Giuseppe Lavagetto has uploaded a new change for review. https://gerrit.wikimedia.org/r/167215
Change subject: gerrit: move to module ...................................................................... gerrit: move to module Change-Id: I7976a20686b1fc5244cbefb8bb04a2ad96e44fca Signed-off-by: Giuseppe Lavagetto <glavage...@wikimedia.org> --- D files/misc/robots-txt-disallow D manifests/gerrit.pp M manifests/site.pp R modules/gerrit/files/gerrit R modules/gerrit/files/its/action.config R modules/gerrit/files/its/templates/DraftPublished.vm R modules/gerrit/files/mail/ChangeSubject.vm A modules/gerrit/files/robots-txt-disallow R modules/gerrit/files/skin/GerritSite.css R modules/gerrit/files/skin/GerritSiteHeader.html R modules/gerrit/files/skin/page-bkg.jpg R modules/gerrit/files/skin/wikimedia-codereview-logo.png A modules/gerrit/manifests/crons.pp A modules/gerrit/manifests/instance.pp A modules/gerrit/manifests/jetty.pp A modules/gerrit/manifests/proxy.pp A modules/gerrit/manifests/replicationdest.pp R modules/gerrit/templates/gerrit.config.erb R modules/gerrit/templates/gerrit.wikimedia.org R modules/gerrit/templates/replication.config.erb R modules/gerrit/templates/secure.config.erb 21 files changed, 378 insertions(+), 383 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/15/167215/1 diff --git a/files/misc/robots-txt-disallow b/files/misc/robots-txt-disallow deleted file mode 100644 index 6ba092a..0000000 --- a/files/misc/robots-txt-disallow +++ /dev/null @@ -1,6 +0,0 @@ -# THIS FILE IS MANAGED BY PUPPET -# -# puppet:///files/misc/robots-txt-disallow -# -User-agent: * -Disallow: / diff --git a/manifests/gerrit.pp b/manifests/gerrit.pp deleted file mode 100644 index 58e2ce3..0000000 --- a/manifests/gerrit.pp +++ /dev/null @@ -1,376 +0,0 @@ -# manifests/gerrit.pp -# Manifest to setup a Gerrit instance - -class gerrit::instance($apache_ssl = false, - $slave = false, - $ssh_port = '29418', - $db_host = '', - $db_name = 'reviewdb', - $host = '', - $db_user = 'gerrit', - $ssh_key = '', - $ssl_cert = 'ssl-cert-snakeoil', - $ssl_cert_key= 'ssl-cert-snakeoil', - $replication = '', - $smtp_host = '') { - - include standard, - ldap::role::config::labs - - # Main config - include passwords::gerrit - $email_key = $passwords::gerrit::gerrit_email_key - $sshport = $ssh_port - $dbhost = $db_host - $dbname = $db_name - $dbuser = $db_user - $dbpass = $passwords::gerrit::gerrit_db_pass - $bzpass = $passwords::gerrit::gerrit_bz_pass - $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365') - - # Setup LDAP - include ldap::role::config::labs - $ldapconfig = $ldap::role::config::labs::ldapconfig - - $ldap_hosts = $ldapconfig['servernames'] - $ldap_base_dn = $ldapconfig['basedn'] - $ldap_proxyagent = $ldapconfig['proxyagent'] - $ldap_proxyagent_pass = $ldapconfig['proxypass'] - - # Configure the base URL - $url = "https://${host}/r" - - class { 'gerrit::proxy': - ssl_cert => $ssl_cert, - ssl_cert_key => $ssl_cert_key, - host => $host - } - - class { 'gerrit::jetty': - ldap_hosts => $ldap_hosts, - ldap_base_dn => $ldap_base_dn, - url => $url, - dbhost => $dbhost, - dbname => $dbname, - dbuser => $dbuser, - hostname => $host, - ldap_proxyagent => $ldap_proxyagent, - ldap_proxyagent_pass => $ldap_proxyagent_pass, - sshport => $sshport, - replication => $replication, - smtp_host => $smtp_host, - ssh_key => $ssh_key, - } -} - -class gerrit::jetty ($ldap_hosts, - $ldap_base_dn, - $url, - $dbhost, - $dbname, - $dbuser, - $hostname, - $sshport, - $ldap_proxyagent, - $ldap_proxyagent_pass, - $replication, - $smtp_host, - $ssh_key) { - - include gerrit::crons - include nrpe - - package { 'openjdk-7-jre': - ensure => latest, - } - - package { 'python-paramiko': - ensure => latest, - } - - package { 'gerrit': - ensure => present, - } - - # TODO: Make this go away -- need to stop using gerrit2 for hook actions - ssh_authorized_key { $name: - ensure => present, - key => $ssh_key, - type => 'ssh-rsa', - user => 'gerrit2', - require => Package['gerrit'], - } - - file { '/etc/default/gerritcodereview': - source => 'puppet:///files/gerrit/gerrit', - owner => 'root', - group => 'root', - mode => '0444', - } - - file { '/var/lib/gerrit2/': - ensure => directory, - mode => '0755', - owner => 'gerrit2', - require => Package['gerrit'], - } - - file { '/var/lib/gerrit2/.ssh': - ensure => directory, - mode => '0600', - owner => 'gerrit2', - require => File['/var/lib/gerrit2'], - } - - file { '/var/lib/gerrit2/.ssh/id_rsa': - owner => 'gerrit2', - group => 'gerrit2', - mode => '0600', - require => File['/var/lib/gerrit2/.ssh'], - source => 'puppet:///private/gerrit/id_rsa', - } - - file { '/var/lib/gerrit2/review_site': - ensure => directory, - owner => 'gerrit2', - group => 'gerrit2', - mode => '0755', - require => [File['/var/lib/gerrit2'], - Package['gerrit']], - } - - file { '/var/lib/gerrit2/review_site/etc': - ensure => directory, - owner => 'gerrit2', - group => 'gerrit2', - mode => '0755', - require => File['/var/lib/gerrit2/review_site'], - } - - file { '/var/lib/gerrit2/review_site/etc/gerrit.config': - content => template('gerrit/gerrit.config.erb'), - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - require => File['/var/lib/gerrit2/review_site/etc'], - } - - file { '/var/lib/gerrit2/review_site/etc/secure.config': - content => template('gerrit/secure.config.erb'), - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - require => File['/var/lib/gerrit2/review_site/etc'], - } - - file { '/var/lib/gerrit2/review_site/etc/replication.config': - content => template('gerrit/replication.config.erb'), - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - require => File['/var/lib/gerrit2/review_site/etc'], - } - - file { '/var/lib/gerrit2/review_site/etc/mail/ChangeSubject.vm': - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - source => 'puppet:///files/gerrit/mail/ChangeSubject.vm', - require => Exec['install_gerrit_jetty'], - } - - file { '/var/lib/gerrit2/review_site/etc/GerritSite.css': - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - source => 'puppet:///files/gerrit/skin/GerritSite.css', - } - - file { '/var/lib/gerrit2/review_site/etc/GerritSiteHeader.html': - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - source => 'puppet:///files/gerrit/skin/GerritSiteHeader.html', - } - - file { '/var/lib/gerrit2/review_site/etc/its': - ensure => directory, - owner => 'gerrit2', - group => 'gerrit2', - mode => '0755', - require => File['/var/lib/gerrit2/review_site/etc'], - } - - file { '/var/lib/gerrit2/review_site/etc/its/action.config': - source => 'puppet:///files/gerrit/its/action.config', - owner => 'gerrit2', - group => 'gerrit2', - mode => '0755', - require => File['/var/lib/gerrit2/review_site/etc/its'], - } - - file { '/var/lib/gerrit2/review_site/etc/its/templates': - ensure => directory, - owner => 'gerrit2', - group => 'gerrit2', - mode => '0755', - require => File['/var/lib/gerrit2/review_site/etc/its'], - } - - file { '/var/lib/gerrit2/review_site/etc/its/templates/DraftPublished.vm': - source => 'puppet:///files/gerrit/its/templates/DraftPublished.vm', - owner => 'gerrit2', - group => 'gerrit2', - mode => '0755', - require => File['/var/lib/gerrit2/review_site/etc/its/templates'], - } - - file { '/var/lib/gerrit2/review_site/static/page-bkg.jpg': - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - source => 'puppet:///files/gerrit/skin/page-bkg.jpg', - } - - file { '/var/lib/gerrit2/review_site/static/wikimedia-codereview-logo.png': - owner => 'gerrit2', - group => 'gerrit2', - mode => '0444', - source => 'puppet:///files/gerrit/skin/wikimedia-codereview-logo.png', - } - - file { '/var/lib/gerrit2/review_site/hooks': - ensure => directory, - owner => 'gerrit2', - group => 'gerrit2', - mode => '0755', - require => Exec['install_gerrit_jetty'], - } - - git::clone { 'operations/gerrit/plugins': - directory => '/var/lib/gerrit2/review_site/plugins', - branch => 'master', - origin => 'https://gerrit.wikimedia.org/r/p/operations/gerrit/plugins.git', - owner => 'gerrit2', - group => 'gerrit2', - require => File['/var/lib/gerrit2/review_site'], - } - - exec { 'install_gerrit_jetty': - creates => '/var/lib/gerrit2/review_site/bin', - user => 'gerrit2', - group => 'gerrit2', - cwd => '/var/lib/gerrit2', - command => '/usr/bin/java -jar gerrit.war init -d review_site --batch --no-auto-start', - require => [Package['gerrit'], - File['/var/lib/gerrit2/review_site/etc/gerrit.config'], - File['/var/lib/gerrit2/review_site/etc/secure.config'] - ], - } - - service { 'gerrit': - ensure => running, - subscribe => [File['/var/lib/gerrit2/review_site/etc/gerrit.config'], - File['/var/lib/gerrit2/review_site/etc/secure.config']], - enable => true, - hasstatus => false, - status => '/etc/init.d/gerrit check', - require => Exec['install_gerrit_jetty'], - } - - nrpe::monitor_service { 'gerrit': - description => 'gerrit process', - nrpe_command => "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 --ereg-argument-array '^GerritCodeReview .*-jar /var/lib/gerrit2/review_site/bin/gerrit.war'" - } -} - -class gerrit::proxy($host = '', - $ssl_cert = '', - $ssl_cert_key= '') { - - apache::site { 'gerrit.wikimedia.org': - content => template('apache/sites/gerrit.wikimedia.org.erb'), - } - -# We don't use gitweb anymore, so we're going to allow spiders again -# If it becomes a problem, just set ensure => present again - file { '/var/www/robots.txt': - ensure => absent, - mode => '0444', - owner => 'root', - group => 'root', - source => 'puppet:///files/misc/robots-txt-disallow', - } - - include ::apache::mod::rewrite - - include ::apache::mod::proxy - - include ::apache::mod::proxy_http - - include ::apache::mod::ssl - - include ::apache::mod::headers -} - -class gerrit::crons { - - cron { 'list_mediawiki_extensions': - # Gerrit is missing a public list of projects. - # This hack list MediaWiki extensions repositories - command => "/bin/ls -1d /var/lib/gerrit2/review_site/git/mediawiki/extensions/*.git | sed 's#.*/##' | sed 's/\\.git//' > /var/www/mediawiki-extensions.txt", - user => 'root', - minute => [0, 15, 30, 45], - } - - cron { 'list_reviewer_counts': - # This is useful information about the distribution of reviewers. - # Gerrit's rest api doesn't provide an easy way to get this data. - command => "ssh -p 29418 localhost gerrit gsql --format JSON_SINGLE -c \"'SELECT changes.change_id AS change_id, COUNT(DISTINCT patch_set_approvals.account_id) AS reviewer_count FROM changes LEFT JOIN patch_set_approvals ON (changes.change_id = patch_set_approvals.change_id) GROUP BY changes.change_id'\" > /var/www/reviewer-counts.json", - user => 'gerrit2', - hour => 1, - } - - cron { 'clear_gerrit_logs': - # Gerrit rotates their own logs, but doesn't clean them out - # Delete logs older than a week - command => "find /var/lib/gerrit2/review_site/logs/*.gz -mtime +7 -exec rm {} \\;", - user => 'root', - hour => 1 - } - - cron { 'jgit_gc': - # Keep repo sizes sane, so people can be productive - command => 'ssh -p 29418 localhost gerrit gc --all > /dev/null 2>&1', - user => 'gerrit2', - hour => 2, - weekday => 6 - } -} - -# Setup the `gerritslave` account on any host that wants to receive -# replication. See role::gerrit::production::replicationdest -class gerrit::replicationdest( $sshkey, $extra_groups = [], $slaveuser = 'gerritslave' ) { - - group { $slaveuser: - ensure => present, - name => $slaveuser, - system => true, - } - - user { $slaveuser: - name => $slaveuser, - groups => $extra_groups, - shell => '/bin/bash', - managehome => true, - system => true, - } - - ssh_authorized_key { $slaveuser: - ensure => present, - key => $sshkey, - type => 'ssh-rsa', - user => $slaveuser, - require => User[$slaveuser], - } -} diff --git a/manifests/site.pp b/manifests/site.pp index 3a1436b..112a82c 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -7,7 +7,6 @@ import 'dns.pp' import 'facilities.pp' import 'ganglia.pp' -import 'gerrit.pp' import 'iptables.pp' import 'mail.pp' import 'misc/*.pp' diff --git a/files/gerrit/gerrit b/modules/gerrit/files/gerrit similarity index 100% rename from files/gerrit/gerrit rename to modules/gerrit/files/gerrit diff --git a/files/gerrit/its/action.config b/modules/gerrit/files/its/action.config similarity index 100% rename from files/gerrit/its/action.config rename to modules/gerrit/files/its/action.config diff --git a/files/gerrit/its/templates/DraftPublished.vm b/modules/gerrit/files/its/templates/DraftPublished.vm similarity index 100% rename from files/gerrit/its/templates/DraftPublished.vm rename to modules/gerrit/files/its/templates/DraftPublished.vm diff --git a/files/gerrit/mail/ChangeSubject.vm b/modules/gerrit/files/mail/ChangeSubject.vm similarity index 100% rename from files/gerrit/mail/ChangeSubject.vm rename to modules/gerrit/files/mail/ChangeSubject.vm diff --git a/modules/gerrit/files/robots-txt-disallow b/modules/gerrit/files/robots-txt-disallow new file mode 100644 index 0000000..94cb4c9 --- /dev/null +++ b/modules/gerrit/files/robots-txt-disallow @@ -0,0 +1,6 @@ +# THIS FILE IS MANAGED BY PUPPET +# +# puppet:///modules/gerrit/robots-txt-disallow +# +User-agent: * +Disallow: / diff --git a/files/gerrit/skin/GerritSite.css b/modules/gerrit/files/skin/GerritSite.css similarity index 100% rename from files/gerrit/skin/GerritSite.css rename to modules/gerrit/files/skin/GerritSite.css diff --git a/files/gerrit/skin/GerritSiteHeader.html b/modules/gerrit/files/skin/GerritSiteHeader.html similarity index 100% rename from files/gerrit/skin/GerritSiteHeader.html rename to modules/gerrit/files/skin/GerritSiteHeader.html diff --git a/files/gerrit/skin/page-bkg.jpg b/modules/gerrit/files/skin/page-bkg.jpg similarity index 100% rename from files/gerrit/skin/page-bkg.jpg rename to modules/gerrit/files/skin/page-bkg.jpg Binary files differ diff --git a/files/gerrit/skin/wikimedia-codereview-logo.png b/modules/gerrit/files/skin/wikimedia-codereview-logo.png similarity index 100% rename from files/gerrit/skin/wikimedia-codereview-logo.png rename to modules/gerrit/files/skin/wikimedia-codereview-logo.png Binary files differ diff --git a/modules/gerrit/manifests/crons.pp b/modules/gerrit/manifests/crons.pp new file mode 100644 index 0000000..76f075e --- /dev/null +++ b/modules/gerrit/manifests/crons.pp @@ -0,0 +1,34 @@ +class gerrit::crons { + + cron { 'list_mediawiki_extensions': + # Gerrit is missing a public list of projects. + # This hack list MediaWiki extensions repositories + command => "/bin/ls -1d /var/lib/gerrit2/review_site/git/mediawiki/extensions/*.git | sed 's#.*/##' | sed 's/\\.git//' > /var/www/mediawiki-extensions.txt", + user => 'root', + minute => [0, 15, 30, 45], + } + + cron { 'list_reviewer_counts': + # This is useful information about the distribution of reviewers. + # Gerrit's rest api doesn't provide an easy way to get this data. + command => "ssh -p 29418 localhost gerrit gsql --format JSON_SINGLE -c \"'SELECT changes.change_id AS change_id, COUNT(DISTINCT patch_set_approvals.account_id) AS reviewer_count FROM changes LEFT JOIN patch_set_approvals ON (changes.change_id = patch_set_approvals.change_id) GROUP BY changes.change_id'\" > /var/www/reviewer-counts.json", + user => 'gerrit2', + hour => 1, + } + + cron { 'clear_gerrit_logs': + # Gerrit rotates their own logs, but doesn't clean them out + # Delete logs older than a week + command => "find /var/lib/gerrit2/review_site/logs/*.gz -mtime +7 -exec rm {} \\;", + user => 'root', + hour => 1 + } + + cron { 'jgit_gc': + # Keep repo sizes sane, so people can be productive + command => 'ssh -p 29418 localhost gerrit gc --all > /dev/null 2>&1', + user => 'gerrit2', + hour => 2, + weekday => 6 + } +} diff --git a/modules/gerrit/manifests/instance.pp b/modules/gerrit/manifests/instance.pp new file mode 100644 index 0000000..a67a9ad --- /dev/null +++ b/modules/gerrit/manifests/instance.pp @@ -0,0 +1,62 @@ +# Manifest to setup a Gerrit instance + +class gerrit::instance($apache_ssl = false, + $slave = false, + $ssh_port = '29418', + $db_host = '', + $db_name = 'reviewdb', + $host = '', + $db_user = 'gerrit', + $ssh_key = '', + $ssl_cert = 'ssl-cert-snakeoil', + $ssl_cert_key= 'ssl-cert-snakeoil', + $replication = '', + $smtp_host = '') { + + include standard, + ldap::role::config::labs + + # Main config + include passwords::gerrit + $email_key = $passwords::gerrit::gerrit_email_key + $sshport = $ssh_port + $dbhost = $db_host + $dbname = $db_name + $dbuser = $db_user + $dbpass = $passwords::gerrit::gerrit_db_pass + $bzpass = $passwords::gerrit::gerrit_bz_pass + + # Setup LDAP + include ldap::role::config::labs + $ldapconfig = $ldap::role::config::labs::ldapconfig + + $ldap_hosts = $ldapconfig['servernames'] + $ldap_base_dn = $ldapconfig['basedn'] + $ldap_proxyagent = $ldapconfig['proxyagent'] + $ldap_proxyagent_pass = $ldapconfig['proxypass'] + + # Configure the base URL + $url = "https://${host}/r" + + class { 'gerrit::proxy': + ssl_cert => $ssl_cert, + ssl_cert_key => $ssl_cert_key, + host => $host + } + + class { 'gerrit::jetty': + ldap_hosts => $ldap_hosts, + ldap_base_dn => $ldap_base_dn, + url => $url, + dbhost => $dbhost, + dbname => $dbname, + dbuser => $dbuser, + hostname => $host, + ldap_proxyagent => $ldap_proxyagent, + ldap_proxyagent_pass => $ldap_proxyagent_pass, + sshport => $sshport, + replication => $replication, + smtp_host => $smtp_host, + ssh_key => $ssh_key, + } +} diff --git a/modules/gerrit/manifests/jetty.pp b/modules/gerrit/manifests/jetty.pp new file mode 100644 index 0000000..9ddfbae --- /dev/null +++ b/modules/gerrit/manifests/jetty.pp @@ -0,0 +1,220 @@ +class gerrit::jetty ($ldap_hosts, + $ldap_base_dn, + $url, + $dbhost, + $dbname, + $dbuser, + $hostname, + $sshport, + $ldap_proxyagent, + $ldap_proxyagent_pass, + $replication, + $smtp_host, + $ssh_key) { + + include gerrit::crons + include nrpe + + package { 'openjdk-7-jre': + ensure => latest, + } + + package { 'python-paramiko': + ensure => latest, + } + + package { 'gerrit': + ensure => present, + } + + # TODO: Make this go away -- need to stop using gerrit2 for hook actions + ssh_authorized_key { $name: + ensure => present, + key => $ssh_key, + type => 'ssh-rsa', + user => 'gerrit2', + require => Package['gerrit'], + } + + file { '/etc/default/gerritcodereview': + source => 'puppet:///modules/gerrit/gerrit', + owner => 'root', + group => 'root', + mode => '0444', + } + + file { '/var/lib/gerrit2/': + ensure => directory, + mode => '0755', + owner => 'gerrit2', + require => Package['gerrit'], + } + + file { '/var/lib/gerrit2/.ssh': + ensure => directory, + mode => '0600', + owner => 'gerrit2', + require => File['/var/lib/gerrit2'], + } + + file { '/var/lib/gerrit2/.ssh/id_rsa': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0600', + require => File['/var/lib/gerrit2/.ssh'], + source => 'puppet:///private/gerrit/id_rsa', + } + + file { '/var/lib/gerrit2/review_site': + ensure => directory, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0755', + require => [File['/var/lib/gerrit2'], + Package['gerrit']], + } + + file { '/var/lib/gerrit2/review_site/etc': + ensure => directory, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0755', + require => File['/var/lib/gerrit2/review_site'], + } + + file { '/var/lib/gerrit2/review_site/etc/gerrit.config': + content => template('gerrit/gerrit.config.erb'), + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + require => File['/var/lib/gerrit2/review_site/etc'], + } + + file { '/var/lib/gerrit2/review_site/etc/secure.config': + content => template('gerrit/secure.config.erb'), + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + require => File['/var/lib/gerrit2/review_site/etc'], + } + + file { '/var/lib/gerrit2/review_site/etc/replication.config': + content => template('gerrit/replication.config.erb'), + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + require => File['/var/lib/gerrit2/review_site/etc'], + } + + file { '/var/lib/gerrit2/review_site/etc/mail/ChangeSubject.vm': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + source => 'puppet:///modules/gerrit/mail/ChangeSubject.vm', + require => Exec['install_gerrit_jetty'], + } + + file { '/var/lib/gerrit2/review_site/etc/GerritSite.css': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + source => 'puppet:///modules/gerrit/skin/GerritSite.css', + } + + file { '/var/lib/gerrit2/review_site/etc/GerritSiteHeader.html': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + source => 'puppet:///modules/gerrit/skin/GerritSiteHeader.html', + } + + file { '/var/lib/gerrit2/review_site/etc/its': + ensure => directory, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0755', + require => File['/var/lib/gerrit2/review_site/etc'], + } + + file { '/var/lib/gerrit2/review_site/etc/its/action.config': + source => 'puppet:///modules/gerrit/its/action.config', + owner => 'gerrit2', + group => 'gerrit2', + mode => '0755', + require => File['/var/lib/gerrit2/review_site/etc/its'], + } + + file { '/var/lib/gerrit2/review_site/etc/its/templates': + ensure => directory, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0755', + require => File['/var/lib/gerrit2/review_site/etc/its'], + } + + file { '/var/lib/gerrit2/review_site/etc/its/templates/DraftPublished.vm': + source => 'puppet:///modules/gerrit/its/templates/DraftPublished.vm', + owner => 'gerrit2', + group => 'gerrit2', + mode => '0755', + require => File['/var/lib/gerrit2/review_site/etc/its/templates'], + } + + file { '/var/lib/gerrit2/review_site/static/page-bkg.jpg': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + source => 'puppet:///modules/gerrit/skin/page-bkg.jpg', + } + + file { '/var/lib/gerrit2/review_site/static/wikimedia-codereview-logo.png': + owner => 'gerrit2', + group => 'gerrit2', + mode => '0444', + source => 'puppet:///modules/gerrit/skin/wikimedia-codereview-logo.png', + } + + file { '/var/lib/gerrit2/review_site/hooks': + ensure => directory, + owner => 'gerrit2', + group => 'gerrit2', + mode => '0755', + require => Exec['install_gerrit_jetty'], + } + + git::clone { 'operations/gerrit/plugins': + directory => '/var/lib/gerrit2/review_site/plugins', + branch => 'master', + origin => 'https://gerrit.wikimedia.org/r/p/operations/gerrit/plugins.git', + owner => 'gerrit2', + group => 'gerrit2', + require => File['/var/lib/gerrit2/review_site'], + } + + exec { 'install_gerrit_jetty': + creates => '/var/lib/gerrit2/review_site/bin', + user => 'gerrit2', + group => 'gerrit2', + cwd => '/var/lib/gerrit2', + command => '/usr/bin/java -jar gerrit.war init -d review_site --batch --no-auto-start', + require => [Package['gerrit'], + File['/var/lib/gerrit2/review_site/etc/gerrit.config'], + File['/var/lib/gerrit2/review_site/etc/secure.config'] + ], + } + + service { 'gerrit': + ensure => running, + subscribe => [File['/var/lib/gerrit2/review_site/etc/gerrit.config'], + File['/var/lib/gerrit2/review_site/etc/secure.config']], + enable => true, + hasstatus => false, + status => '/etc/init.d/gerrit check', + require => Exec['install_gerrit_jetty'], + } + + nrpe::monitor_service { 'gerrit': + description => 'gerrit process', + nrpe_command => "/usr/lib/nagios/plugins/check_procs -w 1:1 -c 1:1 --ereg-argument-array '^GerritCodeReview .*-jar /var/lib/gerrit2/review_site/bin/gerrit.war'" + } +} diff --git a/modules/gerrit/manifests/proxy.pp b/modules/gerrit/manifests/proxy.pp new file mode 100644 index 0000000..79930bd --- /dev/null +++ b/modules/gerrit/manifests/proxy.pp @@ -0,0 +1,30 @@ +class gerrit::proxy($host = '', +$ssl_cert = '', +$ssl_cert_key= '') { + + $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365') + + apache::site { 'gerrit.wikimedia.org': + content => template('gerrit/gerrit.wikimedia.org.erb'), + } + + # We don't use gitweb anymore, so we're going to allow spiders again + # If it becomes a problem, just set ensure => present again + file { '/var/www/robots.txt': + ensure => absent, + mode => '0444', + owner => 'root', + group => 'root', + source => 'puppet:///modules/gerrit/robots-txt-disallow', + } + + include ::apache::mod::rewrite + + include ::apache::mod::proxy + + include ::apache::mod::proxy_http + + include ::apache::mod::ssl + + include ::apache::mod::headers +} diff --git a/modules/gerrit/manifests/replicationdest.pp b/modules/gerrit/manifests/replicationdest.pp new file mode 100644 index 0000000..69764fd --- /dev/null +++ b/modules/gerrit/manifests/replicationdest.pp @@ -0,0 +1,26 @@ +# Setup the `gerritslave` account on any host that wants to receive +# replication. See role::gerrit::production::replicationdest +class gerrit::replicationdest( $sshkey, $extra_groups = [], $slaveuser = 'gerritslave' ) { + + group { $slaveuser: + ensure => present, + name => $slaveuser, + system => true, + } + + user { $slaveuser: + name => $slaveuser, + groups => $extra_groups, + shell => '/bin/bash', + managehome => true, + system => true, + } + + ssh_authorized_key { $slaveuser: + ensure => present, + key => $sshkey, + type => 'ssh-rsa', + user => $slaveuser, + require => User[$slaveuser], + } +} diff --git a/templates/gerrit/gerrit.config.erb b/modules/gerrit/templates/gerrit.config.erb similarity index 100% rename from templates/gerrit/gerrit.config.erb rename to modules/gerrit/templates/gerrit.config.erb diff --git a/templates/apache/sites/gerrit.wikimedia.org.erb b/modules/gerrit/templates/gerrit.wikimedia.org similarity index 100% rename from templates/apache/sites/gerrit.wikimedia.org.erb rename to modules/gerrit/templates/gerrit.wikimedia.org diff --git a/templates/gerrit/replication.config.erb b/modules/gerrit/templates/replication.config.erb similarity index 100% rename from templates/gerrit/replication.config.erb rename to modules/gerrit/templates/replication.config.erb diff --git a/templates/gerrit/secure.config.erb b/modules/gerrit/templates/secure.config.erb similarity index 100% rename from templates/gerrit/secure.config.erb rename to modules/gerrit/templates/secure.config.erb -- To view, visit https://gerrit.wikimedia.org/r/167215 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7976a20686b1fc5244cbefb8bb04a2ad96e44fca Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Giuseppe Lavagetto <glavage...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits