opendev/puppet-gerrit
Code Issues Proposed changes
Files
43f8067c008a518cccaf95e295123a08514dd075
puppet-gerrit/manifests/init.pp
Monty Taylor 43f8067c00 Add support for replicateOnStartup config option 
Gerrit supports turning off the automatic full replication on startup.
The default config value is on, so set the default here to on as well
so that this is not a behavior change. OpenDev will want to set this
to false.

Change-Id: Ibb16d212ace90750ced51ff43e714532144f577c
2019-08-26 10:12:29 +02:00

999 lines
31 KiB
Puppet
Raw Blame History

# Install and maintain Gerrit Code Review.
# params:
# mysql_password:
# The password with which gerrit connects to mysql.
# mysql_host:
# The mysql host to which gerrit should connect.
# accountpatchreviewdb_url:
# The url to the account patch review database. This database must be
# separate from your normal reviewdb as setting them to be the same
# will cause the reviewdb to be dropped. Note this puppet module uses
# 'reviewdb' for the review database, therefore don't use this name here.
# If not set then gerrit will use a default H2 database in review_site/db.
# vhost_name:
# used in the Apache virtual host, eg., review.example.com
# redirect_to_canonicalweburl:
# Boolean value to determine whether or not mod_rewrite should redirect
# requests to the canonicalweburl
# canonicalweburl:
# Used in the Gerrit config to generate links,
# eg., https://review.example.com/
# known_hosts_content:
# Contents of the known_hosts file
# git_http_url:
# Optional base URL for repositories available over the HTTP protocol
# canonical_git_url:
# URL for repositories available over the anonymous git protocol
# ssl_cert_file:
# ssl_key_file:
# Used in the Apache virtual host to specify the SSL cert and key files.
# ssl_chain_file:
# Optional, if you have an intermediate cert Apache should serve.
# ssl_*_file_contents:
# Optional, the contents of the respective cert files as a string. Will be
# used to have Puppet ensure the contents of these files. Default value of
# '' means Puppet should not manage these files.
# openidssourl:
# The URL to use for OpenID in SSO mode.
# email:
# The email address Gerrit should use when sending mail.
# smtpserver:
# The smtp server that Gerrit should send mail through.
# sendemail_from:
# gerrit.conf value for sendemail.from.
# sendemail_indclude_diff:
# Config emails to includes the complete unified diff of the change
# database_poollimit:
# container_heaplimit:
# container_javaoptions:
# gc_start_time:
# Start time to define the first execution of the git garbage collection
# gc_interval:
# Interval for periodic repetition of triggering the git garbage collection
# core_loggingbuffersize:
# core_packedgitopenfiles:
# core_packedgitlimit:
# core_packedgitwindowsize:
# sshd_threads:
# sshd_batch_threads:
# Number of threads for SSH command requests from non-interactive users
# sshd_listen_address:
# sshd_idle_timeout:
# Server automatically terminates idle connections after this time
# sshd_max_connections_per_user:
# Maximum number of concurrent SSH sessions a user account may open
# httpd_acceptorthreads:
# httpd_minthreads:
# httpd_maxthreads:
# httpd_maxqueued:
# httpd_maxwait:
# Gerrit configuration options; see Gerrit docs.
# commentlinks:
# A list of regexes Gerrit should hyperlink.
# its_plugins:
# A list of its (issue tracking system) plugins to configure.
# Example:
# its_plugins => [
# {
# 'name' => 'its-storyboard',
# 'password' => 'secret_token',
# 'url' => 'https://storyboard.openstack.org',
# },
# ],
#
# its_rules:
# A list of actions to perform on the its.
# Example:
# its_rules => [
# {
# 'name' => 'change_updates',
# 'event_type' => 'patchset-created',
# 'action' => 'add-standard-comment',
# label => [
# {
# 'name' => 'approval-Code-Review',
# 'approvals' => '-2, -1',
# },
# ],
# },
# ],
#
# trackingids:
# A list of regexes to reference external tracking systems.
# war:
# The URL of the Gerrit WAR that should be downloaded and installed.
# Note that only the final component is used for comparing to the most
# recently installed WAR. In other words, if you update the war from:
#
# http://tarballs.openstack.org/ci/gerrit.war
# to:
# http://somewhereelse.example.com/gerrit.war
#
# Gerrit won't be updated unless you delete gerrit.war from
# ~gerrit2/gerrit-wars. But if you change the URL from:
#
# http://tarballs.openstack.org/ci/gerrit-2.2.2.war
# to:
# http://tarballs.openstack.org/ci/gerrit-2.3.0.war
# Gerrit will be upgraded on the next puppet run.
# replicate_local:
# A boolean enabling local replication for apache acceleration
# replication_force_update:
# A boolean enabling replication to force updates to remote
# replication_auto_reload:
# A boolean enabling automatic reload of the replication configuration
# replicate_path:
# The path to the local git replica if replicate_local is enabled
# gitweb:
# A boolean enabling gitweb
# cgit:
# A boolean enabling cgit
# gitae:
# A boolean enabling gitea
# web_repo_url:
# Url for setting the location of an external git browser
# web_repo_url_encode:
# Whether or not Gerrit should encode the generated viewer URL.
# testmode:
# Set this to true to disable cron jobs and replication,
# which can interfere with testing.
# secondary_index:
# Set this to true to enable secondary index support
# secondary_index_type:
# which secondary index to use: SQL (no secondary index),
# LUCENE (recommended), SOLR (experimental). Note: as of
# Gerrit 2.9 LUCENE is default secondary index and SQL is
# removed.
# offline_reindex:
# Set this to true to run an offline index on upgrade
# Note the default is false, but you need to set this to true if
# bootstrapping a new install of gerrit. On a new install of Gerrit we
# need to init the indexes. When doing upgrades these should be able
# to run offline instead.
# reindex_threads:
# The number of threads to use for full offline reindexing of Gerrit data
# index_threads:
# Number of threads to use for indexing in normal interactive operations
# allow_drafts:
# Set this to false to disable drafts feature
# receive_max_object_size_limit
# Maximum allowed Git object size that 'receive-pack' will accept.
# download:
# The allowed download commands and schemes. The data structor for this
# should be a hash with keys and array of values (i.e. {key => [values]})
# Example:
# download => {
# 'command' => ['checkout', 'cherry_pick', 'pull', 'format_patch'],
# 'scheme' => ['ssh', 'anon_http', 'anon_git'],
# 'archive' => ['tar', 'tbz2', 'tgz', 'txz'],
# },
# commitmessage_params:
# A dict of commit message parameters, valid params are: maxLineLength,
# longLinesThreshold, rejectTooLong, and maxSubjectLength.
# Example:
# commitmessage_params => {
# maxSubjectLength => '60',
# maxLineLength => '72',
# },
# java_home:
# The path to java home directory
# TODO: make more gerrit options configurable here
#
class gerrit(
$mysql_password,
$accountpatchreviewdb_url = undef,
$mysql_host = 'localhost',
$war = '',
$email_private_key = '',
$token_private_key = '',
$vhost_name = $::fqdn,
$redirect_to_canonicalweburl = true,
$canonicalweburl = "https://${::fqdn}/",
$known_hosts_content = '',
$git_http_url = '',
$canonical_git_url = '',
$robots_txt_source = '', # If left empty, the gerrit default will be used.
$serveradmin = "webmaster@${::fqdn}",
$ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$ssh_dsa_key_contents = '', # If left empty puppet will not create file.
$ssh_dsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_rsa_key_contents = '', # If left empty puppet will not create file.
$ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents = '', # If left empty will not create file.
$ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
$ssh_replication_rsa_key_contents = '', # If left emptry will not create files.
$ssh_replication_rsa_pubkey_contents = '', # If left emptry will not create files.
$gerrit_auth_type = 'OPENID_SSO',
$gerrit_contributor_agreement = true,
$openidssourl = 'https://login.launchpad.net/+openid',
$ldap_server = '',
$ldap_account_base = '',
$ldap_group_base = '',
$ldap_username = '',
$ldap_password = '',
$ldap_account_pattern = '',
$ldap_account_email_address = '',
$ldap_sslverify = true,
$ldap_ssh_account_name = '',
$ldap_accountfullname = '',
$email = '',
$smtpserver = 'localhost',
$sendemail_from = 'MIXED',
$sendemail_include_diff = false,
$database_poollimit = '',
$container_heaplimit = '',
$container_javaoptions = '',
$gc_start_time = '',
$gc_interval = '',
$core_loggingbuffersize = '',
$core_packedgitlimit = '',
$core_packedgitopenfiles = '',
$core_packedgitwindowsize = '',
$sshd_threads = '',
$sshd_batch_threads = '',
$sshd_listen_address = '*:29418',
$sshd_idle_timeout = '3600',
$sshd_max_connections_per_user = '',
$httpd_acceptorthreads = '',
$httpd_minthreads = '',
$httpd_maxthreads = '',
$httpd_maxqueued = '',
$httpd_maxwait = '',
$commentlinks = [],
$its_plugins = [],
$its_rules = [],
$trackingids = [],
$enable_melody = false,
$melody_session = false,
$replicate_local = false,
$replicate_path = '/opt/lib/git',
$replication_force_update = true,
$replication_auto_reload = false,
$replicate_on_startup = true,
$replication = [],
$gitweb = true,
$cgit = false,
$gitea = false,
$web_repo_url = '',
$web_repo_url_encode = true,
$testmode = false,
$secondary_index = false,
$secondary_index_type = 'LUCENE',
$offline_reindex = false,
$enable_javamelody_top_menu = false,
$manage_jeepyb = true,
$reindex_threads = $::processorcount/2,
$report_bug_text = 'Report Bug',
$report_bug_url = '',
$index_threads = 1,
$new_groups_visible_to_all = true,
$allow_drafts = true,
$receive_max_object_size_limit = '',
$cache_diff_timeout = '',
$cache_diff_intraline_timeout = '',
$cache_accounts = '',
$cache_accounts_byemail = '',
$cache_accounts_byname = '',
$cache_groups_byuuid = '',
$download = {},
$commitmessage_params = {},
$java_home = $::gerrit::params::java_home,
) inherits ::gerrit::params {
include ::httpd
if $manage_jeepyb {
include ::jeepyb
}
include ::pip
# get the war version from the passed in url, expecting something like
# http://tarballs.openstack.org/ci/gerrit/gerrit-v2.10.2.22.acc615e.war
$split1 = split($war, '/')
$split2 = split($split1[-1], 'gerrit-v')
$split3 = split($split2[-1],'.war')
$gerrit_war_filename = $split1[-1] # like gerrit-v2.10.2.22.acc615e.war
$gerrit_war_version = $split3[0] # like 2.10.2.22.acc615e
$gerrit_war = '/home/gerrit2/review_site/bin/gerrit.war'
$gerrit_site = '/home/gerrit2/review_site'
include ::gerrit::user
# This is not needed, setting to absent for cleanup
package { 'gitweb':
ensure => absent,
}
if ( $gitweb ) {
package { 'libcgi-pm-perl':
ensure => present,
}
}
package { 'unzip':
ensure => present,
}
package { $::gerrit::params::jre_package:
ensure => present,
}
package { 'openjdk-6-jre-headless':
ensure => purged,
require => Package[$::gerrit::params::jre_package],
}
file { '/var/log/gerrit':
ensure => directory,
owner => 'gerrit2',
}
if ((!defined(File['/opt/lib']))
and ($replicate_path =~ /^\/opt\/lib\/.*$/)) {
file { '/opt/lib':
ensure => directory,
owner => root,
}
}
# Prepare gerrit directories. Even though some of these would be created
# by the init command, we can go ahead and create them now and populate them.
# That way the config files are already in place before init runs.
file { '/home/gerrit2/review_site':
ensure => directory,
owner => 'gerrit2',
require => User['gerrit2'],
}
file { '/home/gerrit2/review_site/plugins':
ensure => directory,
owner => 'gerrit2',
require => [User['gerrit2'], File['/home/gerrit2/review_site']],
}
file { '/home/gerrit2/.ssh':
ensure => directory,
owner => 'gerrit2',
mode => '0700',
require => User['gerrit2'],
}
file { '/home/gerrit2/review_site/etc':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/bin':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/static':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/hooks':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
file { '/home/gerrit2/review_site/lib':
ensure => directory,
owner => 'gerrit2',
require => File['/home/gerrit2/review_site'],
}
# Skip replication if we're in test mode
if ($testmode == false) {
# Template uses $replication
file { '/home/gerrit2/review_site/etc/replication.config':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => template('gerrit/replication.config.erb'),
replace => true,
require => File['/home/gerrit2/review_site/etc'],
}
}
# Gerrit sets these permissions in 'init'; don't fight them.
# Template uses:
# - $mysql_host
# - $canonicalweburl
# - $git_http_url
# - $canonical_git_url
# - $smtpserver
# - $sendemail_from
# - $sendemail_include_diff
# - $database_poollimit
# - $gerrit_contributor_agreement
# - $gerrit_auth_type
# - $openidssourl
# - $ldap_server
# - $ldap_username
# - $ldap_password
# - $ldap_account_base
# - $ldap_account_pattern
# - $ldap_account_email_address
# - $smtpserver
# - $sendmail_from
# - $java_home
# - $container_heaplimit
# - $container_javaoptions
# - $gc_start_time
# - $gc_interval
# - $core_packedgitopenfiles
# - $core_packedgitlimit
# - $core_packedgitwindowsize
# - $sshd_listen_address
# - $sshd_threads
# - $sshd_idle_timeout
# - $sshd_max_connections_per_user
# - $sshd_batch_threads
# - $httpd_maxwait
# - $httpd_acceptorthreads
# - $httpd_minthreads
# - $httpd_maxthreads
# - $httpd_maxqueued
# - $commentlinks
# - $its_plugins
# - $its_rules
# - $trackingids
# - $enable_melody
# - $melody_session
# - $gitweb
# - web_repo_url
# - web_repo_url_encode
# - $report_bug_text
# - $report_bug_url
# - $secondary_index_type:
# - $reindex_threads:
# - $index_threads:
# - $new_groups_visible_to_all:
# - $allow_drafts:
# - $receive_max_object_size_limit
# - $cache_diff_timeout
# - $cache_diff_intraline_timeout
# - $cache_accounts
# - $cache_accounts_byemail
# - $cache_accounts_byname
# - $cache_groups_byuuid
# - $download
# - $commitmessage_params
file { '/home/gerrit2/review_site/etc/gerrit.config':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => template('gerrit/gerrit.config.erb'),
replace => true,
require => File['/home/gerrit2/review_site/etc'],
}
# Secret files.
# Gerrit sets these permissions in 'init'; don't fight them. If
# these permissions aren't set correctly, gerrit init will write a
# new secure.config file and lose the mysql password.
# Template uses $mysql_password, $email_private_key, $token_private_key,
# and accountpatchreviewdb_url.
file { '/home/gerrit2/review_site/etc/secure.config':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => template('gerrit/secure.config.erb'),
replace => true,
require => File['/home/gerrit2/review_site/etc'],
}
# setup rules for its (issue tracking system) plugins
file { '/home/gerrit2/review_site/etc/its':
ensure => 'directory',
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
require => File['/home/gerrit2/review_site/etc'],
}
file { '/home/gerrit2/review_site/etc/its/actions.config':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => template('gerrit/gerrit.its_rules.erb'),
replace => true,
}
# Set up apache.
# Template uses:
# - $vhost_name
# - $serveradmin
# - $ssl_cert_file
# - $ssl_key_file
# - $ssl_chain_file
# - $canonicalweburl
# - $redirect_to_canonicalweburl
# - $replicate_local
# - $replicate_path
# - $robots_txt_source
::httpd::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'gerrit/gerrit.vhost.erb',
ssl => true,
}
httpd::mod { 'rewrite':
ensure => present,
before => Service['httpd'],
}
httpd::mod { 'proxy':
ensure => present,
before => Service['httpd'],
}
httpd::mod { 'proxy_http':
ensure => present,
before => Service['httpd'],
}
if ! defined(Httpd::Mod['cgid']) {
httpd::mod { 'cgid':
ensure => present,
before => Service['httpd'],
}
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $robots_txt_source != '' {
file { '/home/gerrit2/review_site/static/robots.txt':
owner => 'root',
group => 'root',
mode => '0444',
source => $robots_txt_source,
require => File['/home/gerrit2/review_site/static'],
}
}
if $ssh_dsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_dsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_dsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_dsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_dsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_host_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_project_rsa_key_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_project_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_project_rsa_pubkey_contents != '' {
file { '/home/gerrit2/review_site/etc/ssh_project_rsa_key.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_project_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/review_site/etc']
}
}
if $ssh_replication_rsa_key_contents != '' {
file { '/home/gerrit2/.ssh/id_rsa':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $ssh_replication_rsa_key_contents,
replace => true,
require => File['/home/gerrit2/.ssh']
}
}
if $ssh_replication_rsa_pubkey_contents != '' {
file { '/home/gerrit2/.ssh/id_rsa.pub':
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
content => $ssh_replication_rsa_pubkey_contents,
replace => true,
require => File['/home/gerrit2/.ssh']
}
}
if $known_hosts_content != '' {
file { '/home/gerrit2/.ssh/known_hosts':
ensure => present,
owner => 'gerrit2',
group => 'gerrit2',
mode => '0600',
content => $known_hosts_content,
replace => true,
require => File['/home/gerrit2/.ssh'],
}
}
# Install Gerrit itself.
# The Gerrit WAR is specified as a url like
# 'http://tarballs.openstack.org/ci/gerrit-2.2.2-363-gd0a67ce.war'
# Set $basewar so that we can work with filenames like
# gerrit-2.2.2-363-gd0a67ce.war'.
if $war =~ /.*\/(.*)/ {
$basewar = $1
} else {
$basewar = $war
}
# This directory is used to download and cache gerrit war files.
# That way the download and install steps are kept separate.
file { '/home/gerrit2/gerrit-wars':
ensure => directory,
require => User['gerrit2'],
}
# If we don't already have the specified WAR, download it.
exec { "download:${war}":
command => "/usr/bin/wget ${war} -O /home/gerrit2/gerrit-wars/${basewar}",
creates => "/home/gerrit2/gerrit-wars/${basewar}",
require => File['/home/gerrit2/gerrit-wars'],
}
# If gerrit.war isn't the same as $basewar, install it.
file { $gerrit_war:
ensure => present,
source => "file:///home/gerrit2/gerrit-wars/${basewar}",
require => Exec["download:${war}"],
replace => true,
# user, group, and mode have to be set this way to avoid retriggering
# gerrit-init on every run because gerrit init sets them this way
owner => 'gerrit2',
group => 'gerrit2',
mode => '0644',
}
# If gerrit.war was just installed, run the Gerrit "init" command.
exec { 'gerrit-initial-init':
user => 'gerrit2',
command => "/usr/bin/java -jar ${gerrit_war} init -d ${gerrit_site} --batch --no-auto-start",
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
refreshonly => true,
require => [Package[$::gerrit::params::jre_package],
User['gerrit2'],
File['/home/gerrit2/review_site/etc/gerrit.config'],
File['/home/gerrit2/review_site/etc/secure.config']],
notify => Exec['install-core-plugins'],
unless => '/usr/bin/test -f /etc/init.d/gerrit',
logoutput => true,
}
if ($offline_reindex) {
exec { 'gerrit-reindex':
user => 'gerrit2',
command => "/usr/bin/java -jar ${gerrit_war} reindex -d ${gerrit_site} --threads ${reindex_threads}",
subscribe => [File['/home/gerrit2/review_site/bin/gerrit.war'],
Exec['gerrit-initial-init'],
Exec['gerrit-init']],
refreshonly => true,
logoutput => true,
}
}
# If a new gerrit.war was just installed, run the Gerrit "init" command.
# Stop is included here because it may not be running or the init
# script may not exist, and in those cases, we don't care if it fails.
# Running the init script as the gerrit2 user _does_ work.
exec { 'gerrit-init':
user => 'gerrit2',
command => "/etc/init.d/gerrit stop; /usr/bin/java -jar ${gerrit_war} init -d ${gerrit_site} --batch --no-auto-start",
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
refreshonly => true,
require => [Package[$::gerrit::params::jre_package],
User['gerrit2'],
File['/home/gerrit2/review_site/etc/gerrit.config'],
File['/home/gerrit2/review_site/etc/secure.config']],
onlyif => '/usr/bin/test -f /etc/init.d/gerrit',
notify => Exec['install-core-plugins'],
logoutput => true,
}
# Install Core Plugins
exec { 'install-core-plugins':
user => 'gerrit2',
command => '/usr/bin/unzip -jo /home/gerrit2/review_site/bin/gerrit.war WEB-INF/plugins/* -d /home/gerrit2/review_site/plugins || true',
subscribe => File['/home/gerrit2/review_site/bin/gerrit.war'],
require => [Package['unzip'],
File['/home/gerrit2/review_site/plugins']],
notify => Exec['gerrit-start'],
refreshonly => true,
logoutput => true,
}
# Ensure only one set of bouncy castle libs are installed
# and remove libs installed by Gerrit init.
if versioncmp($gerrit_war_version, '2.10') > 0 {
# Remove libs for Gerrit 2.9 and lower
tidy { '/home/gerrit2/review_site/lib':
recurse => true,
matches => ['bcprov-jdk*.jar',
'bcpg-jdk*.jar',
'bcpkix-jdk*.jar',
'mysql-connector-java-*.jar',
'bcprov.jar',
'bcpg.jar',
'bcpkix.jar'],
before => Exec['gerrit-start'],
}
} else {
# Remove libs for Gerrit 2.10+
tidy { '/home/gerrit2/review_site/lib':
recurse => true,
matches => ['bcprov-jdk*.jar',
'bcpg-jdk*.jar',
'bcpkix-jdk*.jar',
'mysql-connector-java-*.jar',
'bcprov-*.jar',
'bcpg-*.jar',
'bcpkix-*.jar'],
before => Exec['gerrit-start'],
}
}
class { '::httpd::logrotate':
options => [
'daily',
'missingok',
'rotate 30',
'compress',
'delaycompress',
'notifempty',
'create 640 root adm',
'sharedscripts',
],
}
# Symlink the init script.
file { '/etc/init.d/gerrit':
ensure => link,
target => '/home/gerrit2/review_site/bin/gerrit.sh',
require => Exec['gerrit-initial-init'],
}
# The init script requires the path to gerrit to be set.
file { '/etc/default/gerritcodereview':
ensure => present,
source => 'puppet:///modules/gerrit/gerritcodereview.default',
replace => true,
owner => 'root',
group => 'root',
mode => '0444',
}
# Make sure the init script starts on boot.
file { ['/etc/rc0.d/K10gerrit',
'/etc/rc1.d/K10gerrit',
'/etc/rc2.d/S90gerrit',
'/etc/rc3.d/S90gerrit',
'/etc/rc4.d/S90gerrit',
'/etc/rc5.d/S90gerrit',
'/etc/rc6.d/K10gerrit']:
ensure => link,
target => '/etc/init.d/gerrit',
require => File['/etc/init.d/gerrit'],
}
exec { 'gerrit-start':
command => '/etc/init.d/gerrit start',
require => [File['/etc/init.d/gerrit'],
Tidy['/home/gerrit2/review_site/lib']],
refreshonly => true,
}
file { '/usr/local/gerrit':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/usr/local/gerrit/scripts':
ensure => absent,
}
package { 'libmysql-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/mysql-connector-java.jar':
ensure => link,
target => '/usr/share/java/mysql-connector-java.jar',
before => Exec['gerrit-start'],
require => [
Package['libmysql-java'],
File['/home/gerrit2/review_site/lib'],
],
}
$mysql_data = load_module_metadata('mysql', true)
if $mysql_data == {} {
package { 'mysql-client':
ensure => present,
before => File['/etc/mysql/conf.d/client.conf'],
}
} else {
include ::mysql::client
Class['::mysql::client'] -> File['/etc/mysql/conf.d/client.conf']
}
# Add config to make clients assume UTF-8 encoding
file { '/etc/mysql/conf.d/client.conf':
ensure => present,
source => 'puppet:///modules/gerrit/my.cnf',
replace => true,
owner => 'root',
group => 'root',
mode => '0644',
}
# Gerrit 2.10 requires libs not available in ubuntu repositories
# need to download them directly from maven central.
if (versioncmp($gerrit_war_version, '2.10') > 0) and (versioncmp($gerrit_war_version, '2.12') < 0) {
exec { 'download bcprov-jdk15on-1.51.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.51/bcprov-jdk15on-1.51.jar -O /home/gerrit2/review_site/lib/bcprov-1.51.jar',
creates => '/home/gerrit2/review_site/lib/bcprov-1.51.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
exec { 'download bcpkix-jdk15on-1.51.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.51/bcpkix-jdk15on-1.51.jar -O /home/gerrit2/review_site/lib/bcpkix-1.51.jar',
creates => '/home/gerrit2/review_site/lib/bcpkix-1.51.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
} elsif (versioncmp($gerrit_war_version, '2.12') > 0) {
exec { 'download bcprov-jdk15on-1.52.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar -O /home/gerrit2/review_site/lib/bcprov-1.52.jar',
creates => '/home/gerrit2/review_site/lib/bcprov-1.52.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
exec { 'download bcpkix-jdk15on-1.52.jar':
user => 'gerrit2',
command => '/usr/bin/wget https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar -O /home/gerrit2/review_site/lib/bcpkix-1.52.jar',
creates => '/home/gerrit2/review_site/lib/bcpkix-1.52.jar',
before => Exec['gerrit-start'],
require => File['/home/gerrit2/review_site/lib'],
}
} else {
package { 'libbcprov-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/bcprov.jar':
ensure => link,
target => '/usr/share/java/bcprov.jar',
before => Exec['gerrit-start'],
require => [
Package['libbcprov-java'],
File['/home/gerrit2/review_site/lib'],
],
}
# Required for the version of Bouncy Castle on Trusty and later
if ($::lsbdistcodename != 'precise') {
package { 'libbcpkix-java':
ensure => present,
}
file { '/home/gerrit2/review_site/lib/bcpkix.jar':
ensure => link,
target => '/usr/share/java/bcpkix.jar',
before => Exec['gerrit-start'],
require => [
Package['libbcpkix-java'],
File['/home/gerrit2/review_site/lib'],
],
}
}
}
file { '/home/gerrit2/review_site/etc/contact_information.pub':
ensure => absent,
}
file { '/home/gerrit2/review_site/lib/fakestore.cgi':
ensure => absent,
}
# create local replication directory if needed
if $replicate_local {
file { $replicate_path:
ensure => directory,
owner => 'gerrit2',
}
}
}
View Git Blame Copy Permalink