opendev
/
puppet-gerrit
Code Issues Proposed changes

Retire repo 

Depends-On: https://review.opendev.org/720892
Change-Id: Ib75cd0861d5f20f9ccacf96d38be81122dac75de
This commit is contained in:
Monty Taylor 2020-04-22 08:55:41 -05:00
parent 43f8067c00
commit eff363f158
31 changed files with 9 additions and 2213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,5 +0,0 @@
Gemfile.lock
.bundled_gems/
log/
junit/
.vagrant/

15
Gemfile
View File

@ -1,15 +0,0 @@
source 'https://rubygems.org'
if File.exists?('/home/zuul/src/opendev.org/opendev/puppet-openstack_infra_spec_helper')
gem_checkout_method = {:path => '/home/zuul/src/opendev.org/opendev/puppet-openstack_infra_spec_helper'}
else
gem_checkout_method = {:git => 'https://opendev.org/opendev/puppet-openstack_infra_spec_helper'}
end
gem_checkout_method[:require] = false
group :development, :test, :system_tests do
gem 'puppet-openstack_infra_spec_helper',
gem_checkout_method
end
# vim:ft=ruby

202
LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

5
README.md
View File

@ -1,5 +0,0 @@
# OpenStack Gerrit Module
## Overview
Install and configure Gerrit.

9
README.rst Normal file
View File

@ -0,0 +1,9 @@
This project is no longer maintained.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
For any further questions, please email
service-discuss@lists.opendev.org or join #opendev on Freenode.

8
Rakefile
View File

@ -1,8 +0,0 @@
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.fail_on_warnings = true
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_autoloader_layout')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
PuppetLint.configuration.send('disable_class_parameter_defaults')

11
bindep.txt
View File

@ -1,11 +0,0 @@
# This is a cross-platform list tracking distribution packages needed by tests;
# see http://docs.openstack.org/infra/bindep/ for additional information.
libxml2-devel [test platform:rpm]
libxml2-dev [test platform:dpkg]
libxslt-devel [test platform:rpm]
libxslt1-dev [test platform:dpkg]
ruby-devel [test platform:rpm]
ruby-dev [test platform:dpkg]
zlib1g-dev [test platform:dpkg]
zlib-devel [test platform:rpm]

1
files/gerritcodereview.default
View File

@ -1 +0,0 @@
GERRIT_SITE=/home/gerrit2/review_site

25
files/my.cnf
View File

@ -1,25 +0,0 @@
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Make clients assume UTF-8 encoding
character_set_server = utf8

BIN
files/stackforge.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 4.6 KiB

64
manifests/cron.pp
View File

@ -1,64 +0,0 @@
# == Class: gerrit::cron
#
class gerrit::cron (
$replicate_local = true,
$replicate_path = '/opt/lib/git',
# run `git repack` on gerrit repos by default, set true run `git gc` instead
$gitgc_repos = false,
) {
if $gitgc_repos {
$git_cmd = 'gc'
} else {
$git_cmd = 'repack -afd'
}
cron { 'gerrit_repack':
ensure => absent,
user => 'gerrit2',
}
cron { 'optimize_git_repo':
user => 'gerrit2',
weekday => '0',
hour => '4',
minute => '7',
command => "find /home/gerrit2/review_site/git/ -type d -name \"*.git\" -print -exec git --git-dir=\"{}\" ${git_cmd} \\;",
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
}
# if local replication is enabled, optimize this mirror as well
if $replicate_local {
cron { 'mirror_repack_local':
ensure => absent,
user => 'gerrit2',
}
cron { 'optimize_git_repo_local_replication':
user => 'gerrit2',
weekday => '0',
hour => '4',
minute => '17',
command => "find ${replicate_path} -type d -name \"*.git\" -print -exec git --git-dir=\"{}\" ${git_cmd} \\;",
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
}
}
cron { 'expireoldreviews':
ensure => 'absent',
user => 'gerrit2',
}
cron { 'removedbdumps':
ensure => 'absent',
user => 'gerrit2',
}
cron { 'clear_gerrit_logs':
# Gerrit rotates their own logs, but doesn't clean them out
# Delete logs older than a month
user => 'gerrit2',
hour => '6',
minute => '1',
command => 'find /home/gerrit2/review_site/logs/*.gz -mtime +30 -exec rm -f {} \;',
environment => 'PATH=/usr/bin:/bin:/usr/sbin:/sbin',
}
}

998
manifests/init.pp
View File

@ -1,998 +0,0 @@
# Install and maintain Gerrit Code Review.
# params:
# mysql_password:
# The password with which gerrit connects to mysql.
# mysql_host:
# The mysql host to which gerrit should connect.
# accountpatchreviewdb_url:
# The url to the account patch review database. This database must be
# separate from your normal reviewdb as setting them to be the same
# will cause the reviewdb to be dropped. Note this puppet module uses
# 'reviewdb' for the review database, therefore don't use this name here.
# If not set then gerrit will use a default H2 database in review_site/db.
# vhost_name:
# used in the Apache virtual host, eg., review.example.com
# redirect_to_canonicalweburl:
# Boolean value to determine whether or not mod_rewrite should redirect
# requests to the canonicalweburl
# canonicalweburl:
# Used in the Gerrit config to generate links,
# eg., https://review.example.com/
# known_hosts_content:
# Contents of the known_hosts file
# git_http_url:
# Optional base URL for repositories available over the HTTP protocol
# canonical_git_url:
# URL for repositories available over the anonymous git protocol
# ssl_cert_file:
# ssl_key_file:
# Used in the Apache virtual host to specify the SSL cert and key files.
# ssl_chain_file:
# Optional, if you have an intermediate cert Apache should serve.
# ssl_*_file_contents:
# Optional, the contents of the respective cert files as a string. Will be
# used to have Puppet ensure the contents of these files. Default value of
# '' means Puppet should not manage these files.
# openidssourl:
# The URL to use for OpenID in SSO mode.
# email:
# The email address Gerrit should use when sending mail.
# smtpserver:
# The smtp server that Gerrit should send mail through.
# sendemail_from:
# gerrit.conf value for sendemail.from.
# sendemail_indclude_diff:
# Config emails to includes the complete unified diff of the change
# database_poollimit:
# container_heaplimit:
# container_javaoptions:
# gc_start_time:
# Start time to define the first execution of the git garbage collection
# gc_interval:
# Interval for periodic repetition of triggering the git garbage collection
# core_loggingbuffersize:
# core_packedgitopenfiles:
# core_packedgitlimit:
# core_packedgitwindowsize:
# sshd_threads:
# sshd_batch_threads:
# Number of threads for SSH command requests from non-interactive users
# sshd_listen_address:
# sshd_idle_timeout:
# Server automatically terminates idle connections after this time
# sshd_max_connections_per_user:
# Maximum number of concurrent SSH sessions a user account may open
# httpd_acceptorthreads:
# httpd_minthreads:
# httpd_maxthreads:
# httpd_maxqueued:
# httpd_maxwait:
# Gerrit configuration options; see Gerrit docs.
# commentlinks:
# A list of regexes Gerrit should hyperlink.
# its_plugins:
# A list of its (issue tracking system) plugins to configure.
# Example:
# its_plugins => [
# {
# 'name' => 'its-storyboard',
# 'password' => 'secret_token',
# 'url' => 'https://storyboard.openstack.org',
# },
# ],
#
# its_rules:
# A list of actions to perform on the its.
# Example:
# its_rules => [
# {
# 'name' => 'change_updates',
# 'event_type' => 'patchset-created',
# 'action' => 'add-standard-comment',
# label => [
# {
# 'name' => 'approval-Code-Review',
# 'approvals' => '-2, -1',
# },
# ],
# },
# ],
#
# trackingids:
# A list of regexes to reference external tracking systems.
# war:
# The URL of the Gerrit WAR that should be downloaded and installed.
# Note that only the final component is used for comparing to the most
# recently installed WAR. In other words, if you update the war from:
#
# http://tarballs.openstack.org/ci/gerrit.war
# to:
# http://somewhereelse.example.com/gerrit.war
#
# Gerrit won't be updated unless you delete gerrit.war from
# ~gerrit2/gerrit-wars. But if you change the URL from:
#
# http://tarballs.openstack.org/ci/gerrit-2.2.2.war
# to:
# http://tarballs.openstack.org/ci/gerrit-2.3.0.war
# Gerrit will be upgraded on the next puppet run.
# replicate_local:
# A boolean enabling local replication for apache acceleration
# replication_force_update:
# A boolean enabling replication to force updates to remote
# replication_auto_reload:
# A boolean enabling automatic reload of the replication configuration
# replicate_path:
# The path to the local git replica if replicate_local is enabled
# gitweb:
# A boolean enabling gitweb
# cgit:
# A boolean enabling cgit
# gitae:
# A boolean enabling gitea
# web_repo_url:
# Url for setting the location of an external git browser
# web_repo_url_encode:
# Whether or not Gerrit should encode the generated viewer URL.
# testmode:
# Set this to true to disable cron jobs and replication,
# which can interfere with testing.
# secondary_index:
# Set this to true to enable secondary index support
# secondary_index_type:
# which secondary index to use: SQL (no secondary index),
# LUCENE (recommended), SOLR (experimental). Note: as of
# Gerrit 2.9 LUCENE is default secondary index and SQL is
# removed.
# offline_reindex:
# Set this to true to run an offline index on upgrade
# Note the default is false, but you need to set this to true if
# bootstrapping a new install of gerrit. On a new install of Gerrit we
# need to init the indexes. When doing upgrades these should be able
# to run offline instead.
# reindex_threads:
# The number of threads to use for full offline reindexing of Gerrit data
# index_threads:
# Number of threads to use for indexing in normal interactive operations
# allow_drafts:
# Set this to false to disable drafts feature
# receive_max_object_size_limit
# Maximum allowed Git object size that 'receive-pack' will accept.
# download:
# The allowed download commands and schemes. The data structor for this
# should be a hash with keys and array of values (i.e. {key => [values]})
# Example:
# download => {
# 'command' => ['checkout', 'cherry_pick', 'pull', 'format_patch'],
# 'scheme' => ['ssh', 'anon_http', 'anon_git'],
# 'archive' => ['tar', 'tbz2', 'tgz', 'txz'],
# },
# commitmessage_params:
# A dict of commit message parameters, valid params are: maxLineLength,
# longLinesThreshold, rejectTooLong, and maxSubjectLength.
# Example:
# commitmessage_params => {
# maxSubjectLength => '60',
# maxLineLength => '72',
# },
# java_home:
# The path to java home directory
# TODO: make more gerrit options configurable here
#
class gerrit(
$mysql_password,
$accountpatchreviewdb_url = undef,
$mysql_host = 'localhost',
$war = '',
$email_private_key = '',
$token_private_key = '',
$vhost_name = $::fqdn,
$redirect_to_canonicalweburl = true,
$canonicalweburl = "https://${::fqdn}/",
$known_hosts_content = '',
$git_http_url = '',
$canonical_git_url = '',
$robots_txt_source = '', # If left empty, the gerrit default will be used.
$serveradmin = "webmaster@${::fqdn}",
$ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$ssh_dsa_key_contents = '', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_rsa_key_contents = '', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents = '', # If left empty will not create file.
$ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
$ssh_replication_rsa_key_contents = '', # If left emptry will not create files.
$ssh_replication_rsa_pubkey_contents = '', # If left emptry will not create files.
$gerrit_auth_type = 'OPENID_SSO',
$gerrit_contributor_agreement = true,
$openidssourl = 'https://login.launchpad.net/+openid',
$ldap_server = '',
$ldap_account_base = '',
$ldap_group_base = '',
$ldap_username = '',
$ldap_password = '',
$ldap_account_pattern = '',
$ldap_account_email_address = '',
$ldap_sslverify = true,
$ldap_ssh_account_name = '',
$ldap_accountfullname = '',
$email = '',
$smtpserver = 'localhost',
$sendemail_from = 'MIXED',
$sendemail_include_diff = false,
$database_poollimit = '',
$container_heaplimit = '',
$container_javaoptions = '',
$gc_start_time = '',
$gc_interval = '',
$core_loggingbuffersize = '',
$core_packedgitlimit = '',
$core_packedgitopenfiles = '',
$core_packedgitwindowsize = '',
$sshd_threads = '',
$sshd_batch_threads = '',
$sshd_listen_address = '*:29418',
$sshd_idle_timeout = '3600',
$sshd_max_connections_per_user = '',
$httpd_acceptorthreads = '',
$httpd_minthreads = '',
$httpd_maxthreads = '',
$httpd_maxqueued = '',
$httpd_maxwait = '',
$commentlinks = [],
$its_plugins = [],
$its_rules = [],
$trackingids = [],
$enable_melody = false,
$melody_session = false,
$replicate_local = false,
$replicate_path = '/opt/lib/git',
$replication_force_update = true,
$replication_auto_reload = false,
$replicate_on_startup = true,
$replication = [],
$gitweb = true,
$cgit = false,
$gitea = false,
$web_repo_url = '',
$web_repo_url_encode = true,
$testmode = false,
$secondary_index = false,
$secondary_index_type = 'LUCENE',
$offline_reindex = false,
$enable_javamelody_top_menu = false,
$manage_jeepyb = true,
$reindex_threads = $::processorcount/2,
$report_bug_text = 'Report Bug',
$report_bug_url = '',
$index_threads = 1,
$new_groups_visible_to_all = true,
$allow_drafts = true,
$receive_max_object_size_limit = '',
$cache_diff_timeout = '',
$cache_diff_intraline_timeout = '',
$cache_accounts = '',
$cache_accounts_byemail = '',
$cache_accounts_byname = '',
$cache_groups_byuuid = '',
$download = {},
$commitmessage_params = {},
$java_home = $::gerrit::params::java_home,
) inherits ::gerrit::params {
include ::httpd
if $manage_jeepyb {
include ::jeepyb
}
include ::pip
# get the war version from the passed in url, expecting something like
# http://tarballs.openstack.org/ci/gerrit/gerrit-v2.10.2.22.acc615e.war
$split1 = split($war, '/')
$split2 = split($split1[-1], 'gerrit-v')
$split3 = split($split2[-1],'.war')
$gerrit_war_filename = $split1[-1] # like gerrit-v2.10.2.22.acc615e.war
$gerrit_war_version = $split3[0] # like 2.10.2.22.acc615e
$gerrit_war = '/home/gerrit2/review_site/bin/gerrit.war'
$gerrit_site = '/home/gerrit2/review_site'
include ::gerrit::user
# This is not needed, setting to absent for cleanup
package { 'gitweb':
ensure => absent,
}
if ( $gitweb ) {
package { 'libcgi-pm-perl':
ensure => present,
}
}
package { 'unzip':
ensure => present,
}
package { $::gerrit::params::jre_package:
ensure => present,
}
package { 'openjdk-6-jre-headless':
ensure => purged,
require => Package[$::gerrit::params::jre_package],
}
file { '/var/log/gerrit':
ensure => directory,
owner => 'gerrit2',
}
if ((!defined(File['/opt/lib']))
and ($replicate_path =~ /^\/opt\/lib\/.*$/)) {
file { '/opt/lib':
ensure => directory,
owner => root,
}
}
# Prepare gerrit directories. Even though some of these would be created
# by the init command, we can go ahead and create them now and populate them.
# That way the config files are already in place before init runs.
file { '/home/gerrit2/review_site':
ensure => directory,
owner => 'gerrit2',
require => User['gerrit2'],
}
file { '/home/gerrit2/review_site/plugins':
ensure => directory,
owner => 'gerrit2',
require => [User['gerrit2'], File['/home/gerrit2/review_site']],
}
file { '/home/gerrit2/.ssh':
ensure => directory,
owner => 'gerrit2',
mode => '0700',
require => User['gerrit2'],
}
file { '/home/gerrit2/review_site/etc':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/bin':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/static':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/hooks':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/lib':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
# Skip replication if we're in test mode
if ($testmode == false) {
# Template uses $replication
file { '/home/gerrit2/review_site/etc/replication.config':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => template('gerrit/replication.config.erb'),
replace => true,
require => File['/home/gerrit2/review_site/etc'],
}
}
# Gerrit sets these permissions in 'init'; don't fight them.
# Template uses:
# - $mysql_host
# - $canonicalweburl
# - $git_http_url
# - $canonical_git_url
# - $smtpserver
# - $sendemail_from
# - $sendemail_include_diff
# - $database_poollimit
# - $gerrit_contributor_agreement
# - $gerrit_auth_type
# - $openidssourl
# - $ldap_server
# - $ldap_username
# - $ldap_password
# - $ldap_account_base
# - $ldap_account_pattern
# - $ldap_account_email_address
# - $smtpserver
# - $sendmail_from
# - $java_home
# - $container_heaplimit
# - $container_javaoptions
# - $gc_start_time
# - $gc_interval
# - $core_packedgitopenfiles
# - $core_packedgitlimit
# - $core_packedgitwindowsize
# - $sshd_listen_address
# - $sshd_threads
# - $sshd_idle_timeout
# - $sshd_max_connections_per_user
# - $sshd_batch_threads
# - $httpd_maxwait
# - $httpd_acceptorthreads
# - $httpd_minthreads
# - $httpd_maxthreads
# - $httpd_maxqueued
# - $commentlinks
# - $its_plugins
# - $its_rules
# - $trackingids
# - $enable_melody
# - $melody_session
# - $gitweb
# - web_repo_url
# - web_repo_url_encode
# - $report_bug_text
# - $report_bug_url
# - $secondary_index_type:
# - $reindex_threads:
# - $index_threads:
# - $new_groups_visible_to_all:
# - $allow_drafts:
# - $receive_max_object_size_limit
# - $cache_diff_timeout
# - $cache_diff_intraline_timeout
# - $cache_accounts
# - $cache_accounts_byemail
# - $cache_accounts_byname
# - $cache_groups_byuuid
# - $download
# - $commitmessage_params
file { '/home/gerrit2/review_site/etc/gerrit.config':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => template('gerrit/gerrit.config.erb'),
replace => true,
require => File['/home/gerrit2/review_site/etc'],
}
# Secret files.
# Gerrit sets these permissions in 'init'; don't fight them. If
# these permissions aren't set correctly, gerrit init will write a
# new secure.config file and lose the mysql password.
# Template uses $mysql_password, $email_private_key, $token_private_key,
# and accountpatchreviewdb_url.
file { '/home/gerrit2/review_site/etc/secure.config':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => template('gerrit/secure.config.erb'),
replace => true,
require => File['/home/gerrit2/review_site/etc'],
}
# setup rules for its (issue tracking system) plugins
file { '/home/gerrit2/review_site/etc/its':
ensure => 'directory',
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
require => File['/home/gerrit2/review_site/etc'],
}
file { '/home/gerrit2/review_site/etc/its/actions.config':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => template('gerrit/gerrit.its_rules.erb'),
replace => true,
}
# Set up apache.
# Template uses:
# - $vhost_name
# - $serveradmin
# - $ssl_cert_file
# - $ssl_key_file
# - $ssl_chain_file
# - $canonicalweburl
# - $redirect_to_canonicalweburl
# - $replicate_local
# - $replicate_path
# - $robots_txt_source
::httpd::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'gerrit/gerrit.vhost.erb',
ssl => true,
}
httpd::mod { 'rewrite':
ensure => present,
before => Service['httpd'],
}
httpd::mod { 'proxy':
ensure => present,
before => Service['httpd'],
}
httpd::mod { 'proxy_http':
ensure => present,
before => Service['httpd'],
}
if ! defined(Httpd::Mod['cgid']) {
httpd::mod { 'cgid':
ensure => present,
before => Service['httpd'],
}
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $robots_txt_source != '' {
file { '/home/gerrit2/review_site/static/robots.txt':
owner => 'root',
group => 'root',
mode => '0444',
source => $robots_txt_source,
require => File['/home/gerrit2/review_site/static'],
}
}
if $ssh_dsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_dsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_dsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_dsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_project_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_project_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_project_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_project_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_replication_rsa_key_contents != '' {
file { '/home/gerrit2/.ssh/id_rsa':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_replication_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/.ssh']
}
}
if $ssh_replication_rsa_pubkey_contents != '' {
file { '/home/gerrit2/.ssh/id_rsa.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_replication_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/.ssh']
}
}
if $known_hosts_content != '' {
file { '/home/gerrit2/.ssh/known_hosts':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $known_hosts_content,
replace => true,
require => File['/home/gerrit2/.ssh'],
}
}
# Install Gerrit itself.
# The Gerrit WAR is specified as a url like
# 'http://tarballs.openstack.org/ci/gerrit-2.2.2-363-gd0a67ce.war'
# Set $basewar so that we can work with filenames like
# gerrit-2.2.2-363-gd0a67ce.war'.
if $war =~ /.*\/(.*)/ {
$basewar = $1
} else {
$basewar = $war
}
# This directory is used to download and cache gerrit war files.
# That way the download and install steps are kept separate.
file { '/home/gerrit2/gerrit-wars':
ensure => directory,
require => User['gerrit2'],
}
# If we don't already have the specified WAR, download it.
exec { "download:${war}":
command => "/usr/bin/wget ${war} -O /home/gerrit2/gerrit-wars/${basewar}",
creates => "/home/gerrit2/gerrit-wars/${basewar}",
require => File['/home/gerrit2/gerrit-wars'],
}
# If gerrit.war isn't the same as $basewar, install it.
file { $gerrit_war:
ensure => present,
source => "file:///home/gerrit2/gerrit-wars/${basewar}",
require => Exec["download:${war}"],
replace => true,
# user, group, and mode have to be set this way to avoid retriggering
# gerrit-init on every run because gerrit init sets them this way
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
}
# If gerrit.war was just installed, run the Gerrit "init" command.
exec { 'gerrit-initial-init':
user => 'gerrit2',
command => "/usr/bin/java -jar ${gerrit_war} init -d ${gerrit_site} --batch --no-auto-start",
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
refreshonly => true,
require => [Package[$::gerrit::params::jre_package],
User['gerrit2'],
File['/home/gerrit2/review_site/etc/gerrit.config'],
File['/home/gerrit2/review_site/etc/secure.config']],
notify => Exec['install-core-plugins'],
unless => '/usr/bin/test -f /etc/init.d/gerrit',
logoutput => true,
}
if ($offline_reindex) {
exec { 'gerrit-reindex':
user => 'gerrit2',
command => "/usr/bin/java -jar ${gerrit_war} reindex -d ${gerrit_site} --threads ${reindex_threads}",
subscribe => [File['/home/gerrit2/review_site/bin/gerrit.war'],
Exec['gerrit-initial-init'],
Exec['gerrit-init']],
refreshonly => true,
logoutput => true,
}
}
# If a new gerrit.war was just installed, run the Gerrit "init" command.
# Stop is included here because it may not be running or the init
# script may not exist, and in those cases, we don't care if it fails.
# Running the init script as the gerrit2 user _does_ work.
exec { 'gerrit-init':
user => 'gerrit2',
command => "/etc/init.d/gerrit stop; /usr/bin/java -jar ${gerrit_war} init -d ${gerrit_site} --batch --no-auto-start",
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
refreshonly => true,
require => [Package[$::gerrit::params::jre_package],
User['gerrit2'],
File['/home/gerrit2/review_site/etc/gerrit.config'],
File['/home/gerrit2/review_site/etc/secure.config']],
onlyif => '/usr/bin/test -f /etc/init.d/gerrit',
notify => Exec['install-core-plugins'],
logoutput => true,
}
# Install Core Plugins
exec { 'install-core-plugins':
user => 'gerrit2',
command => '/usr/bin/unzip -jo /home/gerrit2/review_site/bin/gerrit.war WEB-INF/plugins/* -d /home/gerrit2/review_site/plugins || true',
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
require => [Package['unzip'],
File['/home/gerrit2/review_site/plugins']],
notify => Exec['gerrit-start'],
refreshonly => true,
logoutput => true,
}
# Ensure only one set of bouncy castle libs are installed
# and remove libs installed by Gerrit init.
if versioncmp($gerrit_war_version, '2.10') > 0 {
# Remove libs for Gerrit 2.9 and lower
tidy { '/home/gerrit2/review_site/lib':
recurse => true,
matches => ['bcprov-jdk*.jar',
'bcpg-jdk*.jar',
'bcpkix-jdk*.jar',
'mysql-connector-java-*.jar',
'bcprov.jar',
'bcpg.jar',
'bcpkix.jar'],
before => Exec['gerrit-start'],
}
} else {
# Remove libs for Gerrit 2.10+
tidy { '/home/gerrit2/review_site/lib':
recurse => true,
matches => ['bcprov-jdk*.jar',
'bcpg-jdk*.jar',
'bcpkix-jdk*.jar',
'mysql-connector-java-*.jar',
'bcprov-*.jar',
'bcpg-*.jar',
'bcpkix-*.jar'],
before => Exec['gerrit-start'],
}
}
class { '::httpd::logrotate':
options => [
'daily',
'missingok',
'rotate 30',
'compress',
'delaycompress',
'notifempty',
'create 640 root adm',
'sharedscripts',
],
}
# Symlink the init script.
file { '/etc/init.d/gerrit':
ensure => link,
target => '/home/gerrit2/review_site/bin/gerrit.sh',
require => Exec['gerrit-initial-init'],
}
# The init script requires the path to gerrit to be set.
file { '/etc/default/gerritcodereview':
ensure => present,
source => 'puppet:///modules/gerrit/gerritcodereview.default',
replace => true,
owner => 'root',
group => 'root',
mode => '0444',
}
# Make sure the init script starts on boot.
file { ['/etc/rc0.d/K10gerrit',
'/etc/rc1.d/K10gerrit',
'/etc/rc2.d/S90gerrit',
'/etc/rc3.d/S90gerrit',
'/etc/rc4.d/S90gerrit',
'/etc/rc5.d/S90gerrit',
'/etc/rc6.d/K10gerrit']:
ensure => link,
target => '/etc/init.d/gerrit',
require => File['/etc/init.d/gerrit'],
}
exec { 'gerrit-start':
command => '/etc/init.d/gerrit start',
require => [File['/etc/init.d/gerrit'],
Tidy['/home/gerrit2/review_site/lib']],
refreshonly => true,
}
file { '/usr/local/gerrit':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/usr/local/gerrit/scripts':
ensure => absent,
}
package { 'libmysql-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/mysql-connector-java.jar':
ensure => link,
target => '/usr/share/java/mysql-connector-java.jar',
before => Exec['gerrit-start'],
require => [
Package['libmysql-java'],
File['/home/gerrit2/review_site/lib'],
],
}
$mysql_data = load_module_metadata('mysql', true)
if $mysql_data == {} {
package { 'mysql-client':
ensure => present,
before => File['/etc/mysql/conf.d/client.conf'],
}
} else {
include ::mysql::client
Class['::mysql::client'] -> File['/etc/mysql/conf.d/client.conf']
}
# Add config to make clients assume UTF-8 encoding
file { '/etc/mysql/conf.d/client.conf':
ensure => present,
source => 'puppet:///modules/gerrit/my.cnf',
replace => true,
owner => 'root',
group => 'root',
mode => '0644',
}
# Gerrit 2.10 requires libs not available in ubuntu repositories
# need to download them directly from maven central.
if (versioncmp($gerrit_war_version, '2.10') > 0) and (versioncmp($gerrit_war_version, '2.12') < 0) {
exec { 'download bcprov-jdk15on-1.51.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.51/bcprov-jdk15on-1.51.jar -O /home/gerrit2/review_site/lib/bcprov-1.51.jar',
creates => '/home/gerrit2/review_site/lib/bcprov-1.51.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
exec { 'download bcpkix-jdk15on-1.51.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.51/bcpkix-jdk15on-1.51.jar -O /home/gerrit2/review_site/lib/bcpkix-1.51.jar',
creates => '/home/gerrit2/review_site/lib/bcpkix-1.51.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
} elsif (versioncmp($gerrit_war_version, '2.12') > 0) {
exec { 'download bcprov-jdk15on-1.52.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar -O /home/gerrit2/review_site/lib/bcprov-1.52.jar',
creates => '/home/gerrit2/review_site/lib/bcprov-1.52.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
exec { 'download bcpkix-jdk15on-1.52.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar -O /home/gerrit2/review_site/lib/bcpkix-1.52.jar',
creates => '/home/gerrit2/review_site/lib/bcpkix-1.52.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
} else {
package { 'libbcprov-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/bcprov.jar':
ensure => link,
target => '/usr/share/java/bcprov.jar',
before => Exec['gerrit-start'],
require => [
Package['libbcprov-java'],
File['/home/gerrit2/review_site/lib'],
],
}
# Required for the version of Bouncy Castle on Trusty and later
if ($::lsbdistcodename != 'precise') {
package { 'libbcpkix-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/bcpkix.jar':
ensure => link,
target => '/usr/share/java/bcpkix.jar',
before => Exec['gerrit-start'],
require => [
Package['libbcpkix-java'],
File['/home/gerrit2/review_site/lib'],
],
}
}
}
file { '/home/gerrit2/review_site/etc/contact_information.pub':
ensure => absent,
}
file { '/home/gerrit2/review_site/lib/fakestore.cgi':
ensure => absent,
}
# create local replication directory if needed
if $replicate_local {
file { $replicate_path:
ensure => directory,
owner => 'gerrit2',
}
}
}

49
manifests/mysql.pp
View File

@ -1,49 +0,0 @@
# == Class: gerrit::mysql
#
class gerrit::mysql(
$mysql_root_password = '',
$database_name = '',
$database_user = '',
$database_password = '',
) {
$mysql_data = load_module_metadata('mysql', true)
if $mysql_data == {} {
warning("An old version of the puppetlabs-mysql module was found on your \
system. The gerrit module only officially supports the latest 3.x version of \
the mysql module.")
class { '::mysql::server':
config_hash => {
'root_password' => $mysql_root_password,
'default_engine' => 'InnoDB',
'bind_address' => '127.0.0.1',
}
}
} else { # If it has metadata.json, assume it's new enough to use this interface
class { '::mysql::server':
root_password => $mysql_root_password,
override_options => {
'mysqld' => {
'default-storage-engine' => 'InnoDB',
# Remove NO_ZERO_DATE mode so gerrit can initialize
'sql-mode' => 'ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION',
}
},
}
}
include ::mysql::server::account_security
mysql::db { $database_name:
user => $database_user,
password => $database_password,
host => 'localhost',
grant => ['all'],
charset => 'utf8',
require => [
Class['mysql::server'],
Class['mysql::server::account_security'],
],
}
}
# vim:sw=2:ts=2:expandtab:textwidth=79

17
manifests/params.pp
View File

@ -1,17 +0,0 @@
# gerrit::params
class gerrit::params (
){
case $::lsbdistcodename {
'trusty': {
$jre_package = 'openjdk-7-jre-headless'
$java_home = '/usr/lib/jvm/java-7-openjdk-amd64/jre'
}
'xenial': {
$jre_package = 'openjdk-8-jre-headless'
$java_home = '/usr/lib/jvm/java-8-openjdk-amd64/jre'
}
default: {
fail("Operating system release ${::lsbdistcodename} not supported.")
}
}
}

78
manifests/plugin.pp
View File

@ -1,78 +0,0 @@
# Copyright (C) 2014 R. Tyler Croy <tyler@monkeypox.org>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Defined resource type to install gerrit plugins.
#
# Borrowed from: https://github.com/jenkinsci/puppet-jenkins
#
define gerrit::plugin(
$version=0,
) {
$base_plugin = "${name}.jar"
$plugin = "${name}-${version}.jar"
$plugin_cache_dir = '/home/gerrit2/gerrit-plugins'
$plugin_dir = '/home/gerrit2/review_site/plugins'
$plugin_parent_dir = '/home/gerrit2/review_site'
$base_url = "http://tarballs.openstack.org/ci/gerrit/plugins/${name}"
include ::gerrit::user
# This directory is used to download and cache gerrit plugin files.
# That way the download and install steps are kept separate.
if (!defined(File[$plugin_cache_dir])) {
file { $plugin_cache_dir:
ensure => directory,
owner => 'gerrit2',
group => 'gerrit2',
require => [
File[$plugin_parent_dir],
Class['gerrit::user'],
],
}
}
# If we don't already have the specified plugin, download it.
exec { "download-${plugin}":
command => "wget ${base_url}/${plugin} -O ${plugin_cache_dir}/${plugin}",
path => ['/bin','/usr/bin', '/usr/sbin', '/usr/local/bin'],
creates => "${plugin_cache_dir}/${plugin}",
user => 'gerrit2',
require => [
File[$plugin_cache_dir],
Class['gerrit::user'],
],
}
if (!defined(File[$plugin_dir])) {
file { $plugin_dir:
ensure => directory,
owner => 'gerrit2',
group => 'gerrit2',
require => [
File[$plugin_parent_dir],
Class['gerrit::user'],
],
}
}
exec { "install-${base_plugin}":
command => "cp ${plugin_cache_dir}/${plugin} ${plugin_dir}/${base_plugin}",
path => ['/bin','/usr/bin', '/usr/sbin', '/usr/local/bin'],
subscribe => Exec["download-${plugin}"],
user => 'gerrit2',
refreshonly => true,
}
}

10
manifests/remotes.pp
View File

@ -1,10 +0,0 @@
# == Class: gerrit::remotes
#
class gerrit::remotes($ensure=present) {
file { '/home/gerrit2/remotes.config':
ensure => absent,
}
class { '::jeepyb::fetch_remotes':
ensure => $ensure,
}
}

27
manifests/user.pp
View File

@ -1,27 +0,0 @@
# == Class: gerrit::user
#
class gerrit::user {
group { 'gerrit2':
ensure => present,
}
user { 'gerrit2':
ensure => present,
comment => 'Gerrit2 User',
home => '/home/gerrit2',
gid => 'gerrit2',
shell => '/bin/bash',
membership => 'minimum',
require => Group['gerrit2'],
}
file { '/home/gerrit2':
ensure => directory,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
require => User['gerrit2'],
}
}

24
manifests/welcome.pp
View File

@ -1,24 +0,0 @@
# == Class: gerrit::welcome
#
class gerrit::welcome (
$ssh_welcome_rsa_key_contents,
$ssh_welcome_rsa_pubkey_contents,
) {
file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_welcome_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_welcome_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}

12
metadata.json
View File

@ -1,12 +0,0 @@
{
"name": "openstackinfra-gerrit",
"version": "0.0.1",
"author": "Openstack CI",
"summary": "Puppet module for Gerrit",
"license": "Apache 2.0",
"source": "https://opendev.org/opendev/puppet-gerrit.git",
"project_page": "http://docs.openstack.org/infra/system-config/",
"issues_url": "https://storyboard.openstack.org/#!/project/768",
"dependencies": [
]
}

68
spec/acceptance/basic_spec.rb
View File

@ -1,68 +0,0 @@
require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
describe 'basic gerrit', :if => ['debian', 'ubuntu'].include?(os[:family]) do
def pp_path
base_path = File.dirname(__FILE__)
File.join(base_path, 'fixtures')
end
def preconditions_puppet_module
module_path = File.join(pp_path, 'preconditions.pp')
File.read(module_path)
end
def default_puppet_module
module_path = File.join(pp_path, 'default.pp')
File.read(module_path)
end
before(:all) do
apply_manifest(preconditions_puppet_module, catch_failures: true)
end
it 'should work with no errors' do
apply_manifest(default_puppet_module, catch_failures: true)
end
it 'should be idempotent' do
pending("this module is not idempotent, yet.")
apply_manifest(default_puppet_module, catch_changes: true)
end
describe 'user' do
describe user('gerrit2') do
it { should exist }
it { should belong_to_group 'gerrit2' }
it { should have_home_directory '/home/gerrit2' }
it { should have_login_shell '/bin/bash' }
end
end
describe 'required services' do
describe port(80) do
it { should be_listening }
end
describe command("curl http://localhost --insecure --location") do
its(:stdout) { should contain('Gerrit Code Review') }
its(:stdout) { should contain('"version":"2.11.4-13-gcb9800e"') }
end
describe port(443) do
it { should be_listening }
end
describe command("curl https://localhost --insecure --location") do
its(:stdout) { should contain('Gerrit Code Review') }
its(:stdout) { should contain('"version":"2.11.4-13-gcb9800e"') }
end
describe port(8081) do
it { should be_listening }
end
describe port(29418) do
it { should be_listening }
end
end
end

75
spec/acceptance/fixtures/default.pp
View File

@ -1,75 +0,0 @@
# workaround since ssl-cert group is not being installed as part of
# this module
package { 'ssl-cert':
ensure => present,
}
exec { 'ensure ssl-cert exists':
command => '/usr/sbin/groupadd -f ssl-cert',
unless => '/bin/grep ssl-cert /etc/group',
}
# workaround since pip is not being installed as part of this module
package { 'python-pip':
ensure => present,
}
class { '::gerrit::mysql':
mysql_root_password => 'UNSET',
database_name => 'reviewdb',
database_user => 'gerrit2',
database_password => '12345',
before => Class['::gerrit'],
}
# The mysql module doesn't restart the mysql service by default,
# and since mysql is preinstalled by bindep, the service is already
# started when the config is applied. This triggers a restart so that the
# sql-mode can be applied.
Class['::mysql::server::config'] ~> Class['::mysql::server::service']
class { '::gerrit':
mysql_host => 'localhost',
mysql_password => '12345',
war => 'http://tarballs.openstack.org/ci/test/gerrit-v2.11.4.13.cb9800e.war',
vhost_name => 'localhost',
canonical_git_url => 'localhost',
ssh_rsa_key_contents => file('/tmp/gerrit-ssh-keys/ssh_rsa_key'),
ssh_rsa_pubkey_contents => file('/tmp/gerrit-ssh-keys/ssh_rsa_key.pub'),
ssh_project_rsa_key_contents => file('/tmp/gerrit-ssh-keys/ssh_project_rsa_key'),
ssh_project_rsa_pubkey_contents => file('/tmp/gerrit-ssh-keys/ssh_project_rsa_key.pub'),
ssh_replication_rsa_key_contents => file('/tmp/gerrit-ssh-keys/ssh_replication_rsa_key'),
ssh_replication_rsa_pubkey_contents => file('/tmp/gerrit-ssh-keys/ssh_replication_rsa_key.pub'),
secondary_index => true,
secondary_index_type => 'LUCENE',
offline_reindex => true,
commitmessage_params =>
{
maxSubjectLength => '60',
maxLineLength => '72',
longLinesThreshold => '20',
rejectTooLong => 'true',
},
its_plugins => [
{
'name' => 'its-storyboard',
'password' => 'secret_token',
'url' => 'https://storyboard.openstack.org',
},
],
its_rules => [
{
'name' => 'change_updates',
'event_type' => 'patchset-created',
'action' => 'add-standard-comment',
label => [
{
'name' => 'approval-Code-Review',
'approvals' => '-2, -1',
},
],
},
],
}
class { '::gerrit::cron': }

44
spec/acceptance/fixtures/preconditions.pp
View File

@ -1,44 +0,0 @@
# Installing ssl-cert in order to get snakeoil certs
package { 'ssl-cert':
ensure => present,
}
# method to create ssh directory
define create_ssh_key_directory() {
Exec { path => '/bin:/usr/bin' }
exec { "create temporary ${name} directory":
command => "mkdir -p ${name}",
}
}
# method to generate key
define ssh_keygen (
$ssh_directory = undef
) {
Exec { path => '/bin:/usr/bin' }
$ssh_key_file = "${ssh_directory}/${name}"
exec { "ssh-keygen for ${name}":
command => "ssh-keygen -t rsa -f ${ssh_key_file} -N ''",
creates => $ssh_key_file,
}
}
$ssh_key_directory = '/tmp/gerrit-ssh-keys'
file { $ssh_key_directory:
ensure => directory,
}
ssh_keygen {'ssh_rsa_key':
ssh_directory => $ssh_key_directory,
require => File[$ssh_key_directory],
}
ssh_keygen {'ssh_project_rsa_key':
ssh_directory => $ssh_key_directory,
require => File[$ssh_key_directory],
}
ssh_keygen {'ssh_replication_rsa_key':
ssh_directory => $ssh_key_directory,
require => File[$ssh_key_directory],
}

11
spec/acceptance/nodesets/default.yml
View File

@ -1,11 +0,0 @@
HOSTS:
ubuntu-server-1404-x64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: git

10
spec/acceptance/nodesets/nodepool-centos7.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-trusty.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-xenial.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-16.04-amd64:
roles:
- master
platform: ubuntu-16.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

271
templates/gerrit.config.erb
View File

@ -1,271 +0,0 @@
# This file is managed by puppet.
# https://opendev.org/opendev/system-config
[gerrit]
basePath = git
canonicalWebUrl = <%= @canonicalweburl %>
changeScreen = OLD_UI
reportBugText = <%= @report_bug_text %>
reportBugUrl = <%= @report_bug_url %>
<% if @git_http_url != "" -%>
gitHttpUrl = <%= @git_http_url %>
<% end -%>
<% if @canonical_git_url != "" -%>
canonicalGitUrl = <%= @canonical_git_url %>
<% end -%>
[database]
type = MYSQL
hostname = <%= @mysql_host %>
database = reviewdb
username = gerrit2
url = jdbc:mysql://<%= @mysql_host %>/reviewdb?characterSetResults=utf8&characterEncoding=utf8&connectionCollation=utf8_bin&useUnicode=yes
<% if @database_poollimit != "" -%>
poolLimit = <%= @database_poollimit %>
<% end -%>
connectionpool = true
[auth]
<% if @gerrit_contributor_agreement -%>
contributorAgreements = true
<% end -%>
type = <%= @gerrit_auth_type %>
cookieSecure = true
enableRunAs = true
<% if @gerrit_auth_type == 'OPENID_SSO' -%>
openIdSsoUrl = <%= @openidssourl %>
<% end -%>
<% if @gerrit_auth_type == 'LDAP' -%>
[ldap]
server = <%= @ldap_server %>
accountBase = <%= @ldap_account_base %>
<% if @ldap_group_base and @ldap_group_base != '' -%>groupBase = <%= @ldap_group_base %><%end%>
<% if @ldap_username and @ldap_username != '' -%>username = <%= @ldap_username %><%end%>
<% if @ldap_password and @ldap_password != '' -%>password = <%= @ldap_password %><%end%>
<% if @ldap_accountfullname and @ldap_accountfullname != '' -%>accountFullName = <%= @ldap_accountfullname %><%end%>
accountPattern = <%= @ldap_account_pattern %>
accountEmailAddress = <%= @ldap_account_email_address %>
sslVerify = <%= @ldap_sslverify %>
<% if @ldap_ssh_account_name and @ldap_ssh_account_name != '' -%>accountSshUserName = <%= @ldap_ssh_account_name %><%end%>
<% end %>
[sendemail]
smtpServer = <%= @smtpserver %>
from = <%= @sendemail_from %>
includeDiff = <%= @sendemail_include_diff %>
[container]
user = gerrit2
startupTimeout = 300
<% if @java_home != "" -%>
javaHome = <%= @java_home %>
<% end -%>
<% if @container_javaoptions != "" -%>
javaOptions = <%= @container_javaoptions %>
<% end -%>
<% if @container_heaplimit != "" -%>
heapLimit = <%= @container_heaplimit %>
<% end -%>
[gc]
<% if @gc_start_time != "" -%>
startTime = <%= @gc_start_time %>
<% end -%>
<% if @gc_interval != "" -%>
interval = <%= @gc_interval %>
<% end -%>
[core]
<% if @core_loggingbuffersize != "" -%>
asyncLoggingBufferSize = <%= @core_loggingbuffersize %>
<% end -%>
<% if @core_packedgitopenfiles != "" -%>
packedGitOpenFiles = <%= @core_packedgitopenfiles %>
<% end -%>
<% if @core_packedgitlimit != "" -%>
packedGitLimit = <%= @core_packedgitlimit %>
<% end -%>
<% if @core_packedgitwindowsize != "" -%>
packedGitWindowSize = <%= @core_packedgitwindowsize %>
<% end -%>
[sshd]
listenAddress = <%= @sshd_listen_address %>
<% if @sshd_threads != "" -%>
threads = <%= @sshd_threads %>
<% end -%>
<% if @sshd_idle_timeout != "" -%>
idleTimeout = <%= @sshd_idle_timeout %>
<% end -%>
<% if @sshd_max_connections_per_user != "" -%>
maxConnectionsPerUser = <%= @sshd_max_connections_per_user %>
<% end -%>
<% if @sshd_batch_threads != "" -%>
batchThreads = <%= @sshd_batch_threads %>
<% end -%>
[httpd]
listenUrl = proxy-https://*:8081/
<% if @httpd_maxwait != "" -%>
maxWait = <%= @httpd_maxwait %>
<% end -%>
<% if @httpd_acceptorthreads != "" -%>
acceptorThreads = <%= @httpd_acceptorthreads %>
<% end -%>
<% if @httpd_minthreads != "" -%>
minThreads = <%= @httpd_minthreads %>
<% end -%>
<% if @httpd_maxthreads != "" -%>
maxThreads = <%= @httpd_maxthreads %>
<% end -%>
<% if @httpd_maxqueued != "" -%>
maxQueued = <%= @httpd_maxqueued %>
<% end -%>
[cache]
directory = cache
[cache "web_sessions"]
maxAge = 7days
<% if @cache_diff_timeout != "" -%>
[cache "diff"]
timeout = <%= @cache_diff_timeout %>
<% end -%>
<% if @cache_diff_intraline_timeout != "" -%>
[cache "diff_intraline"]
timeout = <%= @cache_diff_intraline_timeout %>
<% end -%>
<% if @cache_accounts != "" -%>
[cache "accounts"]
memoryLimit = <%= @cache_accounts %>
<% end -%>
<% if @cache_accounts_byemail != "" -%>
[cache "accounts_byemail"]
memoryLimit = <%= @cache_accounts_byemail %>
<% end -%>
<% if @cache_accounts_byname != "" -%>
[cache "accounts_byname"]
memoryLimit = <%= @cache_accounts_byname %>
<% end -%>
<% if @cache_groups_byuuid != "" -%>
[cache "groups_byuuid"]
memoryLimit = <%= @cache_groups_byuuid %>
<% end -%>
[user]
email = <%= @email %>
[change]
allowDrafts = <%= @allow_drafts %>
[receive]
<% if @receive_max_object_size_limit != "" -%>
maxObjectSizeLimit = <%= @receive_max_object_size_limit %>
<% end -%>
<% @commentlinks.each do |commentlink| -%>
[commentlink "<%= commentlink['name'] %>"]
match = "<%= commentlink['match'] %>"
<% if commentlink['link'] != "" -%>
link = "<%= commentlink['link'] %>"
<% end -%>
<% if commentlink['html'] != "" -%>
html = "<%= commentlink['html'] %>"
<% end -%>
<% end -%>
<% @its_plugins.each do |its_plugin| -%>
[<%= its_plugin['name'] %>]
url = <%= its_plugin['url'] %>
<% end -%>
<% @trackingids.each do |trackingid| -%>
[trackingid "<%= trackingid['name'] %>"]
match = "<%= trackingid['match'] %>"
<% if trackingid['footers'] -%>
<% trackingid['footers'].each do |footer_value| -%>
footer = "<%= footer_value %>"
<% end -%>
<% else -%>
footer = "<%= trackingid['footer'] %>"
<% end -%>
system = "<%= trackingid['system'] %>"
<% end -%>
[theme]
backgroundColor = ffffff
topMenuColor = ffffff
textColor = 264d69
trimColor = eef3f5
selectionColor = d1e6ea
changeTableOutdatedColor = f5cccc
tableOddRowColor = ffffff
tableEvenRowColor = f5f5ff
[melody]
monitoring = <%= @enable_melody %>
session = <%= @melody_session %>
[plugin "javamelody"]
allowTopMenu = <%= @enable_javamelody_top_menu %>
# Gerrit upstream hardcodes a .git extension for cgit.
# The cgit settings below are the same just without the
# .git extension.
<% if @gitweb or @cgit or @gitea -%>
[gitweb]
<% if @gitweb -%>
type = gitweb
cgi = /usr/share/gitweb/gitweb.cgi
revision = "?p=${project}.git;a=commitdiff;h=${commit}"
<% end -%>
<% if @cgit -%>
type = custom
project = "${project}/summary"
revision = "${project}/commit/?id=${commit}"
branch = "${project}/log/?h=${branch}"
roottree = "${project}/tree/?h=${commit}"
file = "${project}/tree/${file}?h=${commit}"
filehistory = "${project}/log/${file}?h=${branch}"
<% end -%>
<% if @gitea -%>
type = custom
project = "${project}"
revision = "${project}/commit/${commit}"
branch = "${project}/src/branch/${branch}"
roottree = "${project}/src/commit/${commit}"
file = "${project}/src/commit/${commit}/${file}"
filehistory = "${project}/commits/branch/${branch}/${file}"
<% end -%>
<% if scope.lookupvar("gerrit::web_repo_url") -%>
url = "<%= scope.lookupvar('gerrit::web_repo_url') %>"
urlEncode = <%= @web_repo_url_encode %>
<% end -%>
<% end -%>
<% if @secondary_index == true -%>
[index]
type = <%= @secondary_index_type %>
<% if @index_threads.to_i > 1 -%>
threads = <%= @index_threads %>
<% end -%>
<% end -%>
<% unless @download.empty? -%>
[download]
<% @download.each do |key, item| -%>
<% item.each do |value| -%>
<%= key %> = <%= value %>
<% end -%>
<% end -%>
<% end -%>
<% unless @commitmessage_params.nil? or @commitmessage_params.empty? -%>
[commitmessage]
<% @commitmessage_params.each do |key, value| -%>
<% if key == "maxLineLength" or key == "longLinesThreshold" or key == "rejectTooLong" or key == "maxSubjectLength" -%>
<%= key %> = <%= value %>
<% end -%>
<% end -%>
<% end -%>
[groups]
newGroupsVisibleToAll = <%= @new_groups_visible_to_all %>
[mimetype "image/*"]
safe = true
[mimetype "text/x-yaml"]
safe = true
[mimetype "text/xml"]
safe = true
[mimetype "application/xml"]
safe = true
[mimetype "text/x-rst"]
safe = true
[mimetype "text/plain"]
safe = true
[mimetype "text/x-puppet"]
safe = true
[mimetype "text/x-ini"]
safe = true
[mimetype "text/x-properties"]
safe = true
[mimetype "text/x-markdown"]
safe = true
[mimetype "text/css"]
safe = true

12
templates/gerrit.its_rules.erb
View File

@ -1,12 +0,0 @@
<% @its_rules.each do |its_rule| -%>
[rule "<%= its_rule['name'] %>"]
action = <%= its_rule['action'] %>
<% unless its_rule['event_type'].nil? -%>
event-type = <%= its_rule['event_type'] %>
<% end -%>
<% unless its_rule['label'].nil? -%>
<% its_rule['label'].each do |its_label| -%>
<%= its_label['name'] %> = <%= its_label['approvals'] %>
<% end -%>
<% end -%>
<% end -%>

101
templates/gerrit.vhost.erb
View File

@ -1,101 +0,0 @@
<VirtualHost *:80>
ServerName <%= scope.lookupvar("gerrit::vhost_name") %>
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
Redirect / https://<%= scope.lookupvar("gerrit::vhost_name") %>/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName <%= scope.lookupvar("gerrit::vhost_name") %>
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
AllowEncodedSlashes On
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %>
<% if scope.lookupvar("gerrit::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("gerrit::ssl_chain_file") %>
<% end %>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
<% if scope.lookupvar("gerrit::redirect_to_canonicalweburl") -%>
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::vhost_name") %>
RewriteCond %{REQUEST_URI} !^/server-status$
RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %>
<% end -%>
ProxyRequests off
ProxyVia off
ProxyPreserveHost on
ProxyStatus On
<% if scope.lookupvar("gerrit::replicate_local") -%>
ProxyPassMatch ^/p/ !
<% end -%>
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>
ProxyPassMatch ^/robots.txt$ !
<% end -%>
ProxyPassMatch ^/server-status !
ProxyPass / http://localhost:8081/ nocanon
ProxyPassReverse / http://localhost:8081/
<% if scope.lookupvar("gerrit::robots_txt_source") != "" -%>
Alias /robots.txt /home/gerrit2/review_site/static/robots.txt
<% end -%>
<% if scope.lookupvar("gerrit::replicate_local") -%>
SetEnv GIT_PROJECT_ROOT <%= scope.lookupvar("gerrit::replicate_path") %>
SetEnv GIT_HTTP_EXPORT_ALL
AliasMatch ^/p/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ <%= scope.lookupvar("gerrit::replicate_path") %>/$1
AliasMatch ^/p/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ <%= scope.lookupvar("gerrit::replicate_path") %>/$1
ScriptAlias /p/ /usr/lib/git-core/git-http-backend/
<% end -%>
<Directory /home/gerrit2/review_site/git/>
Require all granted
Order allow,deny
Allow from all
</Directory>
<Directory /usr/lib/git-core>
Require all granted
Allow from all
Satisfy Any
</Directory>
<Directory /home/gerrit2/review_site/static/>
Require all granted
Allow from all
Satisfy Any
</Directory>
</VirtualHost>
</IfModule>

37
templates/replication.config.erb
View File

@ -1,37 +0,0 @@
# This file is managed by puppet.
# https://opendev.org/opendev/system-config
[gerrit]
defaultForceUpdate = <%= @replication_force_update %>
autoReload = <%= @replication_auto_reload %>
replicateOnStartup = <%= @replicate_on_startup %>
<% @replication.each do |replication| -%>
[remote "<%= replication['name'] %>"]
url = <%= replication['url'] %>${name}.git
<% if replication['replicationDelay'] != nil -%>
replicationDelay = <%= replication['replicationDelay'] %>
<% end -%>
<% if replication['threads'] != nil -%>
threads = <%= replication['threads'] %>
<% end -%>
<% if replication['authGroup'] != nil -%>
authGroup = <%= replication['authGroup'] %>
<% end -%>
<% if replication['replicatePermissions'] != nil -%>
replicatePermissions = <%= replication['replicatePermissions'] %>
<% end -%>
<% if replication['mirror'] != nil -%>
mirror = <%= replication['mirror'] %>
<% end -%>
<% if replication['projects'] != nil -%>
<% replication['projects'].each do |project| -%>
projects = <%= project %>
<% end -%>
<% end -%>
<% if replication['push'] != nil -%>
<% replication['push'].each do |pushref| -%>
push = <%= pushref %>
<% end -%>
<% end -%>
<% end -%>

13
templates/secure.config.erb
View File

@ -1,13 +0,0 @@
[database]
password = <%= @mysql_password %>
<% if @accountpatchreviewdb_url -%>
[accountPatchReviewDb]
url = <%= @accountpatchreviewdb_url %>
<% end -%>
[auth]
registerEmailPrivateKey = <%= @email_private_key %>
restTokenPrivateKey = <%= @token_private_key %>
<% @its_plugins.each do |its_plugin| -%>
[<%= its_plugin['name'] %>]
password = <%= its_plugin['password'] %>
<% end -%>