrit.wikimedia.org.erb'),
- }
-
-# We don't use gitweb anymore, so we're going to allow spiders again
-# If it becomes a problem, just set ensure => present again
- file { '/var/www/robots.txt':
- ensure => absent,
- mode => '0444',
- owner => 'root',
- group => 'root',
- source => 'puppet:///files/misc/robots-txt-disallow',
- }
-
- include ::apache::mod::rewrite
-
- include ::apache::mod::proxy
-
- include ::apache::mod::proxy_http
-
- include ::apache::mod::ssl
-
- include ::apache::mod::headers
-}
-
-class gerrit::crons {
-
- cron { 'list_mediawiki_extensions':
- # Gerrit is missing a public list of projects.
- # This hack list MediaWiki extensions repositories
- command => "/bin/ls -1d
/var/lib/gerrit2/review_site/git/mediawiki/extensions/*.git | sed 's#.*/##' |
sed 's/\\.git//' > /var/www/mediawiki-extensions.txt",
- user => 'root',
- minute => [0, 15, 30, 45],
- }
-
- cron { 'list_reviewer_counts':
- # This is useful information about the distribution of reviewers.
- # Gerrit's rest api doesn't provide an easy way to get this data.
- command => "ssh -p 29418 localhost gerrit gsql --format JSON_SINGLE -c
\"'SELECT changes.change_id AS change_id, COUNT(DISTINCT
patch_set_approvals.account_id) AS reviewer_count FROM changes LEFT JOIN
patch_set_approvals ON (changes.change_id = patch_set_approvals.change_id)
GROUP BY changes.change_id'\" > /var/www/reviewer-counts.json",
- user => 'gerrit2',
- hour => 1,
- }
-
- cron { 'clear_gerrit_logs':
- # Gerrit rotates their own logs, but doesn't clean them out
- # Delete logs older than a week
- command => "find /var/lib/gerrit2/review_site/logs/*.gz -mtime +7
-exec rm {} \\;",
- user => 'root',
- hour => 1
- }
-
- cron { 'jgit_gc':
- # Keep repo sizes sane, so people can be productive
- command => 'ssh -p 29418 localhost gerrit gc --all > /dev/null 2>&1',
- user => 'gerrit2',
- hour => 2,
- weekday => 6
- }
-}
-
-# Setup the `gerritslave` account on any host that wants to receive
-# replication. See role::gerrit::production::replicationdest
-class gerrit::replicationdest( $sshkey, $extra_groups = [], $slaveuser =
'gerritslave' ) {
-
- group { $slaveuser:
- ensure => present,
- name => $slaveuser,
- system => true,
- }
-
- user { $slaveuser:
- name => $slaveuser,
- groups => $extra_groups,
- shell => '/bin/bash',
- managehome => true,
- system => true,
- }
-
- ssh_authorized_key { $slaveuser:
- ensure => present,
- key => $sshkey,
- type => 'ssh-rsa',
- user => $slaveuser,
- require => User[$slaveuser],
- }
-}
diff --git a/manifests/site.pp b/manifests/site.pp
index 3a1436b..112a82c 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -7,7 +7,6 @@
import 'dns.pp'
import 'facilities.pp'
import 'ganglia.pp'
-import 'gerrit.pp'
import 'iptables.pp'
import 'mail.pp'
import 'misc/*.pp'
diff --git a/files/gerrit/gerrit b/modules/gerrit/files/gerrit
similarity index 100%
rename from files/gerrit/gerrit
rename to modules/gerrit/files/gerrit
diff --git a/files/gerrit/its/action.config
b/modules/gerrit/files/its/action.config
similarity index 100%
rename from files/gerrit/its/action.config
rename to modules/gerrit/files/its/action.config
diff --git a/files/gerrit/its/templates/DraftPublished.vm
b/modules/gerrit/files/its/templates/DraftPublished.vm
similarity index 100%
rename from files/gerrit/its/templates/DraftPublished.vm
rename to modules/gerrit/files/its/templates/DraftPublished.vm
diff --git a/files/gerrit/mail/ChangeSubject.vm
b/modules/gerrit/files/mail/ChangeSubject.vm
similarity index 100%
rename from files/gerrit/mail/ChangeSubject.vm
rename to modules/gerrit/files/mail/ChangeSubject.vm
diff --git a/modules/gerrit/files/robots-txt-disallow
b/modules/gerrit/files/robots-txt-disallow
new file mode 100644
index 0000000..94cb4c9
--- /dev/null
+++ b/modules/gerrit/files/robots-txt-disallow
@@ -0,0 +1,6 @@
+# THIS FILE IS MANAGED BY PUPPET
+#
+# puppet:///modules/gerrit/robots-txt-disallow
+#
+User-agent: *
+Disallow: /
diff --git a/files/gerrit/skin/GerritSite.css
b/modules/gerrit/files/skin/GerritSite.css
similarity index 100%
rename from files/gerrit/skin/GerritSite.css
rename to modules/gerrit/files/skin/GerritSite.css
diff --git a/files/gerrit/skin/GerritSiteHeader.html
b/modules/gerrit/files/skin/GerritSiteHeader.html
similarity index 100%
rename from files/gerrit/skin/GerritSiteHeader.html
rename to modules/gerrit/files/skin/GerritSiteHeader.html
diff --git a/files/gerrit/skin/page-bkg.jpg
b/modules/gerrit/files/skin/page-bkg.jpg
similarity index 100%
rename from files/gerrit/skin/page-bkg.jpg
rename to modules/gerrit/files/skin/page-bkg.jpg
Binary files differ
diff --git a/files/gerrit/skin/wikimedia-codereview-logo.png
b/modules/gerrit/files/skin/wikimedia-codereview-logo.png
similarity index 100%
rename from files/gerrit/skin/wikimedia-codereview-logo.png
rename to modules/gerrit/files/skin/wikimedia-codereview-logo.png
Binary files differ
diff --git a/modules/gerrit/manifests/crons.pp
b/modules/gerrit/manifests/crons.pp
new file mode 100644
index 0000000..76f075e
--- /dev/null
+++ b/modules/gerrit/manifests/crons.pp
@@ -0,0 +1,34 @@
+class gerrit::crons {
+
+ cron { 'list_mediawiki_extensions':
+ # Gerrit is missing a public list of projects.
+ # This hack list MediaWiki extensions repositories
+ command => "/bin/ls -1d
/var/lib/gerrit2/review_site/git/mediawiki/extensions/*.git | sed 's#.*/##' |
sed 's/\\.git//' > /var/www/mediawiki-extensions.txt",
+ user => 'root',
+ minute => [0, 15, 30, 45],
+ }
+
+ cron { 'list_reviewer_counts':
+ # This is useful information about the distribution of reviewers.
+ # Gerrit's rest api doesn't provide an easy way to get this data.
+ command => "ssh -p 29418 localhost gerrit gsql --format JSON_SINGLE -c
\"'SELECT changes.change_id AS change_id, COUNT(DISTINCT
patch_set_approvals.account_id) AS reviewer_count FROM changes LEFT JOIN
patch_set_approvals ON (changes.change_id = patch_set_approvals.change_id)
GROUP BY changes.change_id'\" > /var/www/reviewer-counts.json",
+ user => 'gerrit2',
+ hour => 1,
+ }
+
+ cron { 'clear_gerrit_logs':
+ # Gerrit rotates their own logs, but doesn't clean them out
+ # Delete logs older than a week
+ command => "find /var/lib/gerrit2/review_site/logs/*.gz -mtime +7
-exec rm {} \\;",
+ user => 'root',
+ hour => 1
+ }
+
+ cron { 'jgit_gc':
+ # Keep repo sizes sane, so people can be productive
+ command => 'ssh -p 29418 localhost gerrit gc --all > /dev/null 2>&1',
+ user => 'gerrit2',
+ hour => 2,
+ weekday => 6
+ }
+}
diff --git a/modules/gerrit/manifests/instance.pp
b/modules/gerrit/manifests/instance.pp
new file mode 100644
index 0000000..a67a9ad
--- /dev/null
+++ b/modules/gerrit/manifests/instance.pp
@@ -0,0 +1,62 @@
+# Manifest to setup a Gerrit instance
+
+class gerrit::instance($apache_ssl = false,
+ $slave = false,
+ $ssh_port = '29418',
+ $db_host = '',
+ $db_name = 'reviewdb',
+ $host = '',
+ $db_user = 'gerrit',
+ $ssh_key = '',
+ $ssl_cert = 'ssl-cert-snakeoil',
+ $ssl_cert_key= 'ssl-cert-snakeoil',
+ $replication = '',
+ $smtp_host = '') {
+
+ include standard,
+ ldap::role::config::labs
+
+ # Main config
+ include passwords::gerrit
+ $email_key = $passwords::gerrit::gerrit_email_key
+ $sshport = $ssh_port
+ $dbhost = $db_host
+ $dbname = $db_name
+ $dbuser = $db_user
+ $dbpass = $passwords::gerrit::gerrit_db_pass
+ $bzpass = $passwords::gerrit::gerrit_bz_pass
+
+ # Setup LDAP
+ include ldap::role::config::labs
+ $ldapconfig = $ldap::role::config::labs::ldapconfig
+
+ $ldap_hosts = $ldapconfig['servernames']
+ $ldap_base_dn = $ldapconfig['basedn']
+ $ldap_proxyagent = $ldapconfig['proxyagent']
+ $ldap_proxyagent_pass = $ldapconfig['proxypass']
+
+ # Configure the base URL
+ $url = "https://${host}/r";
+
+ class { 'gerrit::proxy':
+ ssl_cert => $ssl_cert,
+ ssl_cert_key => $ssl_cert_key,
+ host => $host
+ }
+
+ class { 'gerrit::jetty':
+ ldap_hosts => $ldap_hosts,
+ ldap_base_dn => $ldap_base_dn,
+ url => $url,
+ dbhost => $dbhost,
+ dbname => $dbname,
+ dbuser => $dbuser,
+ hostname => $host,
+ ldap_proxyagent => $ldap_proxyagent,
+ ldap_proxyagent_pass => $ldap_proxyagent_pass,
+ sshport => $sshport,
+ replication => $replication,
+ smtp_host => $smtp_host,
+ ssh_key => $ssh_key,
+ }
+}
diff --git a/modules/gerrit/manifests/jetty.pp
b/modules/gerrit/manifests/jetty.pp
new file mode 100644
index 0000000..9ddfbae
--- /dev/null
+++ b/modules/gerrit/manifests/jetty.pp
@@ -0,0 +1,220 @@
+class gerrit::jetty ($ldap_hosts,
+ $ldap_base_dn,
+ $url,
+ $dbhost,
+ $dbname,
+ $dbuser,
+ $hostname,
+ $sshport,
+ $ldap_proxyagent,
+ $ldap_proxyagent_pass,
+ $replication,
+ $smtp_host,
+ $ssh_key) {
+
+ include gerrit::crons
+ include nrpe
+
+ package { 'openjdk-7-jre':
+ ensure => latest,
+ }
+
+ package { 'python-paramiko':
+ ensure => latest,
+ }
+
+ package { 'gerrit':
+ ensure => present,
+ }
+
+ # TODO: Make this go away -- need to stop using gerrit2 for hook actions
+ ssh_authorized_key { $name:
+ ensure => present,
+ key => $ssh_key,
+ type => 'ssh-rsa',
+ user => 'gerrit2',
+ require => Package['gerrit'],
+ }
+
+ file { '/etc/default/gerritcodereview':
+ source => 'puppet:///modules/gerrit/gerrit',
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ }
+
+ file { '/var/lib/gerrit2/':
+ ensure => directory,
+ mode => '0755',
+ owner => 'gerrit2',
+ require => Package['gerrit'],
+ }
+
+ file { '/var/lib/gerrit2/.ssh':
+ ensure => directory,
+ mode => '0600',
+ owner => 'gerrit2',
+ require => File['/var/lib/gerrit2'],
+ }
+
+ file { '/var/lib/gerrit2/.ssh/id_rsa':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0600',
+ require => File['/var/lib/gerrit2/.ssh'],
+ source => 'puppet:///private/gerrit/id_rsa',
+ }
+
+ file { '/var/lib/gerrit2/review_site':
+ ensure => directory,
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0755',
+ require => [File['/var/lib/gerrit2'],
+ Package['gerrit']],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc':
+ ensure => directory,
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0755',
+ require => File['/var/lib/gerrit2/review_site'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/gerrit.config':
+ content => template('gerrit/gerrit.config.erb'),
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ require => File['/var/lib/gerrit2/review_site/etc'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/secure.config':
+ content => template('gerrit/secure.config.erb'),
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ require => File['/var/lib/gerrit2/review_site/etc'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/replication.config':
+ content => template('gerrit/replication.config.erb'),
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ require => File['/var/lib/gerrit2/review_site/etc'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/mail/ChangeSubject.vm':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ source => 'puppet:///modules/gerrit/mail/ChangeSubject.vm',
+ require => Exec['install_gerrit_jetty'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/GerritSite.css':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ source => 'puppet:///modules/gerrit/skin/GerritSite.css',
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/GerritSiteHeader.html':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ source => 'puppet:///modules/gerrit/skin/GerritSiteHeader.html',
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/its':
+ ensure => directory,
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0755',
+ require => File['/var/lib/gerrit2/review_site/etc'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/its/action.config':
+ source => 'puppet:///modules/gerrit/its/action.config',
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0755',
+ require => File['/var/lib/gerrit2/review_site/etc/its'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/its/templates':
+ ensure => directory,
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0755',
+ require => File['/var/lib/gerrit2/review_site/etc/its'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/etc/its/templates/DraftPublished.vm':
+ source => 'puppet:///modules/gerrit/its/templates/DraftPublished.vm',
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0755',
+ require => File['/var/lib/gerrit2/review_site/etc/its/templates'],
+ }
+
+ file { '/var/lib/gerrit2/review_site/static/page-bkg.jpg':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ source => 'puppet:///modules/gerrit/skin/page-bkg.jpg',
+ }
+
+ file { '/var/lib/gerrit2/review_site/static/wikimedia-codereview-logo.png':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0444',
+ source =>
'puppet:///modules/gerrit/skin/wikimedia-codereview-logo.png',
+ }
+
+ file { '/var/lib/gerrit2/review_site/hooks':
+ ensure => directory,
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0755',
+ require => Exec['install_gerrit_jetty'],
+ }
+
+ git::clone { 'operations/gerrit/plugins':
+ directory => '/var/lib/gerrit2/review_site/plugins',
+ branch => 'master',
+ origin =>
'https://gerrit.wikimedia.org/r/p/operations/gerrit/plugins.git',
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ require => File['/var/lib/gerrit2/review_site'],
+ }
+
+ exec { 'install_gerrit_jetty':
+ creates => '/var/lib/gerrit2/review_site/bin',
+ user => 'gerrit2',
+ group => 'gerrit2',
+ cwd => '/var/lib/gerrit2',
+ command => '/usr/bin/java -jar gerrit.war init -d review_site --batch
--no-auto-start',
+ require => [Package['gerrit'],
+ File['/var/lib/gerrit2/review_site/etc/gerrit.config'],
+ File['/var/lib/gerrit2/review_site/etc/secure.config']
+ ],
+ }
+
+ service { 'gerrit':
+ ensure => running,
+ subscribe => [File['/var/lib/gerrit2/review_site/etc/gerrit.config'],
+ File['/var/lib/gerrit2/review_site/etc/secure.config']],
+ enable => true,
+ hasstatus => false,
+ status => '/etc/init.d/gerrit check',
+ require => Exec['install_gerrit_jetty'],
+ }
+
+ nrpe::monitor_service { 'gerrit':
+ description => 'gerrit process',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1
--ereg-argument-array '^GerritCodeReview .*-jar
/var/lib/gerrit2/review_site/bin/gerrit.war'"
+ }
+}
diff --git a/modules/gerrit/manifests/proxy.pp
b/modules/gerrit/manifests/proxy.pp
new file mode 100644
index 0000000..79930bd
--- /dev/null
+++ b/modules/gerrit/manifests/proxy.pp
@@ -0,0 +1,30 @@
+class gerrit::proxy($host = '',
+$ssl_cert = '',
+$ssl_cert_key= '') {
+
+ $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365')
+
+ apache::site { 'gerrit.wikimedia.org':
+ content => template('gerrit/gerrit.wikimedia.org.erb'),
+ }
+
+ # We don't use gitweb anymore, so we're going to allow spiders again
+ # If it becomes a problem, just set ensure => present again
+ file { '/var/www/robots.txt':
+ ensure => absent,
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ source => 'puppet:///modules/gerrit/robots-txt-disallow',
+ }
+
+ include ::apache::mod::rewrite
+
+ include ::apache::mod::proxy
+
+ include ::apache::mod::proxy_http
+
+ include ::apache::mod::ssl
+
+ include ::apache::mod::headers
+}
diff --git a/modules/gerrit/manifests/replicationdest.pp
b/modules/gerrit/manifests/replicationdest.pp
new file mode 100644
index 0000000..69764fd
--- /dev/null
+++ b/modules/gerrit/manifests/replicationdest.pp
@@ -0,0 +1,26 @@
+# Setup the `gerritslave` account on any host that wants to receive
+# replication. See role::gerrit::production::replicationdest
+class gerrit::replicationdest( $sshkey, $extra_groups = [], $slaveuser =
'gerritslave' ) {
+
+ group { $slaveuser:
+ ensure => present,
+ name => $slaveuser,
+ system => true,
+ }
+
+ user { $slaveuser:
+ name => $slaveuser,
+ groups => $extra_groups,
+ shell => '/bin/bash',
+ managehome => true,
+ system => true,
+ }
+
+ ssh_authorized_key { $slaveuser:
+ ensure => present,
+ key => $sshkey,
+ type => 'ssh-rsa',
+ user => $slaveuser,
+ require => User[$slaveuser],
+ }
+}
diff --git a/templates/gerrit/gerrit.config.erb
b/modules/gerrit/templates/gerrit.config.erb
similarity index 100%
rename from templates/gerrit/gerrit.config.erb
rename to modules/gerrit/templates/gerrit.config.erb
diff --git a/templates/apache/sites/gerrit.wikimedia.org.erb
b/modules/gerrit/templates/gerrit.wikimedia.org
similarity index 100%
rename from templates/apache/sites/gerrit.wikimedia.org.erb
rename to modules/gerrit/templates/gerrit.wikimedia.org
diff --git a/templates/gerrit/replication.config.erb
b/modules/gerrit/templates/replication.config.erb
similarity index 100%
rename from templates/gerrit/replication.config.erb
rename to modules/gerrit/templates/replication.config.erb
diff --git a/templates/gerrit/secure.config.erb
b/modules/gerrit/templates/secure.config.erb
similarity index 100%
rename from templates/gerrit/secure.config.erb
rename to modules/gerrit/templates/secure.config.erb
--
To view, visit https://gerrit.wikimedia.org/r/167215
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7976a20686b1fc5244cbefb8bb04a2ad96e44fca
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
