opendev/system-config
Code Issues Proposed changes

Modified gerrit to use MySQL and Apache modules.

Browse Source 
Change-Id: I82ff3c46438f8db126fa6a881efa09c90b1906e4
This commit is contained in:
Monty Taylor 2012-07-27 17:14:31 +00:00
parent 98a0e386cd
commit c510a30e1e
8 changed files with 53 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/site.pp
View File

@ -14,6 +14,7 @@ node "review.openstack.org" {
class { 'openstack_project::review': class { 'openstack_project::review':
github_oauth_token => hiera('gerrit_github_token'), github_oauth_token => hiera('gerrit_github_token'),
mysql_password => hiera('gerrit_mysql_password'), mysql_password => hiera('gerrit_mysql_password'),
mysql_root_password => hiera('gerrit_mysql_root_password'),
email_private_key => hiera('gerrit_email_private_key'), email_private_key => hiera('gerrit_email_private_key'),
gerritbot_password => hiera('gerrit_gerritbot_password'), gerritbot_password => hiera('gerrit_gerritbot_password'),
} }
@ -24,6 +25,7 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
class { 'openstack_project::review_dev': class { 'openstack_project::review_dev':
github_oauth_token => hiera('gerrit_dev_github_token'), github_oauth_token => hiera('gerrit_dev_github_token'),
mysql_password => hiera('gerrit_dev_mysql_password'), mysql_password => hiera('gerrit_dev_mysql_password'),
mysql_root_password => hiera('gerrit_dev_mysql_root_password'),
email_private_key => hiera('gerrit_dev_email_private_key') email_private_key => hiera('gerrit_dev_email_private_key')
} }
} }

132
modules/gerrit/files/my.cnf
View File

@ -1,132 +0,0 @@
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
default-storage-engine=INNODB
#
# * IMPORTANT
# If you make changes to these settings and your system uses apparmor, you may
# also need to also adjust /etc/apparmor.d/usr.sbin.mysqld.
#
user = mysql
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = 127.0.0.1
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
log_error = /var/log/mysql/error.log
# Here you can see queries with especially long duration
#log_slow_queries = /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
server-id = 1
log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
binlog_format = ROW
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

128
modules/gerrit/manifests/init.pp
View File

@ -73,10 +73,19 @@ class gerrit($virtual_hostname=$fqdn,
$enable_melody = 'false', $enable_melody = 'false',
$melody_session = 'false', $melody_session = 'false',
$mysql_password, $mysql_password,
$mysql_root_password,
$email_private_key, $email_private_key,
$testmode=false $testmode=false
) { ) {
include apache
require apache::dev
$java_home = $lsbdistcodename ? {
"precise" => "/usr/lib/jvm/java-6-openjdk-amd64/jre",
default => "/usr/lib/jvm/java-6-openjdk/jre",
}
user { "gerrit2": user { "gerrit2":
ensure => present, ensure => present,
comment => "Gerrit", comment => "Gerrit",
@ -92,9 +101,7 @@ class gerrit($virtual_hostname=$fqdn,
} }
$packages = ["gitweb", $packages = ["gitweb",
"openjdk-6-jre-headless", "openjdk-6-jre-headless"]
"mysql-server",
"apache2"]
package { $packages: package { $packages:
ensure => present, ensure => present,
@ -182,102 +189,40 @@ class gerrit($virtual_hostname=$fqdn,
} }
# Set up MySQL. # Set up MySQL.
# We should probably have or use a puppet module to manage mysql, and then
# use that to satisfy the requirements that gerrit has.
exec { "gerrit-mysql": class {"mysql::server":
creates => "/var/lib/mysql/reviewdb/", config_hash => {
command => "/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -e \"\ 'root_password' => "${mysql_root_password}",
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY '${mysql_password}';\ 'default_engine' => 'InnoDB',
CREATE DATABASE reviewdb;\ 'bind_address' => '127.0.0.1',
ALTER DATABASE reviewdb charset=latin1;\ }
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';\
FLUSH PRIVILEGES;\"",
require => Package["mysql-server"],
} }
file { "/etc/mysql/my.cnf": mysql::db { "reviewdb":
source => 'puppet:///modules/gerrit/my.cnf', user => "gerrit2",
owner => 'root', password => "${mysql_password}",
group => 'root', host => "localhost",
ensure => 'present', grant => "all",
replace => 'true', charset => "latin1",
mode => 444,
require => Package["mysql-server"],
} }
# Set up apache. This should also be a separate, generalized module. # Set up apache.
file { "/etc/apache2/sites-available/gerrit": apache::vhost { $virtual_hostname:
content => template('gerrit/gerrit.vhost.erb'), port => 443,
owner => 'root', docroot => 'MEANINGLESS ARGUMENT',
group => 'root', priority => '50',
ensure => 'present', template => 'gerrit/gerrit.vhost.erb',
replace => 'true', ssl => true,
mode => 444,
require => Package["apache2"],
} }
a2mod { 'rewrite':
file { "/etc/apache2/sites-enabled/gerrit": ensure => present
ensure => link,
target => '/etc/apache2/sites-available/gerrit',
require => [
File['/etc/apache2/sites-available/gerrit'],
File['/etc/apache2/mods-enabled/ssl.conf'],
File['/etc/apache2/mods-enabled/ssl.load'],
File['/etc/apache2/mods-enabled/rewrite.load'],
File['/etc/apache2/mods-enabled/proxy.conf'],
File['/etc/apache2/mods-enabled/proxy.load'],
File['/etc/apache2/mods-enabled/proxy_http.load'],
],
} }
a2mod { 'proxy':
file { '/etc/apache2/sites-enabled/000-default': ensure => present
require => File['/etc/apache2/sites-available/gerrit'],
ensure => absent,
} }
a2mod { 'proxy_http':
file { '/etc/apache2/mods-enabled/ssl.conf': ensure => present
target => '/etc/apache2/mods-available/ssl.conf',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/ssl.load':
target => '/etc/apache2/mods-available/ssl.load',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/rewrite.load':
target => '/etc/apache2/mods-available/rewrite.load',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/proxy.conf':
target => '/etc/apache2/mods-available/proxy.conf',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/proxy.load':
target => '/etc/apache2/mods-available/proxy.load',
ensure => link,
require => Package['apache2'],
}
file { '/etc/apache2/mods-enabled/proxy_http.load':
target => '/etc/apache2/mods-available/proxy_http.load',
ensure => link,
require => Package['apache2'],
}
exec { "gracefully restart apache":
subscribe => [ File["/etc/apache2/sites-available/gerrit"]],
refreshonly => true,
path => "/bin:/usr/bin:/usr/sbin",
command => "apache2ctl graceful",
} }
# Install Gerrit itself. # Install Gerrit itself.
@ -329,8 +274,7 @@ class gerrit($virtual_hostname=$fqdn,
refreshonly => true, refreshonly => true,
require => [Package["openjdk-6-jre-headless"], require => [Package["openjdk-6-jre-headless"],
User["gerrit2"], User["gerrit2"],
Exec["gerrit-mysql"], Mysql::Db["reviewdb"],
File["/etc/mysql/my.cnf"], # For innodb default tables
File["/home/gerrit2/review_site/etc/gerrit.config"], File["/home/gerrit2/review_site/etc/gerrit.config"],
File["/home/gerrit2/review_site/etc/secure.config"]], File["/home/gerrit2/review_site/etc/secure.config"]],
notify => Exec["gerrit-start"], notify => Exec["gerrit-start"],

2
modules/gerrit/templates/gerrit.config.erb
View File

@ -22,7 +22,7 @@
smtpServer = localhost smtpServer = localhost
[container] [container]
user = gerrit2 user = gerrit2
javaHome = /usr/lib/jvm/java-6-openjdk/jre javaHome = <% java_home %>
<% if container_heaplimit != "" -%> <% if container_heaplimit != "" -%>
heapLimit = <%= container_heaplimit %> heapLimit = <%= container_heaplimit %>
<% end -%> <% end -%>

16
modules/gerrit/templates/gerrit.vhost.erb
View File

@ -5,13 +5,13 @@
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
Redirect / <%= canonicalweburl %> Redirect / <%= scope.lookupvar("gerrit::canonicalweburl") %>
</VirtualHost> </VirtualHost>
<IfModule mod_ssl.c> <IfModule mod_ssl.c>
<VirtualHost _default_:443> <VirtualHost _default_:443>
ServerName <%= virtual_hostname %> ServerName <%= scope.lookupvar("gerrit::virtual_hostname") %>
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
@ -21,10 +21,10 @@
SSLEngine on SSLEngine on
SSLCertificateFile <%= ssl_cert_file %> SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %>
SSLCertificateKeyFile <%= ssl_key_file %> SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %>
<% if ssl_chain_file != "" %> <% if scope.lookupvar("gerrit::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= ssl_chain_file %> SSLCertificateChainFile <%= scope.lookupvar("gerrit::ssl_chain_file") %>
<% end %> <% end %>
<FilesMatch "\.(cgi|shtml|phtml|php)$"> <FilesMatch "\.(cgi|shtml|phtml|php)$">
@ -41,8 +41,8 @@
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= virtual_hostname %> RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::virtual_hostname") %>
RewriteRule ^.*$ <%= canonicalweburl %> RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %>
RewriteCond %{REQUEST_URI} !^/p/ RewriteCond %{REQUEST_URI} !^/p/
RewriteRule ^/(.*)$ http://localhost:8081/$1 [P] RewriteRule ^/(.*)$ http://localhost:8081/$1 [P]

2
modules/openstack_project/manifests/gerrit.pp
View File

@ -27,6 +27,7 @@ class openstack_project::gerrit (
$github_username, $github_username,
$github_oauth_token, $github_oauth_token,
$mysql_password, $mysql_password,
$mysql_root_password,
$email_private_key, $email_private_key,
$testmode=false, $testmode=false,
) { ) {
@ -82,6 +83,7 @@ class openstack_project::gerrit (
script_user => $script_user, script_user => $script_user,
script_key_file => $script_key_file, script_key_file => $script_key_file,
mysql_password => $mysql_password, mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
email_private_key => $email_private_key, email_private_key => $email_private_key,
testmode => $testmode, testmode => $testmode,
} }

2
modules/openstack_project/manifests/review.pp
View File

@ -27,6 +27,7 @@
class openstack_project::review( class openstack_project::review(
$github_oauth_token, $github_oauth_token,
$mysql_password, $mysql_password,
$mysql_root_password,
$email_private_key, $email_private_key,
$gerritbot_password) { $gerritbot_password) {
include openstack_project include openstack_project
@ -49,6 +50,7 @@ class openstack_project::review(
github_username => 'openstack-gerrit', github_username => 'openstack-gerrit',
github_oauth_token => $github_oauth_token, github_oauth_token => $github_oauth_token,
mysql_password => $mysql_password, mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
email_private_key => $email_private_key, email_private_key => $email_private_key,
} }
class { 'gerritbot': class { 'gerritbot':

2
modules/openstack_project/manifests/review_dev.pp
View File

@ -1,6 +1,7 @@
class openstack_project::review_dev( class openstack_project::review_dev(
$github_oauth_token, $github_oauth_token,
$mysql_password, $mysql_password,
$mysql_root_password,
$email_private_key) { $email_private_key) {
class { 'openstack_project::gerrit': class { 'openstack_project::gerrit':
virtual_hostname => 'review-dev.openstack.org', virtual_hostname => 'review-dev.openstack.org',
@ -19,6 +20,7 @@ class openstack_project::review_dev(
github_username => 'openstack-gerrit-dev', github_username => 'openstack-gerrit-dev',
github_oauth_token => $github_oauth_token, github_oauth_token => $github_oauth_token,
mysql_password => $mysql_password, mysql_password => $mysql_password,
mysql_root_password => $mysql_root_password,
email_private_key => $email_private_key, email_private_key => $email_private_key,
} }
} }