diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 912cc91..0000000 --- a/.gitignore +++ /dev/null @@ -1,6 +0,0 @@ -*.swp -*~ -*.pyc -applytest -doc/html/ -manifests/secrets.pp diff --git a/.gitreview b/.gitreview deleted file mode 100644 index c81ce36..0000000 --- a/.gitreview +++ /dev/null @@ -1,4 +0,0 @@ -[gerrit] -host=review.openstack.org -port=29418 -project=openstack/openstack-ci-puppet.git diff --git a/README.md b/README.md deleted file mode 100644 index 2e84183..0000000 --- a/README.md +++ /dev/null @@ -1,12 +0,0 @@ -These are a set of puppet manifests and modules that are currently being -used to manage the OpenStack CI infrastructure. - -The main entry point is in manifests/site.py. - -In general, most of the modules here are designed to be able to be run -either in agent or apply mode. - -These puppet modules require puppet 2.7 or greater. Additionally, the -site.pp manifest assumes the existence of hiera. - -See http://ci.openstack.org for more information. diff --git a/doc/conf.py b/doc/conf.py deleted file mode 100644 index d54ab3b..0000000 --- a/doc/conf.py +++ /dev/null @@ -1,216 +0,0 @@ -# -*- coding: utf-8 -*- -# -# OpenStack CI documentation build configuration file, created by -# sphinx-quickstart on Mon Jul 18 13:42:23 2011. -# -# This file is execfile()d with the current directory set to its containing dir. -# -# Note that not all possible configuration values are present in this -# autogenerated file. -# -# All configuration values have a default; values that are commented out -# serve to show the default. - -import datetime - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -#sys.path.insert(0, os.path.abspath('.')) - -# -- General configuration ----------------------------------------------------- - -# If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be extensions -# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -extensions = [] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The encoding of source files. -#source_encoding = 'utf-8-sig' - -# The master toctree document. -master_doc = 'index' - -# General information about the project. -project = u'OpenStack CI' -copyright = u'2011, Monty Taylor, James Blair and Andrew Hutchings' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The short X.Y version. -version = "%d.%02d" % (datetime.datetime.now().year, datetime.datetime.now().month) -# The full version, including alpha/beta/rc tags. -release = "%d.%02d.%02d" % (datetime.datetime.now().year, datetime.datetime.now().month, datetime.datetime.now().day) - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -#language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -#today = '' -# Else, today_fmt is used as the format for a strftime call. -#today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = [] - -# The reST default role (used for this markup: `text`) to use for all documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' - -# A list of ignored prefixes for module index sorting. -#modindex_common_prefix = [] - - -# -- Options for HTML output --------------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = 'default' - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -#html_theme_options = {} - -# Add any paths that contain custom themes here, relative to this directory. -#html_theme_path = [] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -#html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -#html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -#html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -#html_last_updated_fmt = '%b %d, %Y' - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -#html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -#html_additional_pages = {} - -# If false, no module index is generated. -#html_domain_indices = True - -# If false, no index is generated. -#html_use_index = True - -# If true, the index is split into individual pages for each letter. -#html_split_index = False - -# If true, links to the reST sources are added to the pages. -#html_show_sourcelink = True - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -#html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = None - -# Output file base name for HTML help builder. -htmlhelp_basename = 'OpenStackCIdoc' - - -# -- Options for LaTeX output -------------------------------------------------- - -# The paper size ('letter' or 'a4'). -#latex_paper_size = 'letter' - -# The font size ('10pt', '11pt' or '12pt'). -#latex_font_size = '10pt' - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, documentclass [howto/manual]). -latex_documents = [ - ('index', 'OpenStackCI.tex', u'OpenStack CI Documentation', - u'Monty Taylor and James Blair', 'manual'), -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# If true, show page references after internal links. -#latex_show_pagerefs = False - -# If true, show URL addresses after external links. -#latex_show_urls = False - -# Additional stuff for the LaTeX preamble. -#latex_preamble = '' - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_domain_indices = True - - -# -- Options for manual page output -------------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ('index', 'openstackci', u'OpenStack CI Documentation', - [u'Monty Taylor, James Blair and Andrew Hutchings'], 1) -] diff --git a/doc/gerrit.rst b/doc/gerrit.rst deleted file mode 100644 index dbb04ec..0000000 --- a/doc/gerrit.rst +++ /dev/null @@ -1,1006 +0,0 @@ -:title: Gerrit Installation - -Gerrit -###### - -Objective -********* - -A workflow where developers submit changes to gerrit, changes are -peer-reviewed and automatically tested by Jenkins before being -committed to the main repo. The public repo is on github. - -References -********** - -* http://gerrit.googlecode.com/svn/documentation/2.2.1/install.html -* http://feeding.cloud.geek.nz/2011/04/code-reviews-with-gerrit-and-gitorious.html -* http://feeding.cloud.geek.nz/2011/05/integrating-launchpad-and-gerrit-code.html -* http://www.infoq.com/articles/Gerrit-jenkins-hudson -* https://wiki.jenkins-ci.org/display/JENKINS/Gerrit+Trigger -* https://wiki.mahara.org/index.php/Developer_Area/Developer_Tools - -Known Issues -************ - -* Don't use innodb until at least gerrit 2.2.2 because of: - http://code.google.com/p/gerrit/issues/detail?id=518 - -Installation -************ - -Host Installation -================= - -Prepare Host ------------- -This sets the host up with the standard OpenStack system -administration configuration. Skip this if you're not setting up a -host for use by the OpenStack project. - -.. code-block:: bash - - sudo apt-get install puppet git openjdk-6-jre-headless mysql-server - git clone git://github.com/openstack/openstack-ci-puppet.git - cd openstack-ci-puppet/ - sudo bash run_puppet.sh - -Install MySQL -------------- -You should setup MySQL as follows, changing 'secret' to a suitable password: - -.. code-block:: bash - - mysql -u root -p - -.. code-block:: mysql - - CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'secret'; - CREATE DATABASE reviewdb; - ALTER DATABASE reviewdb charset=latin1; - GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost'; - FLUSH PRIVILEGES; - -Then create the gerrit2 system user as follows: - -.. code-block:: bash - - sudo useradd -mr gerrit2 - sudo chsh gerrit2 -s /bin/bash - sudo su - gerrit2 - -With Gerrit 2.2.2 onwards edit /etc/mysql/my.cnf with the following: - -.. code-block:: ini - - [mysqld] - default-storage-engine=INNODB - -Install Gerrit --------------- - -Note that Openstack's gerrit installation currently uses a custom .war of gerrit -2.2.2. The following instruction is for the generic gerrit binaries: - -.. code-block:: bash - - wget http://gerrit.googlecode.com/files/gerrit-2.2.1.war - mv gerrit-2.2.1.war gerrit.war - java -jar gerrit.war init -d review_site - -The .war file will bring up an interactive tool to change the settings, these -should be set as follows. Note that the password configured earlier for MySQL -should be provided when prompted:: - - *** Gerrit Code Review 2.2.1 - *** - - Create '/home/gerrit2/review_site' [Y/n]? - - *** Git Repositories - *** - - Location of Git repositories [git]: - - *** SQL Database - *** - - Database server type [H2/?]: ? - Supported options are: - h2 - postgresql - mysql - jdbc - Database server type [H2/?]: mysql - - Gerrit Code Review is not shipped with MySQL Connector/J 5.1.10 - ** This library is required for your configuration. ** - Download and install it now [Y/n]? - Downloading http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.10/mysql-connector-java-5.1.10.jar ... OK - Checksum mysql-connector-java-5.1.10.jar OK - Server hostname [localhost]: - Server port [(MYSQL default)]: - Database name [reviewdb]: - Database username [gerrit2]: - gerrit2's password : - confirm password : - - *** User Authentication - *** - - Authentication method [OPENID/?]: - - *** Email Delivery - *** - - SMTP server hostname [localhost]: - SMTP server port [(default)]: - SMTP encryption [NONE/?]: - SMTP username : - - *** Container Process - *** - - Run as [gerrit2]: - Java runtime [/usr/lib/jvm/java-6-openjdk/jre]: - Copy gerrit.war to /home/gerrit2/review_site/bin/gerrit.war [Y/n]? - Copying gerrit.war to /home/gerrit2/review_site/bin/gerrit.war - - *** SSH Daemon - *** - - Listen on address [*]: - Listen on port [29418]: - - Gerrit Code Review is not shipped with Bouncy Castle Crypto v144 - If available, Gerrit can take advantage of features - in the library, but will also function without it. - Download and install it now [Y/n]? - Downloading http://www.bouncycastle.org/download/bcprov-jdk16-144.jar ... OK - Checksum bcprov-jdk16-144.jar OK - Generating SSH host key ... rsa... dsa... done - - *** HTTP Daemon - *** - - Behind reverse proxy [y/N]? y - Proxy uses SSL (https://) [y/N]? y - Subdirectory on proxy server [/]: - Listen on address [*]: - Listen on port [8081]: - Canonical URL [https://review.openstack.org/]: - - Initialized /home/gerrit2/review_site - Executing /home/gerrit2/review_site/bin/gerrit.sh start - Starting Gerrit Code Review: OK - Waiting for server to start ... OK - Opening browser ... - Please open a browser and go to https://review.openstack.org/#admin,projects - -Configure Gerrit ----------------- - -The file /home/gerrit2/review_site/etc/gerrit.config will be setup automatically -by puppet. - -Set Gerrit to start on boot: - -.. code-block:: bash - - ln -snf /home/gerrit2/review_site/bin/gerrit.sh /etc/init.d/gerrit - update-rc.d gerrit defaults 90 10 - -Then create the file ``/etc/default/gerritcodereview`` with the following -contents: - -.. code-block:: ini - - GERRIT_SITE=/home/gerrit2/review_site - -Add "Approved" review type to gerrit: - -.. code-block:: mysql - - mysql -u root -p - use reviewdb; - insert into approval_categories values ('Approved', 'A', 2, 'MaxNoBlock', 'N', 'APRV'); - insert into approval_category_values values ('No score', 'APRV', 0); - insert into approval_category_values values ('Approved', 'APRV', 1); - update approval_category_values set name = "Looks good to me (core reviewer)" where name="Looks good to me, approved"; - -Expand "Verified" review type to -2/+2: - -.. code-block:: mysql - - mysql -u root -p - use reviewdb; - update approval_category_values set value=2 - where value=1 and category_id='VRIF'; - update approval_category_values set value=-2 - where value=-1 and category_id='VRIF'; - insert into approval_category_values values - ("Doesn't seem to work","VRIF",-1), - ("Works for me","VRIF","1"); - -Reword the default messages that use the word Submit, as they imply that -we're not happy with people for submitting the patch in the first place: - -.. code-block:: mysql - - mysql -u root -p - use reviewdb; - update approval_category_values set name="Do not merge" - where category_id='CRVW' and value=-2; - update approval_category_values - set name="I would prefer that you didn't merge this" - where category_id='CRVW' and value=-1; - -OpenStack currently uses a hybrid approach for CLA enforcement. We -use Gerrit's built in CLA system to ensure that contributors have -signed the CLA, but contributors don't actually use Gerrit to sign it. -Instead, developers use an external service (Echosign) to agree to the -CLA, and then request membership in a Launchpad group called -"openstack-cla". The moderators of that group (core members of any -OpenStack project) approve membership requests after verifying that -new contributors have signed the CLA at Echosign. The openstack-cla -group is kept synchronized with Gerrit. Gerrit is then configured -with a "dummy" CLA (which users are not expected to see), and the -administrator indicates to Gerrit that the entire openstack-cla group -has agreed to the CLA. This lets Gerrit enforce that the CLA has been -signed while the actual facility to sign it in Gerrit is disabled via -a source patch. - -This configuration is not recommended for new projects and is merely -an artifact of legal requirements placed on the OpenStack project. -Here are the SQL commands to set it up: - -.. code-block:: mysql - - insert into contributor_agreement_id values (NULL); - insert into contributor_agreements values ('Y', 'N', 'N', 'CLA (Echosign)', - 'OpenStack CLA via Echosign', 'static/echosign-cla.html', 1); - - insert into account_group_agreements values ( - now(), 'V', 1, now(), NULL, - (select group_id from account_group_names where name='openstack-cla'), - 1); - - -Install Apache --------------- -:: - - apt-get install apache2 - -Create: /etc/apache2/sites-available/gerrit: - -.. code-block:: apacheconf - - - ServerAdmin webmaster@localhost - - ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined - - Redirect / https://review-dev.openstack.org/ - - - - - - ServerAdmin webmaster@localhost - - ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined - - SSLEngine on - - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - RewriteEngine on - RewriteCond %{HTTP_HOST} !review-dev.openstack.org - RewriteRule ^.*$ https://review-dev.openstack.org/ - - ProxyPassReverse / http://localhost:8081/ - - Order allow,deny - Allow from all - ProxyPass http://localhost:8081/ retry=0 - - - - - - -Run the following commands: - -.. code-block:: bash - - a2enmod ssl proxy proxy_http rewrite - a2ensite gerrit - a2dissite default - -Install Exim ------------- -:: - - apt-get install exim4 - dpkg-reconfigure exim4-config - -Choose "internet site", otherwise select defaults - -edit: /etc/default/exim4 :: - - QUEUEINTERVAL='5m' - -GitHub Setup -============ - -Generate an SSH key for Gerrit for use on GitHub ------------------------------------------------- -:: - - sudo su - gerrit2 - gerrit2@gerrit:~$ ssh-keygen - Generating public/private rsa key pair. - Enter file in which to save the key (/home/gerrit2/.ssh/id_rsa): - Created directory '/home/gerrit2/.ssh'. - Enter passphrase (empty for no passphrase): - Enter same passphrase again: - -GitHub Configuration --------------------- - -#. create openstack-gerrit user on github -#. add gerrit2 ssh public key to openstack-gerrit user -#. create gerrit team in openstack org on github with push/pull access -#. add openstack-gerrit to gerrit team in openstack org -#. add public master repo to gerrit team in openstack org -#. save github host key in known_hosts - -:: - - gerrit2@gerrit:~$ ssh git@github.com - The authenticity of host 'github.com (207.97.227.239)' can't be established. - RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48. - Are you sure you want to continue connecting (yes/no)? yes - Warning: Permanently added 'github.com,207.97.227.239' (RSA) to the list of known hosts. - PTY allocation request failed on channel 0 - -You will also need to create the file ``github.secure.config`` in the gerrit2 user's home directory. The contents of this are as follows: - -.. code-block:: ini - - [github] - username = guthub-user - api_token = hexstring - -The username should be the github username for gerrit to use when communicating -with github. The api_token can be found in github's account setting for the -account. - -Gerrit Replication to GitHub ----------------------------- - -The file ``review_site/etc/replication.config`` is needed with the following -contents: - -.. code-block:: ini - - [remote "github"] - url = git@github.com:${name}.git - -Jenkins / Gerrit Integration -============================ - -Create a Jenkins User in Gerrit -------------------------------- - -With the jenkins public key, as a gerrit admin user:: - - cat jenkins.pub | ssh -p29418 review.openstack.org gerrit create-account --ssh-key - --full-name Jenkins jenkins - -Create "CI Systems" group in gerrit, make jenkins a member - -Create a Gerrit Git Prep Job in Jenkins ---------------------------------------- - -When gating trunk with Jenkins, we want to test changes as they will -appear once merged by Gerrit, but the gerrit trigger plugin will, by -default, test them as submitted. If HEAD moves on while the change is -under review, it may end up getting merged with HEAD, and we want to -test the result. - -To do that, make sure the "Hudson Template Project plugin" is -installed, then set up a new job called "Gerrit Git Prep", and add a -shell command build step (no other configuration):: - - #!/bin/sh -x - git checkout $GERRIT_BRANCH - git reset --hard remotes/origin/$GERRIT_BRANCH - git merge FETCH_HEAD - CODE=$? - if [ ${CODE} -ne 0 ]; then - git reset --hard remotes/origin/$GERRIT_BRANCH - exit ${CODE} - fi - -Later, we will configure Jenkins jobs that we want to behave this way -to use this build step. - -Auto Review Expiry -================== - -Puppet automatically installs a daily cron job called ``expire_old_reviews.py`` -onto the gerrit servers. This script follows two rules: - - #. If the review hasn't been touched in 2 weeks, mark as abandoned. - #. If there is a negative review and it hasn't been touched in 1 week, mark as - abandoned. - -If your review gets touched by either of these rules it is possible to -unabandon a review on the gerrit web interface. - -Launchpad Sync -============== - -The launchpad user sync process consists of two scripts which are in -openstack/openstack-ci on github: sync_launchpad_gerrit.py and -insert_gerrit.py. - -Both scripts should be run as gerrit2 on review.openstack.org - -sync_launchpad_users.py runs and creates a python pickle file, users.pickle, -with all of the user and group information. This is a long process. (12 -minutes) - -insert_gerrit.py reads the pickle file and applies it to the MySQL database. -The gerrit caches must then be flushed. - -Depends -------- -:: - - apt-get install python-mysqldb python-openid python-launchpadlib - -Keys ----- - -The key for the launchpad sync user is in ~/.ssh/launchpad_rsa. Connecting -to Launchpad requires oauth authentication - so the first time -sync_launchpad_gerrit.py is run, it will display a URL. Open this URL in a -browser and log in to launchpad as the hudson-openstack user. Subsequent -runs will run with cached credentials. - -Running -------- -:: - - cd openstack-ci - git pull - python sync_launchpad_gerrit.py - python insert_gerrit.py - ssh -i /home/gerrit2/.ssh/launchpadsync_rsa -p29418 review.openstack.org gerrit flush-caches - -Gerrit IRC Bot -============== - -Installation ------------- - -Ensure there is an up-to-date checkout of openstack-ci in ~gerrit2. - -:: - - apt-get install python-irclib python-daemon python-yaml - cp ~gerrit2/openstack-ci/gerritbot.init /etc/init.d - chmod a+x /etc/init.d/gerritbot - update-rc.d gerritbot defaults - su - gerrit2 - ssh-keygen -f /home/gerrit2/.ssh/gerritbot_rsa - -As a Gerrit admin, create a user for gerritbot:: - - cat ~gerrit2/.ssh/gerritbot_rsa | ssh -p29418 gerrit.openstack.org gerrit create-account --ssh-key - --full-name GerritBot gerritbot - -Configure gerritbot, including which events should be announced in the -gerritbot.config file: - -.. code-block:: ini - - [ircbot] - nick=NICNAME - pass=PASSWORD - server=irc.freenode.net - channel=openstack-dev - port=6667 - - [gerrit] - user=gerritbot - key=/home/gerrit2/.ssh/gerritbot_rsa - host=review.openstack.org - port=29418 - events=patchset-created, change-merged, x-vrif-minus-1, x-crvw-minus-2 - -Register an account with NickServ on FreeNode, and put the account and -password in the config file. - -:: - - sudo /etc/init.d/gerritbot start - -Launchpad Bug Integration -========================= - -In addition to the hyperlinks provided by the regex in gerrit.config, -we use a Gerrit hook to update Launchpad bugs when changes referencing -them are applied. - -Installation ------------- - -Ensure an up-to-date checkout of openstack-ci is in ~gerrit2. - -:: - - apt-get install python-pyme - cp ~gerrit2/gerrit-hooks/change-merged ~gerrit2/review_site/hooks/ - -Create a GPG and register it with Launchpad:: - - gerrit2@gerrit:~$ gpg --gen-key - gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc. - This is free software: you are free to change and redistribute it. - There is NO WARRANTY, to the extent permitted by law. - - Please select what kind of key you want: - (1) RSA and RSA (default) - (2) DSA and Elgamal - (3) DSA (sign only) - (4) RSA (sign only) - Your selection? - RSA keys may be between 1024 and 4096 bits long. - What keysize do you want? (2048) - Requested keysize is 2048 bits - Please specify how long the key should be valid. - 0 = key does not expire - = key expires in n days - w = key expires in n weeks - m = key expires in n months - y = key expires in n years - Key is valid for? (0) - Key does not expire at all - Is this correct? (y/N) y - - You need a user ID to identify your key; the software constructs the user ID - from the Real Name, Comment and Email Address in this form: - "Heinrich Heine (Der Dichter) " - - Real name: Openstack Gerrit - Email address: review@openstack.org - Comment: - You selected this USER-ID: - "Openstack Gerrit " - - Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o - You need a Passphrase to protect your secret key. - - gpg: gpg-agent is not available in this session - You don't want a passphrase - this is probably a *bad* idea! - I will do it anyway. You can change your passphrase at any time, - using this program with the option "--edit-key". - - We need to generate a lot of random bytes. It is a good idea to perform - some other action (type on the keyboard, move the mouse, utilize the - disks) during the prime generation; this gives the random number - generator a better chance to gain enough entropy. - - gpg: /home/gerrit2/.gnupg/trustdb.gpg: trustdb created - gpg: key 382ACA7F marked as ultimately trusted - public and secret key created and signed. - - gpg: checking the trustdb - gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model - gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u - pub 2048R/382ACA7F 2011-07-26 - Key fingerprint = 21EF 7F30 C281 F61F 44CD EC48 7424 9762 382A CA7F - uid Openstack Gerrit - sub 2048R/95F6FA4A 2011-07-26 - - gerrit2@gerrit:~$ gpg --send-keys --keyserver keyserver.ubuntu.com 382ACA7F - gpg: sending key 382ACA7F to hkp server keyserver.ubuntu.com - -Log into the Launchpad account and add the GPG key to the account. - -Adding New Projects -******************* - -Creating a Project in Gerrit -============================ - -Using ssh key of a gerrit admin (you):: - - ssh -p 29418 review.openstack.org gerrit create-project --name openstack/PROJECT - -If the project is an API project (eg, image-api), we want it to share -some extra permissions that are common to all API projects (eg, the -OpenStack documentation coordinators can approve changes, see -:ref:`acl`). Run the following command to reparent the project if it -is an API project:: - - ssh -p 29418 gerrit.openstack.org gerrit set-project-parent --parent API-Projects openstack/PROJECT - -Add yourself to the "Project Bootstrappers" group in Gerrit which will -give you permissions to push to the repo bypassing code review. - -Do the initial push of the project with:: - - git push ssh://USERNAME@review.openstack.org:29418/openstack/PROJECT.git HEAD:refs/heads/master - git push --tags ssh://USERNAME@review.openstack.org:29418/openstack/PROJECT.git - -Remove yourself from the "Project Bootstrappers" group, and then set -the access controls as specified in :ref:`acl`. - -Have Jenkins Monitor a Gerrit Project -===================================== - -In jenkins, under source code management: - -* select git - - * url: ssh://jenkins@review.openstack.org:29418/openstack/project.git - * click "advanced" - - * refspec: $GERRIT_REFSPEC - * branches: origin/$GERRIT_BRANCH - * click "advanced" - - * choosing stragety: gerrit trigger - -* select gerrit event under build triggers: - - * Trigger on Comment Added - - * Approval Category: APRV - * Approval Value: 1 - - * plain openstack/project - * path ** - -* Select "Add build step" under "Build" - - * select "Use builders from another project" - * Template Project: "Gerrit Git Prep" - * make sure this build step is the first in the sequence - -Create a Project in GitHub -========================== - -As a github openstack admin: - -* Visit https://github.com/organizations/openstack -* Click New Repository -* Visit the gerrit team admin page -* Add the new repository to the gerrit team - -Pull requests can not be disabled for a project in Github, so instead -we have a script that runs from cron to close any open pull requests -with instructions to use Gerrit. - -* Edit openstack/openstack-ci-puppet:manifests/site.pp - -and add the project to the list of github projects in the gerrit class -for the gerrit.openstack.org node. - -Adding Local Git Replica -======================== - -Gerrit replicates all repos to a local directory so that Apache can -serve the anonymous http requests out directly. - -On the gerrit host:: - - sudo git --bare init --shared=group /var/lib/git/openstack/PROJECT.git - sudo chgrp -R gerrit2 /var/lib/git/openstack/PROJECT.git - - -Migrating a Project from bzr -============================ - -Add the bzr PPA and install bzr-fastimport: - - add-apt-repository ppa:bzr/ppa - apt-get update - apt-get install bzr-fastimport - -Doing this from the bzr PPA is important to ensure at least version 0.10 of -bzr-fastimport. - -Clone the git-bzr-ng from termie: - - git clone https://github.com/termie/git-bzr-ng.git - -In git-bzr-ng, you'll find a script, git-bzr. Put it somewhere in your path. -Then, to get a git repo which contains the migrated bzr branch, run: - - git bzr clone lp:${BRANCHNAME} ${LOCATION} - -So, for instance, to do glance, you would do: - - git bzr clone lp:glance glance - -And you will then have a git repo of glance in the glance dir. This git repo -is now suitable for uploading in to gerrit to become the new master repo. - -Project Config -============== - -There are a few options which need to be enabled on the project in the Admin -interface. - -* Merge Strategy should be set to "Merge If Necessary" -* "Automatically resolve conflicts" should be enabled -* "Require Change-Id in commit message" should be enabled -* "Require a valid contributor agreement to upload" should be enabled - -Optionally, if the PTL agrees to it: - -* "Require the first line of the commit to be 50 characters or less" should - be enabled. - -.. _acl: - -Access Controls -*************** - -High level goals: - -#. Anonymous users can read all projects. -#. All registered users can perform informational code review (+/-1) - on any project. -#. Jenkins can perform verification (blocking or approving: +/-1). -#. All registered users can create changes. -#. The OpenStack Release Manager and Jenkins can tag releases (push - annotated tags). -#. Members of $PROJECT-core group can perform full code review - (blocking or approving: +/- 2), and submit changes to be merged. -#. Members of openstack-release (Release Manager and PTLs), and - $PROJECT-drivers (PTL and release minded people) exclusively can - perform full code review (blocking or approving: +/- 2), and submit - changes to be merged on milestone-proposed branches. -#. Full code review (+/- 2) of API projects should be available to the - -core group of the corresponding implementation project as well as to - the OpenStack Documentation Coordinators. -#. Full code review of stable branches should be available to the - -core group of the project as well as the openstack-stable-maint - group. -#. Drivers (PTL and delegates) of client library projects should be - able to add tags (which are automatically used to trigger - releases). - -To manage API project permissions collectively across projects, API -projects are reparented to the "API-Projects" meta-project instead of -"All-Projects". This causes them to inherit permissions from the -API-Projects project (which, in turn, inherits from All-Projects). - -These permissions try to achieve the high level goals:: - - All Projects (metaproject): - refs/* - read: anonymous - push annotated tag: release managers, ci tools, project bootstrappers - forge author identity: registered users - forge committer identity: project bootstrappers - push (w/ force push): project bootstrappers - create reference: project bootstrappers, release managers - push merge commit: project bootstrappers - - refs/for/refs/* - push: registered users - - refs/heads/* - label code review: - -1/+1: registered users - -2/+2: project bootstrappers - label verified: - -2/+2: ci tools - -2/+2: project bootstrappers - -1/+1: external tools - label approved 0/+1: project bootstrappers - submit: ci tools - submit: project bootstrappers - - refs/heads/milestone-proposed - label code review (exclusive): - -2/+2 openstack-release - -1/+1 registered users - label approved (exclusive): 0/+1: openstack-release - owner: openstack-release - - refs/heads/stable/* - label code review (exclusive): - -2/+2 opestack-stable-maint - -1/+1 registered users - label approved (exclusive): 0/+1: opestack-stable-maint - - refs/meta/config - read: project owners - - API Projects (metaproject): - refs/* - owner: Administrators - - refs/heads/* - label code review -2/+2: openstack-doc-core - label approved 0/+1: openstack-doc-core - - project foo: - refs/* - owner: Administrators - create reference: foo-drivers [client library only] - push annotated tag: foo-drivers [client library only] - - refs/heads/* - label code review -2/+2: foo-core - label approved 0/+1: foo-core - - refs/heads/milestone-proposed - label code review -2/+2: foo-drivers - label approved 0/+1: foo-drivers - -Renaming a Project -****************** - -Renaming a project is not automated and is disruptive to developers, -so it should be avoided. Allow for an hour of downtime for the -project in question, and about 10 minutes of downtime for all of -Gerrit. All Gerrit changes, merged and open, will carry over, so -in-progress changes do not need to be merged before the move. - -To rename a project: - -#. Make it inacessible by editing the Access pane. Add a "read" ACL - for "Administrators", and mark it "exclusive". Be sure to save - changes. - -#. Update the database:: - - update account_project_watches - set project_name = "openstack/OLD" - where project_name = "openstack/NEW"; - - update changes - set dest_project_name = "openstack/OLD" - where dest_project_name = "openstack/NEW"; - -#. Wait for Jenkins to be idle (or take it offline) - -#. Stop Gerrit and move the Git repository:: - - /etc/init.d/gerrit stop - cd /home/gerrit2/review_site/git/openstack/ - mv OLD.git/ NEW.git - /etc/init.d/gerrit start - -#. (Bring Jenkins online if need be) - -#. Rename the project in GitHub - -#. Update Jenkins jobs te reference the new name. Rename the jobs - themselves as appropriate - -#. Remove the read access ACL you set in the first step from project - -#. Submit a change that updates .gitreview with the new location of the - project - -Developers will either need to re-clone a new copy of the repository, -or manually update their remotes. - -Deleting a User from Gerrit -*************************** - -This isn't normally necessary, but if you find that you need to -completely delete an account from Gerrit, here's how: - -.. code-block:: mysql - - delete from account_agreements where account_id=NNNN; - delete from account_diff_preferences where id=NNNN; - delete from account_external_ids where account_id=NNNN; - delete from account_group_members where account_id=NNNN; - delete from account_group_members_audit where account_id=NNNN; - delete from account_patch_reviews where account_id=NNNN; - delete from account_project_watches where account_id=NNNN; - delete from account_ssh_keys where account_id=NNNN; - delete from accounts where account_id=NNNN; - -.. code-block:: bash - - ssh review.openstack.org -p29418 gerrit flush-caches --all - -Adding A New Project On The Command Line -**************************************** - -All of the steps involved in adding a new project to Gerrit can be -accomplished via the commandline, with the exception of creating a new repo -on github and adding the jenkins jobs. Creating the local project -replication repo on the gerrit host can be done on the command line too, -but the process is the same as above. - -First of all, add the .gitreview file to the repo that will be added. Then, -assuming an ssh config alias of `review` for the gerrit instance, as a person -in the Project Bootstrappers group:: - - ssh review gerrit create-project --name openstack/$PROJECT - git review -s - git push gerrit HEAD:refs/heads/master - git push --tags gerrit - -At this point, the branch contents will be in gerrit, and the project config -settings and ACLs need to be set. These are maintained in a special branch -inside of git in gerrit. Check out the branch from git:: - - git fetch gerrit +refs/meta/*:refs/remotes/gerrit-meta/* - git checkout -b config remotes/gerrit-meta/config - -There will be two interesting files, `groups` and `project.config`. `groups` -contains UUIDs and names of groups that will be referenced in -`project.config`. There is a helper script in the openstack-ci repo called -`get_group_uuid.py` which will fetch the UUID for a given group. For -$PROJECT-core and $PROJECT-drivers:: - - openstack-ci/gerrit/get_group_uuid.py $GROUP_NAME - -And make entries in `groups` for each one of them. Next, edit -`project.config` to look like:: - - [access "refs/*"] - owner = group Administrators - [receive] - requireChangeId = true - requireContributorAgreement = true - [submit] - mergeContent = true - [access "refs/heads/*"] - label-Code-Review = -2..+2 group $PROJECT-core - label-Approved = +0..+1 group $PROJECT-core - [access "refs/heads/milestone-proposed"] - label-Code-Review = -2..+2 group $PROJECT-drivers - label-Approved = +0..+1 group $PROJECT-drivers - -If the project is for a client library, the `refs/*` section of -`project.config` should look like:: - - [access "refs/*"] - owner = group Administrators - create = group $PROJECT-drivers - pushTag = group $PROJECT-drivers - -Replace $PROJECT with the name of the project. - -Finally, commit the changes and push the config back up to Gerrit:: - - git commit -m "Initial project config" - git push gerrit HEAD:refs/meta/config diff --git a/doc/index.rst b/doc/index.rst deleted file mode 100644 index 2680d91..0000000 --- a/doc/index.rst +++ /dev/null @@ -1,46 +0,0 @@ -.. OpenStack CI documentation master file, created by - sphinx-quickstart on Mon Jul 18 13:42:23 2011. - You can adapt this file completely to your liking, but it should at least - contain the root `toctree` directive. - -OpenStack Continuous Integration -================================ - -This documentation covers the installation and maintenance of the -Continuous Integration (CI) infrastructure used by OpenStack. It -may be of interest to people who may want to help develop this -infrastructure or integrate their tools into it. Some instructions -may be useful to other projects that want to set up similar CI -systems. - -OpenStack developers or users do not need to read this documentation. -Instead, see http://wiki.openstack.org/ to learn how contribute to or -use OpenStack. - -Howtos: - -.. toctree:: - :maxdepth: 2 - - third_party - -Contents: - -.. toctree:: - :maxdepth: 2 - - systems - jenkins - gerrit - puppet - puppet_modules - jenkins_jobs - meetbot - -Indices and tables -================== - -* :ref:`genindex` -* :ref:`modindex` -* :ref:`search` - diff --git a/doc/jenkins.rst b/doc/jenkins.rst deleted file mode 100644 index c8d5611..0000000 --- a/doc/jenkins.rst +++ /dev/null @@ -1,340 +0,0 @@ -:title: Jenkins Configuration - -Jenkins -####### - -Overview -******** - -Jenkins is a Continuous Integration system and the central control -system for the orchestration of both pre-merge testing and post-merge -actions such as packaging and publishing of documentation. - -The overall design that Jenkins is a key part of implementing is that -all code should be reviewed and tested before being merged in to trunk, -and that as many tasks around review, testing, merging and release that -can be automated should be. - -Jenkis is essentially a job queing system, and everything that is done -through Jenkins can be thought of as having a few discreet components: - -* Triggers - What causes a job to be run -* Location - Where do we run a job -* Steps - What actions are taken when the job runs -* Results - What is the outcome of the job - -The OpenStack Jenkins can be found at http://jenkins.openstack.org - -OpenStack uses :doc:`gerrit` to manage code reviews, which in turns calls -Jenkins to test those reviews. - -Authorization -************* - -Jenkins is set up to use OpenID in a Single Sign On mode with Launchpad. -This means that all of the user and group information is managed via -Launchpad users and teams. In the Jenkins Security Matrix, a Launchpad team -name can be specified and any members of that team will be granted those -permissions. However, because of the way the information is processed, a -user will need to re-log in upon changing either team membership on -Launchpad, or changing that team's authorization in Jenkins for the new -privileges to take effect. - -Integration Testing -******************* - -TODO: How others can get involved in testing and integrating with -OpenStack Jenkins. - -Rackspace Bare-Metal Testing Cluster -==================================== - -The CI team mantains a cluster of machines supplied by Rackspace to -perform bare-metal deployment and testing of OpenStack as a whole. -This installation is intended as a reference implementation of just -one of many possible testing platforms, all of which can be integrated -with the OpenStack Jenkins system. This is a cluster of several -physical machines meaning the test environment has access to all of -the native processor features, and real-world networking, including -tagged VLANs. - -Each time the trunk repo is updated, a Jenkins job will deploy an -OpenStack cluster using devstack and then run the openstack-test-rax -test suite against the cluster. - -Deployment and Testing Process ------------------------------- - -The cluster deployment is divided into two phases: base operating -system installation, and OpenStack installation. Because the -operating system install takes considerable time (15 to 30 minutes), -has external network resource dependencies (the distribution mirror), -and has no bearing on the outcome of the OpenStack tests themselves, -the process used here effectively snapshots the machines immediately -after the base OS install and before OpenStack is installed. LVM -snapshots and kexec are used to immediately return the cluster to a -newly installed state without incurring the additional time it would -take to install from scratch. The Jenkins testing job invokes the -process starting at :ref:`rax_openstack_install`. - -Installation Server Configuration -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The CI team runs the Ubuntu Orchestra server (based on cobbler) on our -Jenkins slave node to manage the OS installation on the test machines. -The configuration for the Orchestra server is kept in the CI team's -puppet modules. If you want to set up your own system, Orchestra is -not required, any system capable of performing the following steps is -suitable. However, if you want to stand up a test system as quickly -and simply as possible, you may find it easiest to base your system on -the one the CI team uses. You may use the puppet modules yourself, or -follow the instructions below. - -The CI team's Orchestra configuration module is at: - -https://github.com/openstack/openstack-ci-puppet/tree/master/modules/orchestra - -Install Orchestra -""""""""""""""""" - -Install Ubuntu 11.10 (Oneiric) and Orchestra:: - - sudo apt-get install ubuntu-orchestra-server ipmitool - -The install process will prompt you to enter a password for Cobbler. -Have one ready and keep it in a safe place. The procedure here will -not use it, but if you later want to use the Cobbler web interface, -you will need it. - -Configure Orchestra -""""""""""""""""""" - -Install the following files on the Orchestra server so that it deploys -machines with our LVM/kexec test framework. - -We update the dnsmasq.conf cobbler template to add -"dhcp-ignore=tag:!known", and some site-specific network -configuration:: - - wget https://raw.github.com/openstack/openstack-ci-puppet/master/modules/orchestra/files/dnsmasq.template \ - -O /etc/cobbler/dnsmasq.template - -Our servers need a kernel module blacklisted in order to boot -correctly. If you don't need to blacklist any modules, you should -either create an empty file here, or remove the reference to this file -from the preseed file later:: - - wget https://raw.github.com/openstack/openstack-ci-puppet/master/modules/orchestra/files/openstack_module_blacklist \ - -O /var/lib/cobbler/snippets/openstack_module_blacklist - -This cobbler snippet uses cloud-init to set up the LVM/kexec -environment and configures TCP syslogging to the installation -server/Jenkins slave:: - - wget https://raw.github.com/openstack/openstack-ci-puppet/master/modules/orchestra/files/openstack_cloud_init \ - -O /var/lib/cobbler/snippets/openstack_cloud_init - -This snippet holds the mysql root password that will be configured at -install time. It's currently a static string, but you could -dynamically write this file, or simply replace it with something more -secure:: - - wget https://raw.github.com/openstack/openstack-ci-puppet/master/modules/orchestra/files/openstack_mysql_password \ - -O /var/lib/cobbler/snippets/openstack_mysql_password - -This preseed file manages the OS install on the test nodes. It -includes the snippets installed above:: - - wget https://raw.github.com/openstack/openstack-ci-puppet/master/modules/orchestra/files/openstack-test.preseed \ - -O /var/lib/cobbler/kickstarts/openstack-test.preseed - -The following sudoers configuration is needed to allow Jenkins to -control cobbler, remove syslog files from the test hosts before -starting new tests, and restart rsyslog:: - - wget https://raw.github.com/openstack/openstack-ci-puppet/master/modules/orchestra/files/orchestra-jenkins-sudoers -O /etc/sudoers.d/orchestra-jenkins - -Replace the Orchestra rsyslog config file with a simpler one that logs -all information from remote hosts in one file per host:: - - wget https://raw.github.com/openstack/openstack-ci-puppet/master/modules/orchestra/files/99-orchestra.conf -O /etc/rsyslog.d/99-orchestra.conf - -Make sure the syslog directories exist and restart rsyslog:: - - mkdir -p /var/log/orchestra/rsyslog/ - chown -R syslog.syslog /var/log/orchestra/ - restart rsyslog - -Add an "OpenStack Test" system profile to cobbler that uses the -preseed file above:: - - cobbler profile add \ - --name=natty-x86_64-ostest \ - --parent=natty-x86_64 \ - --kickstart=/var/lib/cobbler/kickstarts/openstack-test.preseed \ - --kopts="priority=critical locale=en_US" - -Add each of your systems to cobbler with a command similar to this -(you may need different kernel options):: - - cobbler system add \ - --name=baremetal1 \ - --hostname=baremetal1 \ - --profile=natty-x86_64-ostest \ - --mac=00:11:22:33:44:55 \ - --power-type=ipmitool \ - --power-user=IPMI_USERNAME \ - --power-pass=IPMI_PASS \ - --power-address=IPMI_IP_ADDR \ - --ip-address=SYSTEM_IP_ADDRESS \ - --subnet=SYSTEM_SUBNET \ - --kopts="netcfg/choose_interface=auto netcfg/dhcp_timeout=60 auto=true priority=critical" - -When complete, have cobbler write out its configuration files:: - - cobbler sync - -Set Up Jenkins Jobs -""""""""""""""""""" - -We have Jenkins jobs to handle all of the tasks after the initial -Orchestra configuration so that we can easily run them at any time. -This includes the OS installation on the test nodes, even though we -don't run that often because the state is preserved in an LVM -snapshot, we may want to change the configuration used and make a new -snapshot. In that case we just need to trigger the Jenkins job again. - -The Jenkins job that kicks off the operating system installation calls -the "baremetal-os-install.sh" script from the openstack-ci repo: - - https://github.com/openstack/openstack-ci/blob/master/slave_scripts/baremetal-os-install.sh - -That script instructs cobbler to install the OS on each of the test -nodes. - -To speed up the devstack installation and avoid excessive traffic to -the pypi server, we build a PIP package cache on the installation -server. That is also an infrequent task that we configure as a -jenkins job. That calls: - - https://github.com/openstack/openstack-ci/blob/master/slave_scripts/update-pip-cache.sh - -That builds a PIP package cache that the test script later copies to -the test servers for use by devstack. - -Run those two jobs, and once complete, the test nodes are ready to go. - -This is the end of the operating system installation, and the system -is currently in the pristine state that will be used by the test -procedure (which is stored in the LVM volume "orig_root"). - -.. _rax_openstack_install: - -OpenStack Installation -~~~~~~~~~~~~~~~~~~~~~~ - -When the deployment and integration test job runs, it does the -following, each time starting from the pristine state arrived at the -end of the previous section. - -Reset the Test Nodes -"""""""""""""""""""" - -The Jenkins deployment and test job first runs the deployment script: - - https://github.com/openstack/openstack-ci/blob/master/slave_scripts/baremetal-deploy.sh - -Which invokes the following script on each host to reset it to the -pristine state: - - https://github.com/openstack/openstack-ci/blob/master/slave_scripts/lvm-kexec-reset.sh - -Because kexec is in use, resetting the environment and rebooting into -the pristine state takes only about 3 seconds. - -The deployment script then removes the syslog files from the previous -run and restarts rsyslog to re-open them. Once the first test host -finishes booting and brings up its network, OpenStack installation -starts. - -Run devstack on the Test Nodes -"""""""""""""""""""""""""""""" - -Devstack's build_bm_multi script is run, which invokes devstack on -each of the test nodes. First on the "head" node which runs all of -the OpenStack services for the remaining "compute" nodes. - -Run Test Suite -"""""""""""""" - -Once devstack is complete, the test suite is run. All logs from the -test nodes should be sent via syslog to the Jenkins slave, and at the -end of the test, the logs are archived with the Job for developers to -inspect in case of problems. - -Cluster Configuration ---------------------- - -Here are the configuration parameters of the CI team's test cluster. -The cluster is currently divided into three mini-clusters so that -independent Jenkins jobs can run in parallel on the different -clusters. - -VLANs -~~~~~ - -+----+--------------------------------+ -|VLAN| Description | -+====+================================+ -|90 | Native VLAN | -+----+--------------------------------+ -|91 | Internal cluster communication | -| | network: 192.168.91.0/24 | -+----+--------------------------------+ -|92 | Public Internet (fake) | -| | network: 192.168.92.0/24 | -+----+--------------------------------+ - -Servers -~~~~~~~ -The servers are located on the Rackspace network, only accessible via -VPN. - -+-----------+--------------+---------------+ -| Server | Primary IP | Management IP | -+===========+==============+===============+ -|deploy-rax | 10.14.247.36 | 10.14.247.46 | -+-----------+--------------+---------------+ -|baremetal1 | 10.14.247.37 | 10.14.247.47 | -+-----------+--------------+---------------+ -|baremetal2 | 10.14.247.38 | 10.14.247.48 | -+-----------+--------------+---------------+ -|baremetal3 | 10.14.247.39 | 10.14.247.49 | -+-----------+--------------+---------------+ -|baremetal4 | 10.14.247.40 | 10.14.247.50 | -+-----------+--------------+---------------+ -|baremetal5 | 10.14.247.41 | 10.14.247.51 | -+-----------+--------------+---------------+ -|baremetal6 | 10.14.247.42 | 10.14.247.52 | -+-----------+--------------+---------------+ -|baremetal7 | 10.14.247.43 | 10.14.247.53 | -+-----------+--------------+---------------+ -|baremetal8 | 10.14.247.44 | 10.14.247.54 | -+-----------+--------------+---------------+ -|baremetal9 | 10.14.247.45 | 10.14.247.55 | -+-----------+--------------+---------------+ - -deploy-rax - The deployment server and Jenkins slave. It deploys the servers - using Orchestra and Devstack, and runs the test framework. It - should not run any OpenStack components, but we can install - libraries or anything else needed to run tests. - -baremetal1, baremetal4, baremetal7 - Configured as "head" nodes to run nova, mysql, and glance. Each one - is the head node of a three node cluster including the two compute - nodes following it - -baremetal2-3, baremtal5-6, baremetal8-9 - Configured as compute nodes for each of the three mini-clusters. - diff --git a/doc/jenkins_jobs.rst b/doc/jenkins_jobs.rst deleted file mode 100644 index 7e04d45..0000000 --- a/doc/jenkins_jobs.rst +++ /dev/null @@ -1,184 +0,0 @@ -Jenkins Job Builder -=================== - -Overview --------- - -In order to make the process of managing hundreds of Jenkins Jobs easier a -Python based utility was designed to take YAML based configurations and convert -those into jobs that are injected into Jenkins. - -Adding a project ----------------- - -The YAML scripts to make this work are stored in the ``openstack-ci-puppet`` -repository in the ``modules/jenkins_jobs/files/projects/site/project.yaml`` -directory. Where ``site`` is either `openstack` or `stackforge` and ``project`` -is the name of the project the YAML file is for. - -Once the YAML file is added the puppet module needs to be told that the project -is there. For example: - -.. code-block:: ruby - :linenos: - - class { "jenkins_jobs": - site => "stackforge", - projects => ['reddwarf', 'ceilometer'] - } - -In this example the YAML files for `reddwarf` and `ceilometer` in the -`stackforge` projects directory will be executed. - -YAML Format ------------ - -The bare minimum YAML needs to look like this: - -.. code-block:: yaml - :linenos: - - --- - modules: - - properties - - scm - - assignednode - - trigger_none - - builders - - publisher_none - - main: - name: 'job-name' - review_site: 'review.stackforge.org' - github_org: 'stackforge' - project: 'project' - authenticatedBuild: 'false' - disabled: 'false' - -or for a templated project: - -.. code-block:: yaml - :linenos: - - project: - template: 'python_jobs' - - values: - name: 'cinder' - disabled: 'false' - github_org: 'openstack' - review_site: 'review.openstack.org' - publisher_site: 'nova.openstack.org' - - -The first example starts with ``---``, this signifies the start of a job, there -can be multiple jobs per project file. The file does not need to start with the -``---`` but jobs do need to be separated by it. Each YAML file can contain any -combination of templated or normal jobs. - -In the first example the ``modules`` entry is an array of modules that should be -loaded for this job. Modules are located in the -``modules/jenkins_jobs/files/modules/`` directory and are python scripts to -generate the required XML. Each module has a comment near the top showing the -required YAML to support that module. The follow modules are required to -generate a correct XML that Jenkins will support: - -* properties (supplies the XML data) -* scm (supplies the XML data, required even is scm is not used -* trigger_* (a trigger module is required) -* builders -* publisher_* (a publisher module is required) - -Each module also requires a ``main`` section which has the main data for the -modules, inside this there is: - -* name - the name of the job -* review_site - review.openstack.org or review.stackforge.org -* github_org - the parent of the github branch for the project (typically `openstack` or `stackforge` -* project - the name of the project -* authenticatedBuild - whether or not you need to be authenticated to hit the - build button -* disabled - whether or not this job should be disabled - -In the templated example there is the ``project`` tag to specify that this is -a templated project. The ``template`` value specified a template file found in -the ``modules/jenkins_jobs/files/templates`` directory. The template will look -like a regular set of jobs but contain values in caps surrounded by '@' symbols. -The template process takes the parameters specified in the ``values`` section -and replaces the values surrounded by the '@' symbol. - -As an example in the template: - -.. code-block:: yaml - - main: - name: 'gate-@NAME@-pep8' - -Using the above example of a templated job the ``@NAME@`` would be replaced with -``cinder``. - -Testing a Job -------------- - -Once a new YAML file has been created its output can be tested by using the -``jenkins_jobs.py`` script directly. For example: - -.. code-block:: bash - - $ python jenkins_jobs.py test projects/openstack/cinder.yml - -This will spit out the XML that would normally be sent directly to Jenkins. - -Job Caching ------------ - -The Jenkins Jobs builder maintains a special YAML file in -``~/.jenkins_jobs_cache.yml``. This contains an MD5 of every generated XML that -it builds. If it finds the XML is different then it will proceed to send this -to Jenkins, otherwise it is skipped. If a job is accidentally deleted then this -file should be modified or removed. - -Sending a Job to Jenkins ------------------------- - -The Jenkins Jobs builder talks to Jenkins using the Jenkins API. This means -that it can create and modify jobs directly without the need to restart or -reload the Jenkins server. It also means that Jenkins will verify the XML and -cause the Jenkins Jobs builder to fail if there is a problem. - -For this to work a configuration file is needed. This needs to be stored in -``/root/secret-files/jenkins_jobs.ini`` and puppet will automatically put it in -the right place. The format for this file is as follows: - -.. code-block:: ini - - [jenkins] - user=username - password=password - url=jenkins_url - -The password can be obtained by logging into the Jenkins user, clicking on your -username in the top-right, clicking on `Configure` and then `Show API Token`. -This API Token is your password for the API. - -Adding a Module ---------------- - -Modules need to contain a class with the same name as the filename. The basic -layout is: - -.. code-block:: python - - import xml.etree.ElementTree as XML - - class my_module(object): - def __init__(self, data): - self.data = data - - def gen_xml(self, xml_parent): - -The ``__init__`` function will be provided with ``data`` which is a Python -dictionary representing the YAML data for the job. - -The ``gen_xml`` function will be provided with ``xml_parent`` which is an -XML ElementTree object to be modified. diff --git a/doc/meetbot.rst b/doc/meetbot.rst deleted file mode 100644 index 7fc86cd..0000000 --- a/doc/meetbot.rst +++ /dev/null @@ -1,89 +0,0 @@ -Meetbot -============== - -Overview --------- - -The OpenStack CI team run a slightly modified -`Meetbot `_ to log IRC channel activity and -meeting minutes. Meetbot is a plugin for -`Supybot `_ which adds meeting -support features to the Supybot IRC bot. - -Supybot -------- - -In order to run Meetbot you will need to get Supybot. You can find the latest -release `here `_. Once you have -extracted the release you will want to read the ``INSTALL`` and -``doc/GETTING_STARTED`` files. Those two files should have enough information to -get you going, but there are other goodies in ``doc/``. - -Once you have Supybot installed you will need to configure a bot. The -``supybot-wizard`` command can get you started with a basic config, or you can -have Puppet do the heavy lifting. The OpenStack CI Meetbot Puppet module creates -a configuration and documentation for that module is at -:ref:`Meetbot_Puppet_Module`. - -One important config setting is ``supybot.reply.whenAddressedBy.chars``, which -sets the prefix character for this bot. This should be set to something other -than ``#`` as ``#`` will conflict with Meetbot (you can leave the setting blank -if you don't want a prefix character). - -Meetbot -------- - -The OpenStack CI Meetbot fork can be found at -https://github.com/openstack-ci/meetbot. Manual installation of the Meetbot -plugin is straightforward and documented in that repository's README. -OpenStack CI installs and configures Meetbot through Puppet. Documentation for -the Puppet module that does that can be found at :ref:`Meetbot_Puppet_Module`. - -Voting -^^^^^^ - -The OpenStack CI Meetbot fork adds simple voting features. After a meeting has -been started a meeting chair can begin a voting block with the ``#startvote`` -command. The command takes two arguments, a question posed to voters (ending -with a ``?``), and the valid voting options. If the second argument is missing -the default options are "Yes" and "No". For example: - -``#startvote Should we vote now? Yes, No, Maybe`` - -Meeting participants vote using the ``#vote`` command. This command takes a -single argument, which should be one of the options listed for voting by the -``#startvote`` command. For example: - -``#vote Yes`` - -Note that you can vote multiple times, but only your last vote will count. - -One can check the current vote tallies useing the ``#showvote`` command, which -takes no arguments. This will list the number of votes and voters for each item -that has votes. - -When the meeting chair(s) are ready to stop the voting process they can issue -the ``#endvote`` command, which takes no arguments. Doing so will report the -voting results and log these results in the meeting minutes. - -A somewhat contrived voting example: - -:: - - foo | #startvote Should we vote now? Yes, No, Maybe - meetbot | Begin voting on: Should we vote now? Valid vote options are Yes, No, Maybe. - meetbot | Vote using '#vote OPTION'. Only your last vote counts. - foo | #vote Yes - bar | #vote Absolutely - meetbot | bar: Absolutely is not a valid option. Valid options are Yes, No, Maybe. - bar | #vote Yes - bar | #showvote - meetbot | Yes (2): foo, bar - foo | #vote No - foo | #showvote - meetbot | Yes (1): bar - meetbot | No (1): foo - foo | #endvote - meetbot | Voted on "Should we vote now?" Results are - meetbot | Yes (1): bar - meetbot | No (1): foo diff --git a/doc/puppet.rst b/doc/puppet.rst deleted file mode 100644 index 1f2c3f1..0000000 --- a/doc/puppet.rst +++ /dev/null @@ -1,147 +0,0 @@ -Puppet Master -============= - -Overview --------- - -Puppet agent is a mechanism use to pull puppet manifests and configuration -from a centralized master. This means there is only one place that needs to -hold secure information such as passwords, and only one location for the git -repo holding the modules. - -Puppet Master -------------- - -The puppet master is setup using a combination of Apache and mod passenger to -ship the data to the clients. To install this: - -.. code-block:: bash - - sudo apt-get install puppet puppetmaster-passenger - -Files for puppet master are stored in a git repo clone at -``/opt/openstack-ci-puppet``. We have a ``root`` cron job that -automatically populates these from our puppet git repository as follows: - -.. code-block:: bash - - \*/15 * * * * sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet && /usr/bin/git pull -q - -The ``/etc/puppet/puppet.conf`` file then needs updating to point to the -manifest and modules as follows: - -.. code-block:: ini - - [master] - # These are needed when the puppetmaster is run by passenger - # and can safely be removed if webrick is used. - ssl_client_header = SSL_CLIENT_S_DN - ssl_client_verify_header = SSL_CLIENT_VERIFY - manifestdir=/opt/openstack-ci-puppet/manifests - modulepath=/opt/openstack-ci-puppet/modules - manifest=$manifestdir/site.pp - -Hiera ------ - -Hiera is used to maintain secret information on the puppetmaster. - -We want to install hiera from puppetlabs' apt repo, but we don't want to get -on the puppet upgrade train - so the process is as follows: - -.. code-block:: bash - - echo "deb http://apt.puppetlabs.com precise devel" > /etc/apt/sources.list.d/puppetlabs.list - apt-get update - apt-get install hiera hiera-puppet - rm /etc/apt/sources.list.d/puppetlabs.list - apt-get update - -Hiera uses a systemwide configuration file in ``/etc/puppet/hiera.yaml`` -which tells is where to find subsequent configuration files. - -.. code-block:: yaml - - --- - :hierarchy: - - %{operatingsystem} - - common - :backends: - - yaml - :yaml: - :datadir: '/etc/puppet/hieradata/%{environment}' - -This setup supports multiple configuration. The two sets of environments -that OpenStack CI users are ``production`` and ``development``. ``production`` -is the default is and the environment used when nothing else is specified. -Then the configuration needs to be placed into common.yaml in -``/etc/puppet/hieradata/production`` and ``/etc/puppet/hieradata/development``. -The values are simple key-value pairs in yaml format. - -Adding a node -------------- - -On the new server connecting (for example, review.openstack.org) to the puppet master: - -.. code-block:: bash - - sudo apt-get install puppet - -Then edit the ``/etc/default/puppet`` file to change the start variable: - -.. code-block:: ini - - # Start puppet on boot? - START=yes - -The node then needs to be configured to set a fixed hostname and the hostname -of the puppet master with the following additions to ``/etc/puppet/puppet.conf``: - -.. code-block:: ini - - [main] - server=ci-puppetmaster.openstack.org - certname=review.openstack.org - -The cert signing process needs to be started with: - -.. code-block:: bash - - sudo puppet agent --test - -This will make a request to the puppet master to have its SSL cert signed. -On the puppet master: - -.. code-block:: bash - - sudo puppet cert list - -You should get a list of entries similar to the one below:: - - review.openstack.org (44:18:BB:DF:08:50:62:70:17:07:82:1F:D5:70:0E:BF) - -If you see the new node there you can sign its cert on the puppet master with: - -.. code-block:: bash - - sudo puppet cert sign review.openstack.org - -Finally on the puppet agent you need to start the agent daemon: - -.. code-block:: bash - - sudo service puppet start - -Now that it is signed the puppet agent will execute any instructions for its -node on the next run (default is every 30 minutes). You can trigger this -earlier by restarting the puppet service on the agent node. - -Important Notes ---------------- - -#. Make sure the site manifest **does not** include the puppet cron job, this - conflicts with puppet master and can cause issues. The initial puppet run - that create users should be done using the puppet agent configuration above. - -#. If you do not see the cert in the master's cert list the agent's - ``/var/log/syslog`` should have an entry showing you why. diff --git a/doc/puppet_modules.rst b/doc/puppet_modules.rst deleted file mode 100644 index 702d6d9..0000000 --- a/doc/puppet_modules.rst +++ /dev/null @@ -1,387 +0,0 @@ -Puppet Modules -============== - -Overview --------- - -Much of the OpenStack project infrastructure is deployed and managed using -puppet. -The OpenStack CI team manage a number of custom puppet modules outlined in this -document. - -Doc Server ----------- - -The doc_server module configures nginx [3]_ to serve the documentation for -several specified OpenStack projects. At the moment to add a site to this -you need to edit ``modules/doc_server/manifests/init.pp`` and add a line as -follows: - -.. code-block:: ruby - :linenos: - - doc_server::site { "swift": } - -In this example nginx will be configured to serve ``swift.openstack.org`` -from ``/srv/docs/swift`` and ``swift.openstack.org/tarballs/`` from -``/srv/tarballs/swift`` - -Lodgeit -------- - -The lodgeit module installs and configures lodgeit [1]_ on required servers to -be used as paste installations. For OpenStack we use -`a fork `_ of this which is based on -one with bugfixes maintained by -`dcolish `_ but adds back missing -anti-spam features required by Openstack. - -Puppet will configure lodgeit to use drizzle [2]_ as a database backend, -nginx [3]_ as a front-end proxy and upstart scripts to run the lodgeit -instances. It will store and maintain local branch of the the mercurial -repository for lodgeit in ``/tmp/lodgeit-main``. - -To use this module you need to add something similar to the following in the -main ``site.pp`` manifest: - -.. code-block:: ruby - :linenos: - - node "paste.openstack.org" { - include openstack_server - include lodgeit - lodgeit::site { "openstack": - port => "5000", - image => "header-bg2.png" - } - - lodgeit::site { "drizzle": - port => "5001" - } - } - -In this example we include the lodgeit module which will install all the -pre-requisites for Lodgeit as well as creating a checkout ready. -The ``lodgeit::site`` calls create the individual paste sites. - -The name in the ``lodgeit::site`` call will be used to determine the URL, path -and name of the site. So "openstack" will create ``paste.openstack.org``, -place it in ``/srv/lodgeit/openstack`` and give it an upstart script called -``openstack-paste``. It will also change the h1 tag to say "Openstack". - -The port number given needs to be a unique port which the lodgeit service will -run on. The puppet script will then configure nginx to proxy to that port. - -Finally if an image is given that will be used instead of text inside the h1 -tag of the site. The images need to be stored in the ``modules/lodgeit/files`` -directory. - -Lodgeit Backups -^^^^^^^^^^^^^^^ - -The lodgeit module will automatically create a git repository in ``/var/backups/lodgeit_db``. Inside this every site will have its own SQL file, for example "openstack" will have a file called ``openstack.sql``. Every day a cron job will update the SQL file (one job per file) and commit it to the git repository. - -.. note:: - Ideally the SQL files would have a row on every line to keep the diffs stored - in git small, but ``drizzledump`` does not yet support this. - -Planet ------- - -The planet module installs Planet Venus [4]_ along with required dependancies -on a server. It also configures specified planets based on options given. - -Planet Venus works by having a cron job which creates static files. In this -module the static files are served using nginx [3]_. - -To use this module you need to add something similar to the following into the -main ``site.pp`` manifest: - -.. code-block:: ruby - :linenos: - - node "planet.openstack.org" { - include planet - - planet::site { "openstack": - git_url => "https://github.com/openstack/openstack-planet.git" - } - } - -In this example the name "openstack" is used to create the site -``paste.openstack.org``. The site will be served from -``/srv/planet/openstack/`` and the checkout of the ``git_url`` supplied will -be maintained in ``/var/lib/planet/openstack/``. - -This module will also create a cron job to pull new feed data 3 minutes past each hour. - -The ``git_url`` parameter needs to point to a git repository which stores the -planet.ini configuration for the planet (which stores a list of feeds) and any required theme data. This will be pulled every time puppet is run. - -.. _Meetbot_Puppet_Module: - -Meetbot -------- - -The meetbot module installs and configures meetbot [5]_ on a server. The -meetbot version installed by this module is pulled from the -`Openstack CI fork `_ of the project. - -It also configures nginix [3]_ to be used for accessing the public IRC logs of -the meetings. - -To use this module simply add a section to the site manifest as follows: - -.. code-block:: ruby - :linenos: - - node "eavesdrop.openstack.org" { - include openstack_cron - class { 'openstack_server': - iptables_public_tcp_ports => [80] - } - include meetbot - - meetbot::site { "openstack": - nick => "openstack", - network => "FreeNode", - server => "chat.us.freenode.net:7000", - url => "eavesdrop.openstack.org", - channels => "#openstack #openstack-dev #openstack-meeting", - use_ssl => "True" - } - } - -You will also need a file ``/root/secret-files/name-nickserv.pass`` where `name` -is the name specified in the call to the module (`openstack` in this case). - -Each call to meetbot::site will create setup a meebot in ``/var/lib/meetbot`` -under a subdirectory of the name of the call to the module. It will also -configure nginix to go to that site when the ``/meetings`` directory is -specified on the URL. - -The puppet module also creates startup scripts for meetbot and will ensure that -it is running on each puppet run. - -Gerrit ------- - -The Gerrit puppet module configures the basic needs of a Gerrit server. It does -not (yet) install Gerrit itself and mostly deals with the configuration files -and skinning of Gerrit. - -Using Gerrit -^^^^^^^^^^^^ - -Gerrit is set up when the following class call is added to a node in the site -manifest: - -.. code-block:: ruby - - class { 'gerrit': - canonicalweburl => "https://review.openstack.org/", - email => "review@openstack.org", - github_projects => [ - 'openstack/nova', - 'stackforge/MRaaS', - ], - logo => 'openstack.png' - } - -Most of these options are self-explanitory. The ``github_projects`` is a list of -all projects in GitHub which are managed by the gerrit server. - -Skinning -^^^^^^^^ - -Gerrit is skinned using files supplied by the puppet module. The skin is -automatically applied as soon as the module is executed. In the site manifest -setting the logo is important: - -.. code-block:: ruby - - class { 'gerrit': - ... - logo => 'openstack.png' - } - -This specifies a PNG file which must be stored in the ``modules/gerrit/files/`` -directory. - -Jenkins Master --------------- - -The Jenkins Master puppet module installs and supplies a basic Jenkins -configuration. It also supplies a skin to Jenkins to make it look more like an -OpenStack site. It does not (yet) install the additional Jenkins plugins used -by the OpenStack project. - -Using Jenkins Master -^^^^^^^^^^^^^^^^^^^^ - -In the site manifest a node can be configured to be a Jenkins master simply by -adding the class call below: - -.. code-block:: ruby - - class { 'jenkins_master': - site => 'jenkins.openstack.org', - serveradmin => 'webmaster@openstack.org', - logo => 'openstack.png' - } - -The ``site`` and ``serveradmin`` parameters are used to configure Apache. You -will also need in this instance the following files for Apache to start:: - - /etc/ssl/certs/jenkins.openstack.org.pem - /etc/ssl/private/jenkins.openstack.org.key - /etc/ssl/certs/intermediate.pem - -The ``jenkins.openstack.org`` is replace by the setting in the ``site`` -parameter. - -Skinning -^^^^^^^^ - -The Jenkins skin uses the `Simple Theme Plugin -`_ for Jenkins. -The puppet module will install and configure most aspects of the skin -automatically, with a few adjustments needed. - -In the site.pp file the ``logo`` parameter is important: - -.. code-block:: ruby - - class { 'jenkins_master': - ... - logo => 'openstack.png' - } - -This relates to a PNG file that must be in the ``modules/jenkins_master/files/`` -directory. - -Once puppet installs this and the plugin is installed you need to go into -``Manage Jenkins -> Configure System`` and look for the ``Theme`` heading. -Assuming we are skinning the main OpenStack Jenkins site, in the ``CSS`` box -enter -``https://jenkins.openstack.org/plugin/simple-theme-plugin/openstack.css`` and -in the ``JS`` box enter -``https://jenkins.openstack.org/plugin/simple-theme-plugin/openstack.js``. - -Etherpad Lite -------------- - -This Puppet module installs Etherpad Lite [6]_ and its dependencies (including -node.js). This Puppet module also configures Etherpad Lite to be started at -boot with Nginx running in front of it as a reverse proxy and MySQL running as -the database backend. - -Using this module is straightforward you simply need to include a few classes. -However, there are some limitations to be aware of which are described below. -The includes you need are: - -:: - - include etherpad_lite # Acts like a package manager and installs things - include etherpad_lite::nginx # Sets up Nginx to reverse proxy Etherpad Lite - include etherpad_lite::site # Configures Etherpad Lite - include etherpad_lite::mysql # Configures MySQL DB backend for Etherpad Lite - -These classes are parameterized and provide some configurability, but should -all work together when instantiated with their defaults. - -Config File -^^^^^^^^^^^ - -Because the Etherpad Lite configuration file contains a database password it is -not directly managed by Puppet. Instead Puppet expects the configuration file -to be at ``/root/secret-files/etherpad-lite_settings.json`` on the Puppet -master (if running in master/agent setup) or on the server itself if running -``puppet apply``. - -MySQL will be configured by Puppet to listen on TCP 3306 of localhost and a -database called ``etherpad-lite`` will be created for user ``eplite``. Also, -this module does install the Abiword package. Knowing this, a good template for -your config is: - -:: - - /* - This file must be valid JSON. But comments are allowed - - Please edit settings.json, not settings.json.template - */ - { - //Ip and port which etherpad should bind at - "ip": "127.0.0.1", - "port" : 9001, - - //The Type of the database. You can choose between dirty, sqlite and mysql - //You should use mysql or sqlite for anything else than testing or development - "dbType" : "mysql", - //the database specific settings - "dbSettings" : { - "user" : "eplite", - "host" : "localhost", - "password": "changeme", - "database": "etherpad-lite" - }, - - //the default text of a pad - "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n", - - /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */ - "requireSession" : false, - - /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */ - "editOnly" : false, - - /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, - but makes it impossible to debug the javascript/css */ - "minify" : true, - - /* How long may clients use served javascript code? Without versioning this - is may cause problems during deployment. */ - "maxAge" : 21600000, // 6 hours - - /* This is the path to the Abiword executable. Setting it to null, disables abiword. - Abiword is needed to enable the import/export of pads*/ - "abiword" : "/usr/bin/abiword", - - /* This setting is used if you need http basic auth */ - // "httpAuth" : "user:pass", - - /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */ - "loglevel": "INFO" - } - -Don't forget to change the password if you copy this configuration. Puppet will -grep that password out of the config and use it to set the password for the -MySQL eplite user. - -Nginx -^^^^^ - -The reverse proxy is configured to talk to Etherpad Lite over localhost:9001. -Nginx listens on TCP 443 for HTTPS connections. Because HTTPS is used you will -need SSL certificates. These files are not directly managed by Puppet (again -because of the sensitive nature of these files), but Puppet will look for -``/root/secret-files/eplite.crt`` and ``/root/secret-files/eplite.key`` and -copy them to ``/etc/nginx/ssl/eplite.crt`` and ``/etc/nginx/ssl/eplite.key``, -which is where Nginx expects them to be. - -MySQL -^^^^^ - -MySQL is configured by the Puppet module to allow user ``eplite`` to use -database ``etherpad-lite``. If you want backups for the ``etherpad-lite`` -database you can include ``etherpad_lite::backup``. By default this will backup -the ``etherpad-lite`` DB daily and keep a rotation of 30 days of backups. - -.. rubric:: Footnotes -.. [1] `Lodgeit homepage `_ -.. [2] `Drizzle homepage `_ -.. [3] `nginx homepage `_ -.. [4] `Planet Venus homepage `_ -.. [5] `Meetbot homepage `_ -.. [6] `Etherpad Lite homepage `_ diff --git a/doc/systems.rst b/doc/systems.rst deleted file mode 100644 index 5dd29b7..0000000 --- a/doc/systems.rst +++ /dev/null @@ -1,121 +0,0 @@ -:title: Infrastructure Systems - -Infrastructure Systems -###################### - -The OpenStack CI team maintains a number of systems that are critical -to the operation of the OpenStack project. At the time of writing, -these include: - - * Gerrit (review.openstack.org) - * Jenkins (jenkins.openstack.org) - * community.openstack.org - -Additionally the team maintains the project sites on Launchpad and -GitHub. The following policies have been adopted to ensure the -continued and secure operation of the project. - -SSH Access -********** - -For any of the systems managed by the CI team, the following practices -must be observed for SSH access: - - * SSH access is only permitted with SSH public/private key - authentication. - * Users must use a strong passphrase to protect their private key. A - passphrase of several words, at least one of which is not in a - dictionary is advised, or a random string of at least 16 - characters. - * To mitigate the inconvenience of using a long passphrase, users may - want to use an SSH agent so that the passphrase is only requested - once per desktop session. - * Users private keys must never be stored anywhere except their own - workstation(s). In particular, they must never be stored on any - remote server. - * If users need to 'hop' from a server or bastion host to another - machine, they must not copy a private key to the intermediate - machine (see above). Instead SSH agent forwarding may be used. - However due to the potential for a compromised intermediate machine - to ask the agent to sign requests without the users knowledge, in - this case only an SSH agent that interactively prompts the user - each time a signing request (ie, ssh-agent, but not gnome-keyring) - is received should be used, and the SSH keys should be added with - the confirmation constraint ('ssh-add -c'). - * The number of SSH keys that are configured to permit access to - OpenStack machines should be kept to a minimum. - * OpenStack CI machines must use puppet to centrally manage and - configure user accounts, and the SSH authorized_keys files from the - openstack-ci-puppet repository. - * SSH keys should be periodically rotated (at least once per year). - During rotation, a new key can be added to puppet for a time, and - then the old one removed. Be sure to run puppet on the backup - servers to make sure they are updated. - -Backups -******* - -Off-site backups are made to two servers: - - * ci-backup-rs-ord.openstack.org - * ci-backup-hp-az1.openstack.org - -Puppet is used to perform the initial configuration of those machines, -but to protect them from unauthorized access in case access to the -puppet git repo is compromised, it is not run in agent or in cron mode -on them. Instead, it should be manually run when changes are made -that should be applied to the backup servers. - -To start backing up a server, some commands need to be run manually on -both the backup server, and the server to be backed up. On the server -to be backed up:: - - ssh-keygen -t rsa -f /root/.ssh/id_rsa -N "" - -And then ''cat /root/.ssh/id_rsa.pub'' for use later. - -On the backup servers:: - - sudo su - - BUPUSER=bup- # eg, bup-jenkins-dev - useradd -r $BUPUSER -s /bin/bash -m - cd /home/$BUPUSER - mkdir .ssh - cat >.ssh/authorized_keys - -and add this to the authorized_keys file:: - - command="BUP_DEBUG=0 BUP_FORCE_TTY=3 bup server",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty - -Switching back to the server to be backed up, run:: - - ssh $BUPUSER@ci-backup-rs-ord.openstack.org - ssh $BUPUSER@ci-backup-hp-az1.openstack.org - -And verify the host key. Add the "backup" class in puppet to the server -to be backed up. - -GitHub Access -************* - -To ensure that code review and testing are not bypassed in the public -Git repositories, only Gerrit will be permitted to commit code to -OpenStack repositories. Because GitHub always allows project -administrators to commit code, accounts that have access to manage the -GitHub projects necessarily will have commit access to the -repositories. Therefore, to avoid inadvertent commits to the public -repositories, unique administrative-only accounts must be used to -manage the OpenStack GitHub organization and projects. These accounts -will not be used to check out or commit code for any project. - -Launchpad Teams -*************** - -Each OpenStack project should have the following teams on Launchpad: - - * foo -- contributors to project 'foo' - * foo-core -- core developers - * foo-bugs -- people interested in receieving bug reports - * foo-drivers -- people who may approve and target blueprints - -The openstack-admins team should be a member of each of those teams. diff --git a/doc/third_party.rst b/doc/third_party.rst deleted file mode 100644 index 631e1a3..0000000 --- a/doc/third_party.rst +++ /dev/null @@ -1,153 +0,0 @@ -HOWTO: Third Party Testing -========================== - -Overview --------- - -Gerrit has an event stream which can be subscribed to, using this it is possible -to test commits against testing systems beyond those supplied by OpenStack's -Jenkins setup. It is also possible for these systems to feed information back -into Gerrit and they can also leave non-gating votes on Gerrit review requests. - -An example of one such system is `Smokestack `_. -Smokestack reads the Gerrit event stream and runs it's own tests on the commits. -If one of the tests fails it will publish information and links to the failure -on the review in Gerrit. - -Reading the Event Stream ------------------------- - -It is possible to use ssh to connect to ``review.openstack.org`` on port 29418 -with your ssh key if you are signed up as an OpenStack developer on Launchpad. - -This will give you a real-time JSON stream of events happening inside Gerrit. -For example: - -.. code-block:: bash - - $ ssh -p 29418 review.example.com gerrit stream-events - -Will give a stream with an output like this (line breaks and indentation added -in this document for readability, the read JSON will be all one line per event): - -.. code-block:: javascript - - {"type":"comment-added","change": - {"project":"openstack/keystone","branch":"stable/essex","topic":"bug/969088","id":"I18ae38af62b4c2b2423e20e436611fc30f844ae1","number":"7385","subject":"Make import_nova_auth only create roles which don\u0027t already exist","owner": - {"name":"Chuck Short","email":"chuck.short@canonical.com","username":"zulcss"},"url":"https://review.openstack.org/7385"}, - "patchSet": - {"number":"1","revision":"aff45d69a73033241531f5e3542a8d1782ddd859","ref":"refs/changes/85/7385/1","uploader": - {"name":"Chuck Short","email":"chuck.short@canonical.com","username":"zulcss"}, - "createdOn":1337002189}, - "author": - {"name":"Mark McLoughlin","email":"markmc@redhat.com","username":"markmc"}, - "approvals": - [{"type":"CRVW","description":"Code Review","value":"2"},{"type":"APRV","description":"Approved","value":"0"}], - "comment":"Hmm, I actually thought this was in Essex already.\n\nIt\u0027s a pretty annoying little issue for folks migrating for nova auth. Fix is small and pretty safe. Good choice for backporting"} - -For most purposes you will want to trigger on ``patchset-created`` for when a -new patchset has been uploaded. - -Further documentation on how to use the events stream can be found in `Gerrit's stream event documentation page `_. - -Posting Result To Gerrit ------------------------- - -External testing systems can give non-gating votes to Gerrit by means of a -1/+1 -verify vote. OpenStack Jenkins has extra permissions to give a +2/-2 verify -vote which is gating. Comments should also be provided to explain what kind of -test failed.. We do also ask that the comments contain public links to the -failure so that the developer can see what caused the failure. - -An example of how to post this is as follows: - -.. code-block:: bash - - $ ssh -p 29418 review.example.com gerrit review -m '"Test failed on MegaTestSystem "' --verified=-1 c0ff33 - -In this example ``c0ff33`` is the commit ID for the review. You can set the -verified to either `-1` or `+1` depending on whether or not it passed the tests. - -Further documentation on the `review` command in Gerrit can be found in the `Gerrit review documentation page `_. - -We do suggest cautious testing of these systems and have a development Gerrit -setup to test on if required. In SmokeStack's case all failures are manually -reviewed before getting pushed to OpenStack, whilst this may no scale it is -advisable during initial testing of the setup. - -.. _request-account-label: - -Requesting a Service Account ----------------------------- - -To request a sevice acconut for your system you first need to create a new -account in LaunchPad. This account needs to be joined to the -`OpenStack Team `_ or one of the related teams -so that Gerrit can pick it up. You can then contact the -OpenStack CI Admins via `email `_ -or the #openstack-infra IRC channel. We will set things up on Gerrit to -receive your system's votes. - -Feel free to contact the CI team to arrange setting up a dedicated user so your -system can post reviews up using a system name rather than your user name. - -The Jenkins Gerrit Trigger Plugin Way -------------------------------------- - -There is a Gerrit Trigger plugin for Jenkins which automates all of the -processes described in this document. So if your testing system is Jenkins -based you can use it to simplify things. You will still need an account to do -this as described in the :ref:`request-account-label` section above. - -The OpenStack version of the Gerrit Trigger plugin for Jenkins can be found on -`the Jenkins packaging job `_ for it. You can install it using the Advanced tab in the -Jenkins Plugin Manager. - -Once installed Jenkins will have a new `Gerrit Trigger` option in the `Manage -Jenkins` menu. This should be given the following options:: - - Hostname: review.openstack.org - Frontend URL: https://review.openstack.org/ - SSH Port: 29418 - Username: (the Launchpad user) - SSH Key File: (path to the user SSH key) - - Verify - ------ - Started: 0 - Successful: 1 - Failed: -1 - Unstable: 0 - - Code Review - ----------- - Started: 0 - Successful: 0 - Failed: 0 - Unstable: 0 - - (under Advanced Button): - - Stated: (blank) - Successful: gerrit approve , --message 'Build Successful ' --verified --code-review --submit - Failed: gerrit approve , --message 'Build Failed ' --verified --code-review - Unstable: gerrit approve , --message 'Build Unstable ' --verified --code-review - -Note that it is useful to include something in the messages about what testing -system is supplying these messages. - -When creating jobs in Jenkins you will have the option to add triggers. You -should configure as follows:: - - Trigger on Patchset Uploaded: ticked - (the rest unticked) - - Type: Plain - Pattern: openstack/project-name (where project-name is the name of the project) - Branches: - Type: Path - Pattern: ** - -This job will now automatically trigger when a new patchset is uploaded and will -report the results to Gerrit automatically. - diff --git a/modules/jenkins_slave/files/10-ptrace.conf b/files/10-ptrace.conf similarity index 100% rename from modules/jenkins_slave/files/10-ptrace.conf rename to files/10-ptrace.conf diff --git a/modules/jenkins_slave/files/cgroups/cgrules.conf b/files/cgroups/cgrules.conf similarity index 100% rename from modules/jenkins_slave/files/cgroups/cgrules.conf rename to files/cgroups/cgrules.conf diff --git a/modules/jenkins_slave/files/gitconfig b/files/gitconfig similarity index 100% rename from modules/jenkins_slave/files/gitconfig rename to files/gitconfig diff --git a/modules/jenkins_slave/files/localrc b/files/localrc similarity index 100% rename from modules/jenkins_slave/files/localrc rename to files/localrc diff --git a/modules/jenkins_master/files/openstack-page-bkg.jpg b/files/openstack-page-bkg.jpg similarity index 100% rename from modules/jenkins_master/files/openstack-page-bkg.jpg rename to files/openstack-page-bkg.jpg diff --git a/modules/jenkins_master/files/openstack.css b/files/openstack.css similarity index 100% rename from modules/jenkins_master/files/openstack.css rename to files/openstack.css diff --git a/modules/jenkins_master/files/openstack.png b/files/openstack.png similarity index 100% rename from modules/jenkins_master/files/openstack.png rename to files/openstack.png diff --git a/modules/jenkins_slave/files/pip.conf b/files/pip.conf similarity index 100% rename from modules/jenkins_slave/files/pip.conf rename to files/pip.conf diff --git a/modules/jenkins_slave/files/pubring.gpg b/files/pubring.gpg similarity index 100% rename from modules/jenkins_slave/files/pubring.gpg rename to files/pubring.gpg diff --git a/modules/jenkins_slave/files/pydistutils.cfg b/files/pydistutils.cfg similarity index 100% rename from modules/jenkins_slave/files/pydistutils.cfg rename to files/pydistutils.cfg diff --git a/modules/jenkins_slave/files/rubygems.sh b/files/rubygems.sh similarity index 100% rename from modules/jenkins_slave/files/rubygems.sh rename to files/rubygems.sh diff --git a/modules/jenkins_slave/files/slave_scripts/baremetal-archive-logs.sh b/files/slave_scripts/baremetal-archive-logs.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/baremetal-archive-logs.sh rename to files/slave_scripts/baremetal-archive-logs.sh diff --git a/modules/jenkins_slave/files/slave_scripts/baremetal-deploy.sh b/files/slave_scripts/baremetal-deploy.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/baremetal-deploy.sh rename to files/slave_scripts/baremetal-deploy.sh diff --git a/modules/jenkins_slave/files/slave_scripts/baremetal-os-install.sh b/files/slave_scripts/baremetal-os-install.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/baremetal-os-install.sh rename to files/slave_scripts/baremetal-os-install.sh diff --git a/modules/jenkins_slave/files/slave_scripts/bump-milestone.sh b/files/slave_scripts/bump-milestone.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/bump-milestone.sh rename to files/slave_scripts/bump-milestone.sh diff --git a/modules/jenkins_slave/files/slave_scripts/create-ppa-package.sh b/files/slave_scripts/create-ppa-package.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/create-ppa-package.sh rename to files/slave_scripts/create-ppa-package.sh diff --git a/modules/jenkins_slave/files/slave_scripts/create-tarball.sh b/files/slave_scripts/create-tarball.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/create-tarball.sh rename to files/slave_scripts/create-tarball.sh diff --git a/modules/jenkins_slave/files/slave_scripts/gerrit-doc-properties.sh b/files/slave_scripts/gerrit-doc-properties.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/gerrit-doc-properties.sh rename to files/slave_scripts/gerrit-doc-properties.sh diff --git a/modules/jenkins_slave/files/slave_scripts/gerrit-git-prep.sh b/files/slave_scripts/gerrit-git-prep.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/gerrit-git-prep.sh rename to files/slave_scripts/gerrit-git-prep.sh diff --git a/modules/jenkins_slave/files/slave_scripts/lvm-kexec-reset.sh b/files/slave_scripts/lvm-kexec-reset.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/lvm-kexec-reset.sh rename to files/slave_scripts/lvm-kexec-reset.sh diff --git a/modules/jenkins_slave/files/slave_scripts/package-gerrit.sh b/files/slave_scripts/package-gerrit.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/package-gerrit.sh rename to files/slave_scripts/package-gerrit.sh diff --git a/modules/jenkins_slave/files/slave_scripts/ping.py b/files/slave_scripts/ping.py similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/ping.py rename to files/slave_scripts/ping.py diff --git a/modules/jenkins_slave/files/slave_scripts/propose_translations.sh b/files/slave_scripts/propose_translations.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/propose_translations.sh rename to files/slave_scripts/propose_translations.sh diff --git a/modules/jenkins_slave/files/slave_scripts/run-cover.sh b/files/slave_scripts/run-cover.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/run-cover.sh rename to files/slave_scripts/run-cover.sh diff --git a/modules/jenkins_slave/files/slave_scripts/run-docs.sh b/files/slave_scripts/run-docs.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/run-docs.sh rename to files/slave_scripts/run-docs.sh diff --git a/modules/jenkins_slave/files/slave_scripts/run-selenium.sh b/files/slave_scripts/run-selenium.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/run-selenium.sh rename to files/slave_scripts/run-selenium.sh diff --git a/modules/jenkins_slave/files/slave_scripts/run-tox.sh b/files/slave_scripts/run-tox.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/run-tox.sh rename to files/slave_scripts/run-tox.sh diff --git a/modules/jenkins_slave/files/slave_scripts/tardiff.py b/files/slave_scripts/tardiff.py similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/tardiff.py rename to files/slave_scripts/tardiff.py diff --git a/modules/jenkins_slave/files/slave_scripts/update-pip-cache.sh b/files/slave_scripts/update-pip-cache.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/update-pip-cache.sh rename to files/slave_scripts/update-pip-cache.sh diff --git a/modules/jenkins_slave/files/slave_scripts/wait_for_nova.sh b/files/slave_scripts/wait_for_nova.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/wait_for_nova.sh rename to files/slave_scripts/wait_for_nova.sh diff --git a/modules/jenkins_slave/files/slave_scripts/wait_for_puppet.sh b/files/slave_scripts/wait_for_puppet.sh similarity index 100% rename from modules/jenkins_slave/files/slave_scripts/wait_for_puppet.sh rename to files/slave_scripts/wait_for_puppet.sh diff --git a/modules/jenkins_slave/files/ssh_config b/files/ssh_config similarity index 100% rename from modules/jenkins_slave/files/ssh_config rename to files/ssh_config diff --git a/modules/gerrit/files/stackforge.png b/files/stackforge.png similarity index 100% rename from modules/gerrit/files/stackforge.png rename to files/stackforge.png diff --git a/modules/jenkins_master/files/versions.conf b/files/versions.conf similarity index 100% rename from modules/jenkins_master/files/versions.conf rename to files/versions.conf diff --git a/install_jenkins_slave.sh b/install_jenkins_slave.sh deleted file mode 100755 index 9d8042c..0000000 --- a/install_jenkins_slave.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -lsbdistcodename=`lsb_release -c -s` -puppet_deb=puppetlabs-release-${lsbdistcodename}.deb -wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb -dpkg -i $puppet_deb -apt-get update -apt-get install -y puppet git rubygems - -git clone https://github.com/openstack/openstack-ci-puppet -bash openstack-ci-puppet/install_modules.sh - -puppet apply --modulepath=`pwd`/openstack-ci-puppet/modules:/etc/puppet/modules -e 'node default {class { "openstack_project::bare_slave": install_users => false }}' diff --git a/install_modules.sh b/install_modules.sh deleted file mode 100644 index e591aad..0000000 --- a/install_modules.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -MODULE_PATH=/etc/puppet/modules - -function clone_git() { - REMOTE_URL=$1 - REPO=$2 - REV=$3 - - if [ -d $MODULE_PATH/$REPO -a ! -d $MODULE_PATH/$REPO/.git ] ; then - rm -rf $MODULE_PATH/$REPO - fi - if [ ! -d $MODULE_PATH/$REPO ] ; then - git clone $REMOTE_URL $MODULE_PATH/$REPO - fi - OLDDIR=`pwd` - cd $MODULE_PATH/$REPO - if ! git rev-parse HEAD | grep "^$REV" >/dev/null; then - git fetch $REMOTE_URL - git reset --hard $REV >/dev/null - fi - cd $OLDDIR -} - -if ! puppet help module >/dev/null 2>&1 ; then - apt-get install -y -o Dpkg::Options::="--force-confold" puppet facter -fi - -MODULES=" - openstackci-dashboard - openstackci-vcsrepo - puppetlabs-apache - puppetlabs-apt - puppetlabs-mysql - " -MODULE_LIST=`puppet module list` - -# Transition away from old things -if [ -d /etc/puppet/modules/vcsrepo/.git ] ; then - rm -rf /etc/puppet/modules/vcsrepo -fi - -for MOD in $MODULES ; do - if ! echo $MODULE_LIST | grep $MOD >/dev/null 2>&1 ; then - # This will get run in cron, so silence non-error output - puppet module install --force $MOD >/dev/null - fi -done diff --git a/modules/jenkins_slave/lib/facter/memorytotalbytes.rb b/lib/facter/memorytotalbytes.rb similarity index 100% rename from modules/jenkins_slave/lib/facter/memorytotalbytes.rb rename to lib/facter/memorytotalbytes.rb diff --git a/modules/jenkins_slave/manifests/cgroups.pp b/manifests/cgroups.pp similarity index 80% rename from modules/jenkins_slave/manifests/cgroups.pp rename to manifests/cgroups.pp index 007241c..842a09f 100644 --- a/modules/jenkins_slave/manifests/cgroups.pp +++ b/manifests/cgroups.pp @@ -1,4 +1,4 @@ -class jenkins_slave::cgroups { +class jenkins::cgroups { package { 'cgroup-bin': ensure => present @@ -9,7 +9,7 @@ class jenkins_slave::cgroups { replace => true, owner => root, mode => 0644, - content => template('jenkins_slave/cgconfig.erb') + content => template('jenkins/cgconfig.erb') } file { '/etc/cgrules.conf': @@ -17,7 +17,7 @@ class jenkins_slave::cgroups { replace => true, owner => root, mode => 0644, - source => 'puppet:///modules/jenkins_slave/cgroups/cgrules.conf' + source => 'puppet:///modules/jenkins/cgroups/cgrules.conf' } service { 'cgconfig': diff --git a/modules/jenkins_slave/manifests/jenkinsuser.pp b/manifests/jenkinsuser.pp similarity index 75% rename from modules/jenkins_slave/manifests/jenkinsuser.pp rename to manifests/jenkinsuser.pp index 3d46182..ec40a1f 100644 --- a/modules/jenkins_slave/manifests/jenkinsuser.pp +++ b/manifests/jenkinsuser.pp @@ -1,4 +1,4 @@ -define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { +define jenkins::jenkinsuser($ensure = present, $sudo = false, $ssh_key) { group { 'jenkins': ensure => 'present' @@ -44,7 +44,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { group => 'jenkins', mode => 640, ensure => 'present', - source => "puppet:///modules/jenkins_slave/pip.conf", + source => "puppet:///modules/jenkins/pip.conf", require => File['jenkinspipdir'], } @@ -60,7 +60,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { group => 'jenkins', mode => 640, ensure => 'present', - source => "puppet:///modules/jenkins_slave/gitconfig", + source => "puppet:///modules/jenkins/gitconfig", require => File['jenkinshome'], } @@ -113,39 +113,6 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ensure => 'present', } - file { 'jenkinsbazaardir': - name => '/home/jenkins/.bazaar', - owner => 'jenkins', - group => 'jenkins', - mode => 755, - ensure => 'directory', - require => File['jenkinshome'], - } - - file { 'jenkinsbazaarwhoami': - name => '/home/jenkins/.bazaar/bazaar.conf', - owner => 'jenkins', - group => 'jenkins', - mode => 640, - ensure => 'present', - require => File['jenkinsbazaardir'], - source => [ - "puppet:///modules/jenkins_slave/bazaar.conf", - ], - } - - file { 'jenkinsbazaarauth': - name => '/home/jenkins/.bazaar/authentication.conf', - owner => 'jenkins', - group => 'jenkins', - mode => 640, - ensure => 'present', - require => File['jenkinsbazaardir'], - source => [ - "puppet:///modules/jenkins_slave/authentication.conf", - ], - } - file { 'jenkinssshconfig': name => '/home/jenkins/.ssh/config', owner => 'jenkins', @@ -154,7 +121,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ensure => 'present', require => File['jenkinssshdir'], source => [ - "puppet:///modules/jenkins_slave/ssh_config", + "puppet:///modules/jenkins/ssh_config", ], } @@ -166,7 +133,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ensure => 'present', require => File['jenkinssshdir'], source => [ - "puppet:///modules/jenkins_slave/slave_private_key", + "puppet:///modules/jenkins/slave_private_key", ], } @@ -187,7 +154,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ensure => 'present', require => File['jenkinsgpgdir'], source => [ - "puppet:///modules/jenkins_slave/pubring.gpg", + "puppet:///modules/jenkins/pubring.gpg", ], } @@ -199,7 +166,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ensure => 'present', require => File['jenkinsgpgdir'], source => [ - "puppet:///modules/jenkins_slave/slave_gpg_key", + "puppet:///modules/jenkins/slave_gpg_key", ], } @@ -229,7 +196,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ensure => 'present', require => File['jenkinsglanceconfigdir'], source => [ - "puppet:///modules/jenkins_slave/glance_s3.conf", + "puppet:///modules/jenkins/glance_s3.conf", ], } @@ -241,7 +208,7 @@ define jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ensure => 'present', require => File['jenkinsglanceconfigdir'], source => [ - "puppet:///modules/jenkins_slave/glance_swift.conf", + "puppet:///modules/jenkins/glance_swift.conf", ], } diff --git a/modules/jenkins_job_builder/manifests/init.pp b/manifests/job_builder.pp similarity index 93% rename from modules/jenkins_job_builder/manifests/init.pp rename to manifests/job_builder.pp index 13a23df..bdae7d2 100644 --- a/modules/jenkins_job_builder/manifests/init.pp +++ b/manifests/job_builder.pp @@ -1,4 +1,4 @@ -class jenkins_job_builder ( +class jenkins::job_builder ( $url, $username, $password, @@ -50,7 +50,7 @@ class jenkins_job_builder ( owner => 'jenkins', mode => 400, ensure => 'present', - content => template('jenkins_job_builder/jenkins_jobs.ini.erb'), + content => template('jenkins/jenkins_jobs.ini.erb'), require => File["/etc/jenkins_jobs"], } diff --git a/modules/jenkins_master/manifests/init.pp b/manifests/master.pp similarity index 86% rename from modules/jenkins_master/manifests/init.pp rename to manifests/master.pp index 701f9fa..0a4ea6d 100644 --- a/modules/jenkins_master/manifests/init.pp +++ b/manifests/master.pp @@ -1,4 +1,4 @@ -class jenkins_master($vhost_name=$fqdn, +class jenkins::master($vhost_name=$fqdn, $serveradmin="webmaster@$fqdn", $logo, $ssl_cert_file='', @@ -29,7 +29,7 @@ class jenkins_master($vhost_name=$fqdn, port => 443, docroot => 'MEANINGLESS ARGUMENT', priority => '50', - template => 'jenkins_master/jenkins.vhost.erb', + template => 'jenkins/jenkins.vhost.erb', ssl => true, } a2mod { 'rewrite': @@ -66,7 +66,7 @@ class jenkins_master($vhost_name=$fqdn, group => 'root', mode => 444, ensure => 'present', - source => "puppet:///modules/jenkins_master/versions.conf", + source => "puppet:///modules/jenkins/versions.conf", replace => 'true', notify => Service["versions"] } @@ -104,25 +104,25 @@ class jenkins_master($vhost_name=$fqdn, file { "/var/lib/jenkins/plugins/simple-theme-plugin/openstack.css": ensure => present, - source => "puppet:///modules/jenkins_master/openstack.css", + source => "puppet:///modules/jenkins/openstack.css", require => File["/var/lib/jenkins/plugins/simple-theme-plugin"] } file { "/var/lib/jenkins/plugins/simple-theme-plugin/openstack.js": ensure => present, - content => template("jenkins_master/openstack.js.erb"), + content => template("jenkins/openstack.js.erb"), require => File["/var/lib/jenkins/plugins/simple-theme-plugin"] } file { "/var/lib/jenkins/plugins/simple-theme-plugin/openstack-page-bkg.jpg": ensure => present, - source => "puppet:///modules/jenkins_master/openstack-page-bkg.jpg", + source => "puppet:///modules/jenkins/openstack-page-bkg.jpg", require => File["/var/lib/jenkins/plugins/simple-theme-plugin"] } file { "/var/lib/jenkins/plugins/simple-theme-plugin/title.png": ensure => present, - source => "puppet:///modules/jenkins_master/${logo}", + source => "puppet:///modules/jenkins/${logo}", require => File["/var/lib/jenkins/plugins/simple-theme-plugin"] } @@ -141,7 +141,7 @@ class jenkins_master($vhost_name=$fqdn, recurse => true, require => File['/usr/local/jenkins'], source => [ - "puppet:///modules/jenkins_slave/slave_scripts", + "puppet:///modules/jenkins/slave_scripts", ], } } diff --git a/manifests/site.pp b/manifests/site.pp deleted file mode 100644 index 756afa4..0000000 --- a/manifests/site.pp +++ /dev/null @@ -1,140 +0,0 @@ -# -# Default: should at least behave like an openstack server -# -node default { - include openstack_project::puppet_cron - include openstack_project::server -} - -# -# Long lived servers: -# -node "review.openstack.org" { - class { 'openstack_project::review': - github_oauth_token => hiera('gerrit_github_token'), - mysql_password => hiera('gerrit_mysql_password'), - mysql_root_password => hiera('gerrit_mysql_root_password'), - email_private_key => hiera('gerrit_email_private_key'), - gerritbot_password => hiera('gerrit_gerritbot_password'), - } -} - -node "gerrit-dev.openstack.org", "review-dev.openstack.org" { - class { 'openstack_project::review_dev': - github_oauth_token => hiera('gerrit_dev_github_token'), - mysql_password => hiera('gerrit_dev_mysql_password'), - mysql_root_password => hiera('gerrit_dev_mysql_root_password'), - email_private_key => hiera('gerrit_dev_email_private_key') - } -} - -node "jenkins.openstack.org" { - class { 'openstack_project::jenkins': - jenkins_jobs_password => hiera('jenkins_jobs_password'), - } - class { "openstack_project::zuul": - jenkins_server => "https://$fqdn", - jenkins_user => 'hudson-openstack', - jenkins_apikey => hiera('zuul_jenkins_apikey'), - gerrit_server => 'review.openstack.org', - gerrit_user => 'jenkins', - } -} - -node "jenkins-dev.openstack.org" { - include openstack_project::jenkins_dev -} - -node "community.openstack.org" { - include openstack_project::community -} - -node "ci-puppetmaster.openstack.org" { - include openstack_project::puppetmaster -} - -node "lists.openstack.org" { - class { 'openstack_project::lists': - listadmins => hiera('listadmins'), - } -} - -node "paste.openstack.org" { - include openstack_project::paste -} - -node "planet.openstack.org" { - include openstack_project::planet -} - -node "eavesdrop.openstack.org" { - class { 'openstack_project::eavesdrop': - nickpass => hiera('openstack_meetbot_password'), - } -} - -node "pypi.openstack.org" { - include openstack_project::pypi -} - -node 'etherpad.openstack.org' { - class { 'openstack_project::etherpad': - etherpad_crt => hiera('etherpad_crt'), - etherpad_key => hiera('etherpad_key'), - database_password => hiera('etherpad_db_password'), - } -} - -node 'wiki.openstack.org' { - include openstack_project::wiki -} - -node 'puppet-dashboard.openstack.org' { - class { 'openstack_project::dashboard': - password => hiera('dashboard_password'), - mysql_password => hiera('dashboard_mysql_password'), - } -} - -# A machine to serve static content. -node 'static.openstack.org' { - include openstack_project::static -} - -# A bare machine, but with a jenkins user -node /^.*\.template\.openstack\.org$/ { - include openstack_project::slave_template -} - -# A backup machine. Don't run cron or puppet agent on it. -node /^ci-backup-.*\.openstack\.org$/ { - include openstack_project::backup_server -} - -# -# Jenkins slaves: -# - -# Rollout cgroups to precise slaves. -node /^precise.*\.slave\.openstack\.org$/ { - include openstack_project::puppet_cron - include openstack_project::slave - - include ulimit - ulimit::conf { 'limit_jenkins_procs': - limit_domain => 'jenkins', - limit_type => 'hard', - limit_item => 'nproc', - limit_value => '256' - } - include jenkins_slave::cgroups -} - -node /^.*\.slave\.openstack\.org$/ { - include openstack_project::puppet_cron - include openstack_project::slave -} - -node /^.*\.jclouds\.openstack\.org$/ { - include openstack_project::bare_slave -} diff --git a/modules/jenkins_slave/manifests/init.pp b/manifests/slave.pp similarity index 93% rename from modules/jenkins_slave/manifests/init.pp rename to manifests/slave.pp index 509e6e6..95ae167 100644 --- a/modules/jenkins_slave/manifests/init.pp +++ b/manifests/slave.pp @@ -1,9 +1,9 @@ -class jenkins_slave($ssh_key, $sudo = false, $bare = false, $user = true) { +class jenkins::slave($ssh_key, $sudo = false, $bare = false, $user = true) { include pip if ($user == true) { - jenkinsuser { "jenkins": + jenkins::jenkinsuser { "jenkins": ensure => present, sudo => $sudo, ssh_key => "${ssh_key}" @@ -73,7 +73,7 @@ class jenkins_slave($ssh_key, $sudo = false, $bare = false, $user = true) { mode => 644, ensure => 'present', source => [ - "puppet:///modules/jenkins_slave/rubygems.sh", + "puppet:///modules/jenkins/rubygems.sh", ], } @@ -143,7 +143,7 @@ class jenkins_slave($ssh_key, $sudo = false, $bare = false, $user = true) { recurse => true, require => File['/usr/local/jenkins'], source => [ - "puppet:///modules/jenkins_slave/slave_scripts", + "puppet:///modules/jenkins/slave_scripts", ], } @@ -151,7 +151,7 @@ class jenkins_slave($ssh_key, $sudo = false, $bare = false, $user = true) { # https://lists.launchpad.net/openstack/msg13381.html file { '/etc/sysctl.d/10-ptrace.conf': ensure => present, - source => "puppet:///modules/jenkins_slave/10-ptrace.conf", + source => "puppet:///modules/jenkins/10-ptrace.conf", owner => 'root', group => 'root', mode => 444, diff --git a/modules/bup/manifests/init.pp b/modules/bup/manifests/init.pp deleted file mode 100644 index 2dc807a..0000000 --- a/modules/bup/manifests/init.pp +++ /dev/null @@ -1,23 +0,0 @@ -class bup { - package { "bup": - ensure => present - } - - file { "/etc/bup-excludes": - ensure => present, - content => "/proc/* -/sys/* -/dev/* -/tmp/* -/floppy/* -/cdrom/* -/var/spool/squid/* -/var/spool/exim/* -/media/* -/mnt/* -/var/agentx/* -/run/* -" - } - -} diff --git a/modules/bup/manifests/site.pp b/modules/bup/manifests/site.pp deleted file mode 100644 index fd68e30..0000000 --- a/modules/bup/manifests/site.pp +++ /dev/null @@ -1,8 +0,0 @@ -define bup::site($backup_user, $backup_server) { - cron { "bup-$name": - user => root, - hour => "5", - minute => "37", - command => "tar -X /etc/bup-excludes -cPf - / | bup split -r $backup_user@$backup_server: -n root -q", - } -} diff --git a/modules/devstack_host/files/rabbitmq-env.conf b/modules/devstack_host/files/rabbitmq-env.conf deleted file mode 100644 index ce9f3c4..0000000 --- a/modules/devstack_host/files/rabbitmq-env.conf +++ /dev/null @@ -1,4 +0,0 @@ -# This file is managed by puppet -# Use localhost in the node name so that we don't need to -# touch /etc/hosts or use dns -NODENAME=rabbit@localhost diff --git a/modules/devstack_host/manifests/init.pp b/modules/devstack_host/manifests/init.pp deleted file mode 100644 index 35ef897..0000000 --- a/modules/devstack_host/manifests/init.pp +++ /dev/null @@ -1,41 +0,0 @@ -# A machine ready to run devstack -class devstack_host { - - package { "linux-headers-virtual": - ensure => present, - } - - package { "mysql-server": - ensure => present, - } - - package { "rabbitmq-server": - ensure => present, - require => File['rabbitmq-env.conf'], - } - - file { "/etc/rabbitmq": - ensure => "directory", - } - - file { 'rabbitmq-env.conf': - name => '/etc/rabbitmq/rabbitmq-env.conf', - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => [ - "puppet:///modules/devstack_host/rabbitmq-env.conf", - ], - require => File['/etc/rabbitmq'], - } - - exec { "Set MySQL server root password": - subscribe => [ Package["mysql-server"]], - refreshonly => true, - unless => "mysqladmin -uroot -psecret status", - path => "/bin:/usr/bin", - command => "mysqladmin -uroot password secret", - } - -} diff --git a/modules/etherpad_lite/files/pad.js b/modules/etherpad_lite/files/pad.js deleted file mode 100644 index 1fe0210..0000000 --- a/modules/etherpad_lite/files/pad.js +++ /dev/null @@ -1,7 +0,0 @@ -function customStart() -{ - //define your javascript here - //jquery is available - except index.js - //you can load extra scripts with $.getScript http://api.jquery.com/jQuery.getScript/ - chat.stickToScreen(true); -} diff --git a/modules/etherpad_lite/manifests/apache.pp b/modules/etherpad_lite/manifests/apache.pp deleted file mode 100644 index 869b0fe..0000000 --- a/modules/etherpad_lite/manifests/apache.pp +++ /dev/null @@ -1,58 +0,0 @@ -class etherpad_lite::apache ( - $vhost_name = $fqdn, - $etherpad_crt, - $etherpad_key -) { - - include remove_nginx - - apache::vhost { $vhost_name: - port => 443, - docroot => 'MEANINGLESS ARGUMENT', - priority => '50', - template => 'etherpad_lite/etherpadlite.vhost.erb', - require => File["/etc/ssl/certs/${vhost_name}.pem", - "/etc/ssl/private/${vhost_name}.key"], - ssl => true, - } - a2mod { 'rewrite': - ensure => present - } - a2mod { 'proxy': - ensure => present - } - a2mod { 'proxy_http': - ensure => present - } - - file { '/etc/ssl/certs': - ensure => directory, - owner => 'root', - mode => 0700, - } - - file { '/etc/ssl/private': - ensure => directory, - owner => 'root', - mode => 0700, - } - - file { "/etc/ssl/certs/${vhost_name}.pem": - ensure => present, - replace => true, - owner => 'root', - mode => 0600, - content => template('etherpad_lite/eplite.crt.erb'), - require => File['/etc/ssl/certs'], - } - - file { "/etc/ssl/private/${vhost_name}.key": - ensure => present, - replace => true, - owner => 'root', - mode => 0600, - content => template('etherpad_lite/eplite.key.erb'), - require => File['/etc/ssl/private'], - } - -} diff --git a/modules/etherpad_lite/manifests/backup.pp b/modules/etherpad_lite/manifests/backup.pp deleted file mode 100644 index 1340b17..0000000 --- a/modules/etherpad_lite/manifests/backup.pp +++ /dev/null @@ -1,26 +0,0 @@ -class etherpad_lite::backup ( - $minute = '0', - $hour = '0', - $day = '*', - $dest = "${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}/db.sql.gz", - $rotation = 'daily', - $num_backups = '30' -) { - - cron { eplitedbbackup: - ensure => present, - command => "/usr/bin/mysqldump --defaults-file=/etc/mysql/debian.cnf --opt etherpad-lite | gzip -9 > ${dest}", - minute => $minute, - hour => $hour, - weekday => $day, - require => Package['mysql-server'] - } - - include logrotate - logrotate::file { 'eplitedb': - log => $dest, - options => ['nocompress', "rotate ${num_backups}", $rotation], - require => Cron['eplitedbbackup'] - } - -} diff --git a/modules/etherpad_lite/manifests/init.pp b/modules/etherpad_lite/manifests/init.pp deleted file mode 100644 index 1a6da2c..0000000 --- a/modules/etherpad_lite/manifests/init.pp +++ /dev/null @@ -1,142 +0,0 @@ -# define to build from source using ./configure && make && make install. -define buildsource( - $dir = $title, - $user = 'root', - $creates = '/nonexistant/file' -) { - - exec { "./configure in ${dir}": - command => './configure', - path => "/usr/bin:/bin:/usr/local/bin:${dir}", - user => $user, - cwd => $dir, - creates => $creates - } -> - - exec { "make in ${dir}": - command => 'make', - path => '/usr/bin:/bin', - user => $user, - cwd => $dir, - creates => $creates - } -> - - exec { "make install in ${dir}": - command => 'make install', - path => '/usr/bin:/bin', - user => $user, - cwd => $dir, - creates => $creates - } - -} - -# Class to install etherpad lite. Puppet acts a lot like a package manager -# through this class. -# -# To use etherpad lite you will want the following includes: -# include etherpad_lite -# include etherpad_lite::mysql # necessary to use mysql as the backend -# include etherpad_lite::site # configures etherpad lite instance -# include etherpad_lite::apache # will add reverse proxy on localhost -# The defaults for all the classes should just work (tm) -# -# -class etherpad_lite ( - $ep_user = 'eplite', - $base_log_dir = '/var/log', - $base_install_dir = '/opt/etherpad-lite' -) { - - user { $ep_user: - shell => '/sbin/nologin', - home => "${base_log_dir}/${ep_user}", - system => true, - gid => $ep_user, - require => Group[$ep_user] - } - - group { $ep_user: - ensure => present - } - - # Below is what happens when you treat puppet as a package manager. - # This is probably bad, but it works and you don't need to roll .debs. - file { "${base_install_dir}": - ensure => directory, - group => $ep_user, - mode => 0664, - } - - vcsrepo { "${base_install_dir}/nodejs": - ensure => present, - provider => git, - source => 'https://github.com/joyent/node.git', - revision => 'v0.6.16', - require => Package['git'] - } - - package { ['gzip', - 'curl', - 'python', - 'libssl-dev', - 'pkg-config', - 'abiword', - 'build-essential']: - ensure => present - } - - package { ['nodejs', 'npm']: - ensure => purged - } - - buildsource { "${base_install_dir}/nodejs": - creates => '/usr/local/bin/node', - require => [Package['gzip'], - Package['curl'], - Package['python'], - Package['libssl-dev'], - Package['pkg-config'], - Package['build-essential'], - Vcsrepo["${base_install_dir}/nodejs"]] - } - - vcsrepo { "${base_install_dir}/etherpad-lite": - ensure => present, - provider => git, - source => "https://github.com/Pita/etherpad-lite.git", - owner => $ep_user, - require => Package['git'], - } - - exec { 'install_etherpad_dependencies': - command => './bin/installDeps.sh', - path => "/usr/bin:/bin:/usr/local/bin:${base_install_dir}/etherpad-lite", - user => $ep_user, - cwd => "${base_install_dir}/etherpad-lite", - environment => "HOME=${base_log_dir}/${ep_user}", - require => [Vcsrepo["${base_install_dir}/etherpad-lite"], - Buildsource["${base_install_dir}/nodejs"]], - before => File["${base_install_dir}/etherpad-lite/settings.json"], - creates => "${base_install_dir}/etherpad-lite/node_modules" - } - - file { '/etc/init/etherpad-lite.conf': - ensure => 'present', - content => template('etherpad_lite/upstart.erb'), - replace => 'true', - owner => 'root', - } - - file { '/etc/init.d/etherpad-lite': - ensure => link, - target => '/lib/init/upstart-job' - } - - file { "${base_log_dir}/${ep_user}": - ensure => directory, - owner => $ep_user, - } - # end package management ugliness - -} diff --git a/modules/etherpad_lite/manifests/mysql.pp b/modules/etherpad_lite/manifests/mysql.pp deleted file mode 100644 index 65994a3..0000000 --- a/modules/etherpad_lite/manifests/mysql.pp +++ /dev/null @@ -1,64 +0,0 @@ -class etherpad_lite::mysql ( - $dbType = 'mysql', - $database_user = 'eplite', - $database_name = 'etherpad-lite', - $database_password -) { - - include etherpad_lite - - package { 'mysql-server': - ensure => present - } - - package { 'mysql-client': - ensure => present - } - - service { "mysql": - enable => true, - ensure => running, - hasrestart => true, - require => [Package['mysql-server'], - Package['mysql-client']] - } - - file { "${etherpad_lite::base_install_dir}/etherpad-lite/create_database.sh": - ensure => 'present', - content => template('etherpad_lite/create_database.sh.erb'), - replace => true, - owner => $etherpad_lite::ep_user, - group => $etherpad_lite::ep_user, - mode => 0755, - require => Class['etherpad_lite'] - } - - file { "${etherpad_lite::base_install_dir}/etherpad-lite/create_user.sh": - ensure => 'present', - content => template('etherpad_lite/create_user.sh.erb'), - replace => true, - owner => $etherpad_lite::ep_user, - group => $etherpad_lite::ep_user, - mode => 0755, - require => Class['etherpad_lite'] - } - - exec { "create-etherpad-lite-db": - unless => "mysql --defaults-file=/etc/mysql/debian.cnf ${database_name}", - path => ['/bin', '/usr/bin'], - command => "${etherpad_lite::base_install_dir}/etherpad-lite/create_database.sh", - require => [Service['mysql'], - File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"], - File["${etherpad_lite::base_install_dir}/etherpad-lite/create_database.sh"]] - } -> - - exec { "grant-etherpad-lite-db": - unless => "mysql -u${database_user} -p${database_password} ${database_name}", - path => ['/bin', '/usr/bin'], - command => "${etherpad_lite::base_install_dir}/etherpad-lite/create_user.sh", - require => [Service['mysql'], - File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"], - File["${etherpad_lite::base_install_dir}/etherpad-lite/create_user.sh"]] - } - -} diff --git a/modules/etherpad_lite/manifests/site.pp b/modules/etherpad_lite/manifests/site.pp deleted file mode 100644 index 2641cae..0000000 --- a/modules/etherpad_lite/manifests/site.pp +++ /dev/null @@ -1,58 +0,0 @@ -class etherpad_lite::site ( - $dbType = 'mysql', - $database_user = 'eplite', - $database_name = 'etherpad-lite', - $database_password, -) { - - include etherpad_lite - - if $dbType == 'mysql' { - service { 'etherpad-lite': - enable => true, - ensure => running, - subscribe => File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"], - require => Class['etherpad_lite::mysql'], - } - } - else { - service { 'etherpad-lite': - enable => true, - ensure => running, - subscribe => File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"], - } - } - - file { "${etherpad_lite::base_install_dir}/etherpad-lite/settings.json": - ensure => 'present', - content => template('etherpad_lite/etherpad-lite_settings.json.erb'), - replace => true, - owner => $etherpad_lite::ep_user, - group => $etherpad_lite::ep_user, - mode => 0600, - require => Class['etherpad_lite'] - } - - file { "${etherpad_lite::base_install_dir}/etherpad-lite/src/static/custom/pad.js": - ensure => 'present', - source => 'puppet:///modules/etherpad_lite/pad.js', - owner => $etherpad_lite::ep_user, - group => $etherpad_lite::ep_user, - mode => 0644, - require => Class['etherpad_lite'] - } - - include logrotate - logrotate::file { 'epliteerror': - log => "${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}/error.log", - options => ['compress', 'copytruncate', 'missingok', 'rotate 7', 'daily', 'notifempty'], - require => Service['etherpad-lite'] - } - - logrotate::file { 'epliteaccess': - log => "${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}/access.log", - options => ['compress', 'copytruncate', 'missingok', 'rotate 7', 'daily', 'notifempty'], - require => Service['etherpad-lite'] - } - -} diff --git a/modules/etherpad_lite/templates/create_database.sh.erb b/modules/etherpad_lite/templates/create_database.sh.erb deleted file mode 100644 index 97af276..0000000 --- a/modules/etherpad_lite/templates/create_database.sh.erb +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -mysql --defaults-file=/etc/mysql/debian.cnf -e 'create database `<%= database_name %>` CHARACTER SET utf8 COLLATE utf8_bin' diff --git a/modules/etherpad_lite/templates/create_user.sh.erb b/modules/etherpad_lite/templates/create_user.sh.erb deleted file mode 100644 index 0c1f24b..0000000 --- a/modules/etherpad_lite/templates/create_user.sh.erb +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -mysql --defaults-file=/etc/mysql/debian.cnf -e 'grant all on `<%= database_name %>`.* to "<%= database_user %>"@"localhost" identified by "<%= database_password %>";' diff --git a/modules/etherpad_lite/templates/eplite.crt.erb b/modules/etherpad_lite/templates/eplite.crt.erb deleted file mode 100644 index 2b2bdcd..0000000 --- a/modules/etherpad_lite/templates/eplite.crt.erb +++ /dev/null @@ -1 +0,0 @@ -<%= etherpad_crt %> diff --git a/modules/etherpad_lite/templates/eplite.key.erb b/modules/etherpad_lite/templates/eplite.key.erb deleted file mode 100644 index 9f99d02..0000000 --- a/modules/etherpad_lite/templates/eplite.key.erb +++ /dev/null @@ -1 +0,0 @@ -<%= etherpad_key %> diff --git a/modules/etherpad_lite/templates/etherpad-lite_settings.json.erb b/modules/etherpad_lite/templates/etherpad-lite_settings.json.erb deleted file mode 100644 index 7d9ee88..0000000 --- a/modules/etherpad_lite/templates/etherpad-lite_settings.json.erb +++ /dev/null @@ -1,47 +0,0 @@ -/* - This file must be valid JSON. But comments are allowed - - Please edit settings.json, not settings.json.template -*/ -{ - //Ip and port which etherpad should bind at - "ip": "127.0.0.1", - "port" : 9001, - - //The Type of the database. You can choose between dirty, sqlite and mysql - //You should use mysql or sqlite for anything else than testing or development - "dbType" : "<%= dbType %>", - //the database specific settings - "dbSettings" : { - "user" : "<%= database_user %>", - "host" : "localhost", - "password": "<%= database_password %>", - "database": "<%= database_name %>" - }, - //the default text of a pad - "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n", - - /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */ - "requireSession" : false, - - /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */ - "editOnly" : false, - - /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly, - but makes it impossible to debug the javascript/css */ - "minify" : true, - - /* How long may clients use served javascript code? Without versioning this - is may cause problems during deployment. */ - "maxAge" : 21600000, // 6 hours - - /* This is the path to the Abiword executable. Setting it to null, disables abiword. - Abiword is needed to enable the import/export of pads*/ - "abiword" : "/usr/bin/abiword", - - /* This setting is used if you need http basic auth */ - // "httpAuth" : "user:pass", - - /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */ - "loglevel": "INFO" -} diff --git a/modules/etherpad_lite/templates/etherpadlite.vhost.erb b/modules/etherpad_lite/templates/etherpadlite.vhost.erb deleted file mode 100644 index 6ac0aec..0000000 --- a/modules/etherpad_lite/templates/etherpadlite.vhost.erb +++ /dev/null @@ -1,44 +0,0 @@ -:80> - ServerAdmin <%= scope.lookupvar("etherpad_lite::apache::serveradmin") %> - - ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-access.log combined - - Redirect / https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/ - - - - -:443> - ServerName <%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> - ServerAdmin <%= scope.lookupvar("etherpad_lite::apache::serveradmin") %> - - ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>-ssl-access.log combined - - SSLEngine on - - SSLCertificateFile /etc/ssl/certs/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>.pem - SSLCertificateKeyFile /etc/ssl/private/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>.key - - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - RewriteEngine on - RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> - RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> - RewriteRule ^/(.*)$ http://localhost:9001/$1 [P] - - ProxyPassReverse / http://localhost:9001/ - - - diff --git a/modules/etherpad_lite/templates/upstart.erb b/modules/etherpad_lite/templates/upstart.erb deleted file mode 100644 index 9610779..0000000 --- a/modules/etherpad_lite/templates/upstart.erb +++ /dev/null @@ -1,26 +0,0 @@ -description "etherpad-lite" - -start on started networking -stop on runlevel [!2345] - -env EPHOME=<%= base_install_dir %>/etherpad-lite -env EPLOGS=<%= base_log_dir %>/<%= ep_user %> -env EPUSER=<%= ep_user %> - -respawn - -pre-start script - chdir $EPHOME - mkdir $EPLOGS ||true - chown $EPUSER:admin $EPLOGS ||true - chmod 0755 $EPLOGS ||true - chown -R $EPUSER:admin $EPHOME/var ||true - bin/installDeps.sh >> $EPLOGS/error.log || { stop; exit 1; } -end script - -script - cd $EPHOME - exec su -s /bin/sh -c 'exec "$0" "$@"' $EPUSER -- /usr/local/bin/node node_modules/ep_etherpad-lite/node/server.js \ - >> $EPLOGS/access.log \ - 2>> $EPLOGS/error.log -end script diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp deleted file mode 100644 index f5f11a5..0000000 --- a/modules/exim/manifests/init.pp +++ /dev/null @@ -1,36 +0,0 @@ -class exim($sysadmin=[], $mailman_domains=[]) { - package { 'exim4-base': - ensure => present; - } - package { 'exim4-config': - ensure => present; - } - package { 'exim4-daemon-light': - ensure => present, - require => [Package[exim4-base], Package[exim4-config]], - } - - service { 'exim4': - ensure => running, - hasrestart => true, - subscribe => File['/etc/exim4/exim4.conf'], - } - - file { '/etc/exim4/exim4.conf': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - content => template("exim/exim4.conf.erb"), - replace => 'true', - } - - file { '/etc/aliases': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - content => template("exim/aliases.erb"), - replace => 'true', - } -} diff --git a/modules/exim/templates/aliases.erb b/modules/exim/templates/aliases.erb deleted file mode 100644 index d3204c8..0000000 --- a/modules/exim/templates/aliases.erb +++ /dev/null @@ -1,19 +0,0 @@ -# /etc/aliases -mailer-daemon: postmaster -postmaster: root -nobody: root -hostmaster: root -usenet: root -news: root -webmaster: root -www: root -ftp: root -abuse: root -noc: root -security: root - -gerrit2: root -jenkins: root -<% if sysadmin.length > 0 -%> -root: <%= sysadmin.join(",") %> -<% end -%> diff --git a/modules/exim/templates/exim4.conf.erb b/modules/exim/templates/exim4.conf.erb deleted file mode 100644 index a29b1cf..0000000 --- a/modules/exim/templates/exim4.conf.erb +++ /dev/null @@ -1,825 +0,0 @@ -# $Cambridge: exim/exim-src/src/configure.default,v 1.14 2009/10/16 07:46:13 tom Exp $ - -###################################################################### -# Runtime configuration file for Exim # -###################################################################### - - -# This is a default configuration file which will operate correctly in -# uncomplicated installations. Please see the manual for a complete list -# of all the runtime configuration options that can be included in a -# configuration file. There are many more than are mentioned here. The -# manual is in the file doc/spec.txt in the Exim distribution as a plain -# ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available -# from the Exim ftp sites. The manual is also online at the Exim web sites. - - -# This file is divided into several parts, all but the first of which are -# headed by a line starting with the word "begin". Only those parts that -# are required need to be present. Blank lines, and lines starting with # -# are ignored. - - -########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### -# # -# Whenever you change Exim's configuration file, you *must* remember to # -# HUP the Exim daemon, because it will not pick up the new configuration # -# until you do. However, any other Exim processes that are started, for # -# example, a process started by an MUA in order to send a message, will # -# see the new configuration as soon as it is in place. # -# # -# You do not need to HUP the daemon for changes in auxiliary files that # -# are referenced from this file. They are read every time they are used. # -# # -# It is usually a good idea to test a new configuration for syntactic # -# correctness before installing it (for example, by running the command # -# "exim -C /config/file.new -bV"). # -# # -########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### - -CONFDIR = /etc/exim4 - -###################################################################### -# MAIN CONFIGURATION SETTINGS # -###################################################################### - -# Specify your host's canonical name here. This should normally be the fully -# qualified "official" name of your host. If this option is not set, the -# uname() function is called to obtain the name. In many cases this does -# the right thing and you need not set anything explicitly. - -# primary_hostname = - -# The next three settings create two lists of domains and one list of hosts. -# These lists are referred to later in this configuration using the syntax -# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They -# are all colon-separated lists: - -domainlist local_domains = @<% if mailman_domains.length > 0 -%>:<%= mailman_domains.join(":") %><% end -%> - -domainlist relay_to_domains = -hostlist relay_from_hosts = 127.0.0.1 - -# Most straightforward access control requirements can be obtained by -# appropriate settings of the above options. In more complicated situations, -# you may need to modify the Access Control Lists (ACLs) which appear later in -# this file. - -# The first setting specifies your local domains, for example: -# -# domainlist local_domains = my.first.domain : my.second.domain -# -# You can use "@" to mean "the name of the local host", as in the default -# setting above. This is the name that is specified by primary_hostname, -# as specified above (or defaulted). If you do not want to do any local -# deliveries, remove the "@" from the setting above. If you want to accept mail -# addressed to your host's literal IP address, for example, mail addressed to -# "user@[192.168.23.44]", you can add "@[]" as an item in the local domains -# list. You also need to uncomment "allow_domain_literals" below. This is not -# recommended for today's Internet. - -# The second setting specifies domains for which your host is an incoming relay. -# If you are not doing any relaying, you should leave the list empty. However, -# if your host is an MX backup or gateway of some kind for some domains, you -# must set relay_to_domains to match those domains. For example: -# -# domainlist relay_to_domains = *.myco.com : my.friend.org -# -# This will allow any host to relay through your host to those domains. -# See the section of the manual entitled "Control of relaying" for more -# information. - -# The third setting specifies hosts that can use your host as an outgoing relay -# to any other host on the Internet. Such a setting commonly refers to a -# complete local network as well as the localhost. For example: -# -# hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16 -# -# The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you -# have to include 127.0.0.1 if you want to allow processes on your host to send -# SMTP mail by using the loopback address. A number of MUAs use this method of -# sending mail. - -# All three of these lists may contain many different kinds of item, including -# wildcarded names, regular expressions, and file lookups. See the reference -# manual for details. The lists above are used in the access control lists for -# checking incoming messages. The names of these ACLs are defined here: - -acl_smtp_rcpt = acl_check_rcpt -acl_smtp_data = acl_check_data - -# You should not change those settings until you understand how ACLs work. - - -# If you are running a version of Exim that was compiled with the content- -# scanning extension, you can cause incoming messages to be automatically -# scanned for viruses. You have to modify the configuration in two places to -# set this up. The first of them is here, where you define the interface to -# your scanner. This example is typical for ClamAV; see the manual for details -# of what to set for other virus scanners. The second modification is in the -# acl_check_data access control list (see below). - -# av_scanner = clamd:/tmp/clamd - - -# For spam scanning, there is a similar option that defines the interface to -# SpamAssassin. You do not need to set this if you are using the default, which -# is shown in this commented example. As for virus scanning, you must also -# modify the acl_check_data access control list to enable spam scanning. - -# spamd_address = 127.0.0.1 783 - - -# If Exim is compiled with support for TLS, you may want to enable the -# following options so that Exim allows clients to make encrypted -# connections. In the authenticators section below, there are template -# configurations for plaintext username/password authentication. This kind -# of authentication is only safe when used within a TLS connection, so the -# authenticators will only work if the following TLS settings are turned on -# as well. - -# Allow any client to use TLS. - -#tls_advertise_hosts = * - -# Specify the location of the Exim server's TLS certificate and private key. -# The private key must not be encrypted (password protected). You can put -# the certificate and private key in the same file, in which case you only -# need the first setting, or in separate files, in which case you need both -# options. - -# tls_certificate = /etc/ssl/exim.crt -# tls_privatekey = /etc/ssl/exim.pem - -# In order to support roaming users who wish to send email from anywhere, -# you may want to make Exim listen on other ports as well as port 25, in -# case these users need to send email from a network that blocks port 25. -# The standard port for this purpose is port 587, the "message submission" -# port. See RFC 4409 for details. Microsoft MUAs cannot be configured to -# talk the message submission protocol correctly, so if you need to support -# them you should also allow TLS-on-connect on the traditional but -# non-standard port 465. - -# daemon_smtp_ports = 25 : 465 : 587 -# tls_on_connect_ports = 465 - -# Specify the domain you want to be added to all unqualified addresses -# here. An unqualified address is one that does not contain an "@" character -# followed by a domain. For example, "caesar@rome.example" is a fully qualified -# address, but the string "caesar" (i.e. just a login name) is an unqualified -# email address. Unqualified addresses are accepted only from local callers by -# default. See the recipient_unqualified_hosts option if you want to permit -# unqualified addresses from remote sources. If this option is not set, the -# primary_hostname value is used for qualification. - -# qualify_domain = - - -# If you want unqualified recipient addresses to be qualified with a different -# domain to unqualified sender addresses, specify the recipient domain here. -# If this option is not set, the qualify_domain value is used. - -# qualify_recipient = - - -# The following line must be uncommented if you want Exim to recognize -# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal" -# (an IP address) instead of a named domain. The RFCs still require this form, -# but it makes little sense to permit mail to be sent to specific hosts by -# their IP address in the modern Internet. This ancient format has been used -# by those seeking to abuse hosts by using them for unwanted relaying. If you -# really do want to support domain literals, uncomment the following line, and -# see also the "domain_literal" router below. - -# allow_domain_literals - - -# No deliveries will ever be run under the uids of users specified by -# never_users (a colon-separated list). An attempt to do so causes a panic -# error to be logged, and the delivery to be deferred. This is a paranoic -# safety catch. There is an even stronger safety catch in the form of the -# FIXED_NEVER_USERS setting in the configuration for building Exim. The list of -# users that it specifies is built into the binary, and cannot be changed. The -# option below just adds additional users to the list. The default for -# FIXED_NEVER_USERS is "root", but just to be absolutely sure, the default here -# is also "root". - -# Note that the default setting means you cannot deliver mail addressed to root -# as if it were a normal user. This isn't usually a problem, as most sites have -# an alias for root that redirects such mail to a human administrator. - -never_users = root - - -# The setting below causes Exim to do a reverse DNS lookup on all incoming -# IP calls, in order to get the true host name. If you feel this is too -# expensive, you can specify the networks for which a lookup is done, or -# remove the setting entirely. - -host_lookup = * - - -# The settings below, which are actually the same as the defaults in the -# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP -# calls. You can limit the hosts to which these calls are made, and/or change -# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls -# are disabled. RFC 1413 calls are cheap and can provide useful information -# for tracing problem messages, but some hosts and firewalls have problems -# with them. This can result in a timeout instead of an immediate refused -# connection, leading to delays on starting up SMTP sessions. (The default was -# reduced from 30s to 5s for release 4.61.) - -rfc1413_hosts = * -rfc1413_query_timeout = 0s - - -# By default, Exim expects all envelope addresses to be fully qualified, that -# is, they must contain both a local part and a domain. If you want to accept -# unqualified addresses (just a local part) from certain hosts, you can specify -# these hosts by setting one or both of -# -# sender_unqualified_hosts = -# recipient_unqualified_hosts = -# -# to control sender and recipient addresses, respectively. When this is done, -# unqualified addresses are qualified using the settings of qualify_domain -# and/or qualify_recipient (see above). - - -# If you want Exim to support the "percent hack" for certain domains, -# uncomment the following line and provide a list of domains. The "percent -# hack" is the feature by which mail addressed to x%y@z (where z is one of -# the domains listed) is locally rerouted to x@y and sent on. If z is not one -# of the "percent hack" domains, x%y is treated as an ordinary local part. This -# hack is rarely needed nowadays; you should not enable it unless you are sure -# that you really need it. -# -# percent_hack_domains = -# -# As well as setting this option you will also need to remove the test -# for local parts containing % in the ACL definition below. - - -# When Exim can neither deliver a message nor return it to sender, it "freezes" -# the delivery error message (aka "bounce message"). There are also other -# circumstances in which messages get frozen. They will stay on the queue for -# ever unless one of the following options is set. - -# This option unfreezes frozen bounce messages after two days, tries -# once more to deliver them, and ignores any delivery failures. - -ignore_bounce_errors_after = 2d - -# This option cancels (removes) frozen messages that are older than a week. - -timeout_frozen_after = 7d - - -# By default, messages that are waiting on Exim's queue are all held in a -# single directory called "input" which it itself within Exim's spool -# directory. (The default spool directory is specified when Exim is built, and -# is often /var/spool/exim/.) Exim works best when its queue is kept short, but -# there are circumstances where this is not always possible. If you uncomment -# the setting below, messages on the queue are held in 62 subdirectories of -# "input" instead of all in the same directory. The subdirectories are called -# 0, 1, ... A, B, ... a, b, ... z. This has two benefits: (1) If your file -# system degrades with many files in one directory, this is less likely to -# happen; (2) Exim can process the queue one subdirectory at a time instead of -# all at once, which can give better performance with large queues. - -# split_spool_directory = true - -<% if mailman_domains.length > 0 -%> -# Home dir for your Mailman installation -- aka Mailman's prefix -# directory. -MM_HOME=/var/lib/mailman -# -# User and group for Mailman, should match your --with-mail-gid -# switch to Mailman's configure script. -# Value is normally "mailman" -MM_UID=list -MM_GID=list -# -# Domains that your lists are in - colon separated list -# you may wish to add these into local_domains as well -domainlist mm_domains=<%= mailman_domains.join(":") %> -# -# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -# -# These values are derived from the ones above and should not need -# editing unless you have munged your mailman installation -# -# The path of the Mailman mail wrapper script -MM_WRAP=MM_HOME/mail/mailman -# -# The path of the list config file (used as a required file when -# verifying list addresses) -MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck -<% end -%> - -###################################################################### -# ACL CONFIGURATION # -# Specifies access control lists for incoming SMTP mail # -###################################################################### - -begin acl - -# This access control list is used for every RCPT command in an incoming -# SMTP message. The tests are run in order until the address is either -# accepted or denied. - -acl_check_rcpt: - - # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by - # testing for an empty sending host field. - - accept hosts = : - control = dkim_disable_verify - - ############################################################################# - # The following section of the ACL is concerned with local parts that contain - # @ or % or ! or / or | or dots in unusual places. - # - # The characters other than dots are rarely found in genuine local parts, but - # are often tried by people looking to circumvent relaying restrictions. - # Therefore, although they are valid in local parts, these rules lock them - # out, as a precaution. - # - # Empty components (two dots in a row) are not valid in RFC 2822, but Exim - # allows them because they have been encountered. (Consider local parts - # constructed as "firstinitial.secondinitial.familyname" when applied to - # someone like me, who has no second initial.) However, a local part starting - # with a dot or containing /../ can cause trouble if it is used as part of a - # file name (e.g. for a mailing list). This is also true for local parts that - # contain slashes. A pipe symbol can also be troublesome if the local part is - # incorporated unthinkingly into a shell command line. - # - # Two different rules are used. The first one is stricter, and is applied to - # messages that are addressed to one of the local domains handled by this - # host. The line "domains = +local_domains" restricts it to domains that are - # defined by the "domainlist local_domains" setting above. The rule blocks - # local parts that begin with a dot or contain @ % ! / or |. If you have - # local accounts that include these characters, you will have to modify this - # rule. - - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - # The second rule applies to all other domains, and is less strict. The line - # "domains = !+local_domains" restricts it to domains that are NOT defined by - # the "domainlist local_domains" setting above. The exclamation mark is a - # negating operator. This rule allows your own users to send outgoing - # messages to sites that use slashes and vertical bars in their local parts. - # It blocks local parts that begin with a dot, slash, or vertical bar, but - # allows these characters within the local part. However, the sequence /../ - # is barred. The use of @ % and ! is blocked, as before. The motivation here - # is to prevent your users (or your users' viruses) from mounting certain - # kinds of attack on remote sites. - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - ############################################################################# - - # Accept mail to postmaster in any local domain, regardless of the source, - # and without verifying the sender. - - accept local_parts = postmaster - domains = +local_domains - - # Deny unless the sender address can be verified. - - require verify = sender - - # Accept if the message arrived over an authenticated connection, from - # any host. Again, these messages are usually from MUAs, so recipient - # verification is omitted, and submission mode is set. And again, we do this - # check before any black list tests. - - accept authenticated = * - control = submission/domain= - control = dkim_disable_verify - - # Accept if the message comes from one of the hosts for which we are an - # outgoing relay. It is assumed that such hosts are most likely to be MUAs, - # so we set control=submission to make Exim treat the message as a - # submission. It will fix up various errors in the message, for example, the - # lack of a Date: header line. If you are actually relaying out out from - # MTAs, you may want to disable this. If you are handling both relaying from - # MTAs and submissions from MUAs you should probably split them into two - # lists, and handle them differently. - - # Recipient verification is omitted here, because in many cases the clients - # are dumb MUAs that don't cope well with SMTP error responses. If you are - # actually relaying out from MTAs, you should probably add recipient - # verification here. - - # Note that, by putting this test before any DNS black list checks, you will - # always accept from these hosts, even if they end up on a black list. The - # assumption is that they are your friends, and if they get onto a black - # list, it is a mistake. - - accept hosts = +relay_from_hosts - control = submission - control = dkim_disable_verify - - # Insist that any other recipient address that we accept is either in one of - # our local domains, or is in a domain for which we explicitly allow - # relaying. Any other domain is rejected as being unacceptable for relaying. - - require message = relay not permitted - domains = +local_domains : +relay_to_domains - - # We also require all accepted addresses to be verifiable. This check will - # do local part verification for local domains, but only check the domain - # for remote domains. The only way to check local parts for the remote - # relay domains is to use a callout (add /callout), but please read the - # documentation about callouts before doing this. - - require verify = recipient - - ############################################################################# - # There are no default checks on DNS black lists because the domains that - # contain these lists are changing all the time. However, here are two - # examples of how you can get Exim to perform a DNS black list lookup at this - # point. The first one denies, whereas the second just warns. - # - # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text - # dnslists = black.list.example - # - # warn dnslists = black.list.example - # add_header = X-Warning: $sender_host_address is in a black list at $dnslist_domain - # log_message = found in $dnslist_domain - ############################################################################# - - ############################################################################# - # This check is commented out because it is recognized that not every - # sysadmin will want to do it. If you enable it, the check performs - # Client SMTP Authorization (csa) checks on the sending host. These checks - # do DNS lookups for SRV records. The CSA proposal is currently (May 2005) - # an Internet draft. You can, of course, add additional conditions to this - # ACL statement to restrict the CSA checks to certain hosts only. - # - # require verify = csa - ############################################################################# - - # At this point, the address has passed all the checks that have been - # configured, so we accept it unconditionally. - - accept - - -# This ACL is used after the contents of a message have been received. This -# is the ACL in which you can test a message's headers or body, and in -# particular, this is where you can invoke external virus or spam scanners. -# Some suggested ways of configuring these tests are shown below, commented -# out. Without any tests, this ACL accepts all messages. If you want to use -# such tests, you must ensure that Exim is compiled with the content-scanning -# extension (WITH_CONTENT_SCAN=yes in Local/Makefile). - -acl_check_data: - - # Deny if the message contains a virus. Before enabling this check, you - # must install a virus scanner and set the av_scanner option above. - # - # deny malware = * - # message = This message contains a virus ($malware_name). - - # Add headers to a message if it is judged to be spam. Before enabling this, - # you must install SpamAssassin. You may also need to set the spamd_address - # option above. - # - # warn spam = nobody - # add_header = X-Spam_score: $spam_score\n\ - # X-Spam_score_int: $spam_score_int\n\ - # X-Spam_bar: $spam_bar\n\ - # X-Spam_report: $spam_report - - # Accept the message. - - accept - - -###################################################################### -# ROUTERS CONFIGURATION # -# Specifies how addresses are handled # -###################################################################### -# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # -# An address is passed to each router in turn until it is accepted. # -###################################################################### - -begin routers - -<% if mailman_domains.length > 0 -%> -# Pick up on messages from our local mailman and route them via our -# special VERP-enabled transport -# -mailman_verp_router: -driver = dnslookup -# we only consider messages sent in through loopback -condition = ${if or{{eq{$sender_host_address}{127.0.0.1}} \ - {eq{$sender_host_address}{::1}}}{yes}{no}} -# we do not do this for traffic going to the local machine -domains = !+local_domains:!+mm_domains -ignore_target_hosts = <; 0.0.0.0; \ - 64.94.110.11; \ - 127.0.0.0/8; \ - ::1/128;fe80::/10;fe \ - c0::/10;ff00::/8 -# only the un-VERPed bounce addresses are handled -senders = "*-bounces@*" -transport = mailman_verp_smtp - -mailman_router: - driver = accept - domains = +mm_domains - require_files = MM_LISTCHK - local_part_suffix_optional - local_part_suffix = -admin : \ - -bounces : -bounces+* : \ - -confirm : -confirm+* : \ - -join : -leave : \ - -owner : -request : \ - -subscribe : -unsubscribe - transport = mailman_transport -<% end -%> - -# This router routes to remote hosts over SMTP by explicit IP address, -# when an email address is given in "domain literal" form, for example, -# . The RFCs require this facility. However, it is -# little-known these days, and has been exploited by evil people seeking -# to abuse SMTP relays. Consequently it is commented out in the default -# configuration. If you uncomment this router, you also need to uncomment -# allow_domain_literals above, so that Exim can recognize the syntax of -# domain literal addresses. - -# domain_literal: -# driver = ipliteral -# domains = ! +local_domains -# transport = remote_smtp - - -# This router routes addresses that are not in local domains by doing a DNS -# lookup on the domain name. The exclamation mark that appears in "domains = ! -# +local_domains" is a negating operator, that is, it can be read as "not". The -# recipient's domain must not be one of those defined by "domainlist -# local_domains" above for this router to be used. -# -# If the router is used, any domain that resolves to 0.0.0.0 or to a loopback -# interface address (127.0.0.0/8) is treated as if it had no DNS entry. Note -# that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated as the -# local host inside the network stack. It is not 0.0.0.0/0, the default route. -# If the DNS lookup fails, no further routers are tried because of the no_more -# setting, and consequently the address is unrouteable. - -dnslookup: - driver = dnslookup - domains = ! +local_domains - transport = remote_smtp - ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 - no_more - -# The remaining routers handle addresses in the local domain(s), that is those -# domains that are defined by "domainlist local_domains" above. - - -# This router handles aliasing using a linearly searched alias file with the -# name SYSTEM_ALIASES_FILE. When this configuration is installed automatically, -# the name gets inserted into this file from whatever is set in Exim's -# build-time configuration. The default path is the traditional /etc/aliases. -# If you install this configuration by hand, you need to specify the correct -# path in the "data" setting below. -# -##### NB You must ensure that the alias file exists. It used to be the case -##### NB that every Unix had that file, because it was the Sendmail default. -##### NB These days, there are systems that don't have it. Your aliases -##### NB file should at least contain an alias for "postmaster". -# -# If any of your aliases expand to pipes or files, you will need to set -# up a user and a group for these deliveries to run under. You can do -# this by uncommenting the "user" option below (changing the user name -# as appropriate) and adding a "group" option if necessary. Alternatively, you -# can specify "user" on the transports that are used. Note that the transports -# listed below are the same as are used for .forward files; you might want -# to set up different ones for pipe and file deliveries from aliases. - -system_aliases: - driver = redirect - allow_fail - allow_defer - data = ${lookup{$local_part}lsearch{/etc/aliases}} -# user = exim - file_transport = address_file - pipe_transport = address_pipe - -# .forward files are not supported --jeblair - -# This router matches local user mailboxes. If the router fails, the error -# message is "Unknown user". - -# If you want this router to treat local parts with suffixes introduced by "-" -# or "+" characters as if the suffixes did not exist, uncomment the two local_ -# part_suffix options. Then, for example, xxxx-foo@your.domain will be treated -# in the same way as xxxx@your.domain by this router. - -localuser: - driver = accept - check_local_user -# local_part_suffix = +* : -* -# local_part_suffix_optional - transport = local_delivery - cannot_route_message = Unknown user - - -###################################################################### -# TRANSPORTS CONFIGURATION # -###################################################################### -# ORDER DOES NOT MATTER # -# Only one appropriate transport is called for each delivery. # -###################################################################### - -# A transport is used only when referenced from a router that successfully -# handles an address. - -begin transports - - -# This transport is used for delivering messages over SMTP connections. - -remote_smtp: - driver = smtp - - -# This transport is used for local delivery to user mailboxes in traditional -# BSD mailbox format. By default it will be run under the uid and gid of the -# local user, and requires the sticky bit to be set on the /var/mail directory. -# Some systems use the alternative approach of running mail deliveries under a -# particular group instead of using the sticky bit. The commented options below -# show how this can be done. - -local_delivery: - driver = appendfile - file = /var/mail/$local_part - delivery_date_add - envelope_to_add - return_path_add - group = mail - mode = 0660 - - -# This transport is used for handling pipe deliveries generated by alias or -# .forward files. If the pipe generates any standard output, it is returned -# to the sender of the message as a delivery error. Set return_fail_output -# instead of return_output if you want this to happen only when the pipe fails -# to complete normally. You can set different transports for aliases and -# forwards if you want to - see the references to address_pipe in the routers -# section above. - -address_pipe: - driver = pipe - return_output - - -# This transport is used for handling deliveries directly to files that are -# generated by aliasing or forwarding. - -address_file: - driver = appendfile - delivery_date_add - envelope_to_add - return_path_add - - -# This transport is used for handling autoreplies generated by the filtering -# option of the userforward router. - -address_reply: - driver = autoreply - -<% if mailman_domains.length > 0 -%> -mailman_transport: - driver = pipe - command = MM_WRAP \ - '${if def:local_part_suffix \ - {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ - {post}}' \ - $local_part - current_directory = MM_HOME - home_directory = MM_HOME - user = MM_UID - group = MM_GID - -# Mailman VERP envelope sender address formatting. This seems not to use -# quoted-printable encoding of the address, but instead just replaces the -# '@' in the recipient address with '='. -# -mailman_verp_smtp: - driver = smtp -# put recipient address into return_path - return_path = \ - ${local_part:$return_path}+$local_part=$domain@${domain:$return_path} -# must restrict to one recipient at a time - max_rcpt = 1 -# Errors-To: may carry old return_path - headers_remove = Errors-To - headers_add = Errors-To: ${return_path} -<% end -%> - -###################################################################### -# RETRY CONFIGURATION # -###################################################################### - -begin retry - -# This single retry rule applies to all domains and all errors. It specifies -# retries every 15 minutes for 2 hours, then increasing retry intervals, -# starting at 1 hour and increasing each time by a factor of 1.5, up to 16 -# hours, then retries every 6 hours until 4 days have passed since the first -# failed delivery. - -# WARNING: If you do not have any retry rules at all (this section of the -# configuration is non-existent or empty), Exim will not do any retries of -# messages that fail to get delivered at the first attempt. The effect will -# be to treat temporary errors as permanent. Therefore, DO NOT remove this -# retry rule unless you really don't want any retries. - -# Address or Domain Error Retries -# ----------------- ----- ------- - -* * F,2h,15m; G,16h,1h,1.5; F,4d,6h - - - -###################################################################### -# REWRITE CONFIGURATION # -###################################################################### - -# There are no rewriting specifications in this default configuration file. - -begin rewrite - - - -###################################################################### -# AUTHENTICATION CONFIGURATION # -###################################################################### - -# The following authenticators support plaintext username/password -# authentication using the standard PLAIN mechanism and the traditional -# but non-standard LOGIN mechanism, with Exim acting as the server. -# PLAIN and LOGIN are enough to support most MUA software. -# -# These authenticators are not complete: you need to change the -# server_condition settings to specify how passwords are verified. -# They are set up to offer authentication to the client only if the -# connection is encrypted with TLS, so you also need to add support -# for TLS. See the global configuration options section at the start -# of this file for more about TLS. -# -# The default RCPT ACL checks for successful authentication, and will accept -# messages from authenticated users from anywhere on the Internet. - -begin authenticators - -# PLAIN authentication has no server prompts. The client sends its -# credentials in one lump, containing an authorization ID (which we do not -# use), an authentication ID, and a password. The latter two appear as -# $auth2 and $auth3 in the configuration and should be checked against a -# valid username and password. In a real configuration you would typically -# use $auth2 as a lookup key, and compare $auth3 against the result of the -# lookup, perhaps using the crypteq{}{} condition. - -#PLAIN: -# driver = plaintext -# server_set_id = $auth2 -# server_prompts = : -# server_condition = Authentication is not yet configured -# server_advertise_condition = ${if def:tls_cipher } - -# LOGIN authentication has traditional prompts and responses. There is no -# authorization ID in this mechanism, so unlike PLAIN the username and -# password are $auth1 and $auth2. Apart from that you can use the same -# server_condition setting for both authenticators. - -#LOGIN: -# driver = plaintext -# server_set_id = $auth1 -# server_prompts = <| Username: | Password: -# server_condition = Authentication is not yet configured -# server_advertise_condition = ${if def:tls_cipher } - -###################################################################### -# CONFIGURATION FOR local_scan() # -###################################################################### - -# If you have built Exim to include a local_scan() function that contains -# tables for private options, you can define those options here. Remember to -# uncomment the "begin" line. It is commented by default because it provokes -# an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS -# set in the Local/Makefile. - -# begin local_scan - - -# End of Exim configuration file diff --git a/modules/gerrit/files/gerritcodereview.default b/modules/gerrit/files/gerritcodereview.default deleted file mode 100644 index 8eb82bd..0000000 --- a/modules/gerrit/files/gerritcodereview.default +++ /dev/null @@ -1 +0,0 @@ -GERRIT_SITE=/home/gerrit2/review_site diff --git a/modules/gerrit/files/scripts/expire_old_reviews.py b/modules/gerrit/files/scripts/expire_old_reviews.py deleted file mode 100644 index f9e908a..0000000 --- a/modules/gerrit/files/scripts/expire_old_reviews.py +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2012 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This script is designed to expire old code reviews that have not been touched -# using the following rules: -# 1. if open and no activity in 2 weeks, expire -# 2. if negative comment and no activity in 1 week, expire - -import paramiko -import json -import logging -import argparse - -parser = argparse.ArgumentParser() -parser.add_argument('user', help='The gerrit admin user') -parser.add_argument('ssh_key', help='The gerrit admin SSH key file') -options = parser.parse_args() - -GERRIT_USER = options.user -GERRIT_SSH_KEY = options.ssh_key - -logging.basicConfig(format='%(asctime)-6s: %(name)s - %(levelname)s - %(message)s', filename='/var/log/gerrit/expire_reviews.log') -logger= logging.getLogger('expire_reviews') -logger.setLevel(logging.INFO) - -logger.info('Starting expire reviews') -logger.info('Connecting to Gerrit') - -ssh = paramiko.SSHClient() -ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) -ssh.connect('localhost', username=GERRIT_USER, key_filename=GERRIT_SSH_KEY, port=29418) - -def expire_patch_set(patch_id, patch_subject, has_negative): - if has_negative: - message= 'code review expired after 1 week of no activity after a negative review, it can be restored using the \`Restore Change\` button under the Patch Set on the web interface' - else: - message= 'code review expired after 2 weeks of no activity, it can be restored using the \`Restore Change\` button under the Patch Set on the web interface' - command='gerrit review --abandon --message="{0}" {1}'.format(message, patch_id) - logger.info('Expiring: %s - %s: %s', patch_id, patch_subject, message) - stdin, stdout, stderr = ssh.exec_command(command) - if stdout.channel.recv_exit_status() != 0: - logger.error(stderr.read()) - -# Query all open with no activity for 2 weeks -logger.info('Searching no activity for 2 weeks') -stdin, stdout, stderr = ssh.exec_command('gerrit query --current-patch-set --format JSON status:open age:2w') - -for line in stdout: - row= json.loads(line) - if not row.has_key('rowCount'): - expire_patch_set(row['currentPatchSet']['revision'], row['subject'], False) - -# Query all reviewed with no activity for 1 week -logger.info('Searching no activity on negative review for 1 week') -stdin, stdout, stderr = ssh.exec_command('gerrit query --current-patch-set --all-approvals --format JSON status:reviewed age:1w') - -for line in stdout: - row= json.loads(line) - if not row.has_key('rowCount'): - # Search for negative approvals - for approval in row['currentPatchSet']['approvals']: - if approval['value'] == '-1': - expire_patch_set(row['currentPatchSet']['revision'], row['subject'], True) - break - -logger.info('End expire review') diff --git a/modules/gerrit/files/scripts/fetch_remotes.py b/modules/gerrit/files/scripts/fetch_remotes.py deleted file mode 100755 index 4dda133..0000000 --- a/modules/gerrit/files/scripts/fetch_remotes.py +++ /dev/null @@ -1,70 +0,0 @@ -#! /usr/bin/env python -# Copyright (C) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Fetch remotes reads a project config file called projects.yaml -# It should look like: - -# - project: PROJECT_NAME -# options: -# - remote: https://gerrit.googlesource.com/gerrit - - -import logging -import os -import subprocess -import shlex -import yaml - -def run_command(cmd, status=False, env={}): - cmd_list = shlex.split(str(cmd)) - newenv = os.environ - newenv.update(env) - p = subprocess.Popen(cmd_list, stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, env=newenv) - (out, nothing) = p.communicate() - if status: - return (p.returncode, out.strip()) - return out.strip() - - -def run_command_status(cmd, env={}): - return run_command(cmd, True, env) - - -logging.basicConfig(level=logging.ERROR) - -REPO_ROOT = os.environ.get('REPO_ROOT', - '/home/gerrit2/review_site/git') -PROJECTS_YAML = os.environ.get('PROJECTS_YAML', - '/home/gerrit2/projects.yaml') - -config = yaml.load(open(PROJECTS_YAML)) - -for section in config: - project = section['project'] - - if 'remote' not in section: - continue - - project_git = "%s.git" % project - os.chdir(os.path.join(REPO_ROOT, project_git)) - - # Make sure that the specified remote exists - remote_url = section['remote'] - # We could check if it exists first, but we're ignoring output anyway - # So just try to make it, and it'll either make a new one or do nothing - run_command("git remote add -f upstream %s" % remote_url) - # Fetch new revs from it - run_command("git remote update upstream") diff --git a/modules/gerrit/files/scripts/get_group_uuid.py b/modules/gerrit/files/scripts/get_group_uuid.py deleted file mode 100644 index 335e944..0000000 --- a/modules/gerrit/files/scripts/get_group_uuid.py +++ /dev/null @@ -1,29 +0,0 @@ -import argparse -import paramiko -import json - -parser = argparse.ArgumentParser() -parser.add_argument("--host", dest="host", default="review.openstack.org", - help="gerrit host to connect to") -parser.add_argument("--port", dest="port", action='store', type=int, - default=29418, help="gerrit port to connect to") -parser.add_argument("groups", nargs=1) - -options = parser.parse_args() - - -client = paramiko.SSHClient() -client.load_system_host_keys() -client.set_missing_host_key_policy(paramiko.WarningPolicy()) -client.connect(options.host, port=options.port) - -group = options.groups[0] -query = "select group_uuid from account_groups where name = '%s'" % group -command = 'gerrit gsql --format JSON -c "%s"' % query -stdin, stdout, stderr = client.exec_command(command) - -for line in stdout: - row = json.loads(line) - if row['type'] == 'row': - print row['columns']['group_uuid'] - ret = stdout.channel.recv_exit_status() diff --git a/modules/gerrit/files/scripts/make_local_repos.py b/modules/gerrit/files/scripts/make_local_repos.py deleted file mode 100755 index f598446..0000000 --- a/modules/gerrit/files/scripts/make_local_repos.py +++ /dev/null @@ -1,67 +0,0 @@ -#! /usr/bin/env python -# Copyright (C) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Make local repos reads a project config file called projects.yaml -# It should look like: - -# - project: PROJECT_NAME -# options: -# - close-pull -# remote: https://gerrit.googlesource.com/gerrit - -# TODO: add support for -# ssh -p 29418 localhost gerrit -name create-project PROJECT - -import logging -import os -import subprocess -import sys -import shlex -import yaml - -def run_command(cmd, status=False, env={}): - cmd_list = shlex.split(str(cmd)) - newenv = os.environ - newenv.update(env) - p = subprocess.Popen(cmd_list, stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, env=newenv) - (out, nothing) = p.communicate() - if status: - return (p.returncode, out.strip()) - return out.strip() - - -def run_command_status(cmd, env={}): - return run_command(cmd, True, env) - - -logging.basicConfig(level=logging.ERROR) - -REPO_ROOT = sys.argv[1] -PROJECTS_YAML = os.environ.get('PROJECTS_YAML', - '/home/gerrit2/projects.yaml') - -config = yaml.load(open(PROJECTS_YAML)) - -for section in config: - project = section['project'] - - project_git = "%s.git" % project - project_dir = os.path.join(REPO_ROOT, project_git) - - if os.path.exists(project_dir): - continue - - run_command("git --bare init --shared=group %s" % project_dir) diff --git a/modules/gerrit/files/scripts/notify_doc_impact.py b/modules/gerrit/files/scripts/notify_doc_impact.py deleted file mode 100755 index 1d312ae..0000000 --- a/modules/gerrit/files/scripts/notify_doc_impact.py +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2012 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is designed to be called by a gerrit hook. It searched new -# patchsets for strings like "bug FOO" and updates corresponding Launchpad -# bugs status. - -import argparse -import re -import subprocess -import smtplib - -from email.mime.text import MIMEText - -BASE_DIR = '/home/gerrit2/review_site' -EMAIL_TEMPLATE = """ -Hi, I'd like you to take a look at this patch for potential -documentation impact. -%s - -Log: -%s -""" -DEST_ADDRESS = 'openstack-docs@lists.openstack.org' - -def process_impact(git_log, args): - """Notify doc team of doc impact""" - email_content = EMAIL_TEMPLATE % (args.change_url, git_log) - msg = MIMEText(email_content) - msg['Subject'] = '[%s] DocImpact review request' % args.project - msg['From'] = 'gerrit2@review.openstack.org' - msg['To'] = DEST_ADDRESS - - s = smtplib.SMTP('localhost') - s.sendmail('gerrit2@review.openstack.org', DEST_ADDRESS, msg.as_string()) - s.quit() - -def docs_impacted(git_log): - """Determine if a changes log indicates there is a doc impact""" - impact_regexp = r'DocImpact' - return re.search(impact_regexp, git_log, re.IGNORECASE) - -def extract_git_log(args): - """Extract git log of all merged commits""" - cmd = ['git', - '--git-dir=' + BASE_DIR + '/git/' + args.project + '.git', - 'log', '--no-merges', args.commit + '^1..' + args.commit] - return subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate()[0] - - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument('hook') - #common - parser.add_argument('--change', default=None) - parser.add_argument('--change-url', default=None) - parser.add_argument('--project', default=None) - parser.add_argument('--branch', default=None) - parser.add_argument('--commit', default=None) - #change-merged - parser.add_argument('--submitter', default=None) - #patchset-created - parser.add_argument('--uploader', default=None) - parser.add_argument('--patchset', default=None) - - args = parser.parse_args() - - # Get git log - git_log = extract_git_log(args) - - # Process doc_impacts found in git log - if docs_impacted(git_log): - process_impact(git_log, args) - - -if __name__ == '__main__': - main() diff --git a/modules/gerrit/files/scripts/update_blueprint.py b/modules/gerrit/files/scripts/update_blueprint.py deleted file mode 100755 index 9c18f1d..0000000 --- a/modules/gerrit/files/scripts/update_blueprint.py +++ /dev/null @@ -1,139 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is designed to be called by a gerrit hook. It searched new -# patchsets for strings like "blueprint FOO" or "bp FOO" and updates -# corresponding Launchpad blueprints with links back to the change. - -from launchpadlib.launchpad import Launchpad -from launchpadlib.uris import LPNET_SERVICE_ROOT -import os -import argparse -import re -import subprocess - -import StringIO -import ConfigParser -import MySQLdb - -BASE_DIR = '/home/gerrit2/review_site' -GERRIT_CACHE_DIR = os.path.expanduser(os.environ.get('GERRIT_CACHE_DIR', - '~/.launchpadlib/cache')) -GERRIT_CREDENTIALS = os.path.expanduser(os.environ.get('GERRIT_CREDENTIALS', - '~/.launchpadlib/creds')) -GERRIT_CONFIG = os.environ.get('GERRIT_CONFIG', - '/home/gerrit2/review_site/etc/gerrit.config') -GERRIT_SECURE_CONFIG = os.environ.get('GERRIT_SECURE_CONFIG', - '/home/gerrit2/review_site/etc/secure.config') -SPEC_RE = re.compile(r'(blueprint|bp)\s*[#:]?\s*(\S+)', re.I) -BODY_RE = re.compile(r'^\s+.*$') - -def get_broken_config(filename): - """ gerrit config ini files are broken and have leading tabs """ - text = "" - with open(filename,"r") as conf: - for line in conf.readlines(): - text = "%s%s" % (text, line.lstrip()) - - fp = StringIO.StringIO(text) - c=ConfigParser.ConfigParser() - c.readfp(fp) - return c - -GERRIT_CONFIG = get_broken_config(GERRIT_CONFIG) -SECURE_CONFIG = get_broken_config(GERRIT_SECURE_CONFIG) -DB_USER = GERRIT_CONFIG.get("database", "username") -DB_PASS = SECURE_CONFIG.get("database","password") -DB_DB = GERRIT_CONFIG.get("database","database") - -def update_spec(launchpad, project, name, subject, link, topic=None): - # For testing, if a project doesn't match openstack/foo, use - # the openstack-ci project instead. - group, project = project.split('/') - if group != 'openstack': - project = 'openstack-ci' - - spec = launchpad.projects[project].getSpecification(name=name) - if not spec: return - - if spec.whiteboard: - wb = spec.whiteboard.strip() - else: - wb = '' - changed = False - if topic: - topiclink = '%s/#q,topic:%s,n,z' % (link[:link.find('/',8)], - topic) - if topiclink not in wb: - wb += "\n\n\nGerrit topic: %(link)s" % dict(link=topiclink) - changed = True - - if link not in wb: - wb += "\n\n\nAddressed by: %(link)s\n %(subject)s\n" % dict(subject=subject, - link=link) - changed = True - - if changed: - spec.whiteboard = wb - spec.lp_save() - -def find_specs(launchpad, dbconn, args): - git_log = subprocess.Popen(['git', - '--git-dir=' + BASE_DIR + '/git/' + args.project + '.git', - 'log', '--no-merges', - args.commit + '^1..' + args.commit], - stdout=subprocess.PIPE).communicate()[0] - - cur = dbconn.cursor() - cur.execute("select subject, topic from changes where change_key=%s", args.change) - subject, topic = cur.fetchone() - specs = set([m.group(2) for m in SPEC_RE.finditer(git_log)]) - - if topic: - topicspec = topic.split('/')[-1] - specs |= set([topicspec]) - - for spec in specs: - update_spec(launchpad, args.project, spec, subject, - args.change_url, topic) - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument('hook') - #common - parser.add_argument('--change', default=None) - parser.add_argument('--change-url', default=None) - parser.add_argument('--project', default=None) - parser.add_argument('--branch', default=None) - parser.add_argument('--commit', default=None) - #change-merged - parser.add_argument('--submitter', default=None) - # patchset-created - parser.add_argument('--uploader', default=None) - parser.add_argument('--patchset', default=None) - - args = parser.parse_args() - - launchpad = Launchpad.login_with('Gerrit User Sync', LPNET_SERVICE_ROOT, - GERRIT_CACHE_DIR, - credentials_file = GERRIT_CREDENTIALS, - version='devel') - - conn = MySQLdb.connect(user = DB_USER, passwd = DB_PASS, db = DB_DB) - - find_specs(launchpad, conn, args) - -if __name__ == '__main__': - main() diff --git a/modules/gerrit/files/scripts/update_bug.py b/modules/gerrit/files/scripts/update_bug.py deleted file mode 100755 index 72d1a46..0000000 --- a/modules/gerrit/files/scripts/update_bug.py +++ /dev/null @@ -1,238 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# This is designed to be called by a gerrit hook. It searched new -# patchsets for strings like "bug FOO" and updates corresponding Launchpad -# bugs status. - -from launchpadlib.launchpad import Launchpad -from launchpadlib.uris import LPNET_SERVICE_ROOT -import os -import argparse -import re -import subprocess - - -BASE_DIR = '/home/gerrit2/review_site' -GERRIT_CACHE_DIR = os.path.expanduser(os.environ.get('GERRIT_CACHE_DIR', - '~/.launchpadlib/cache')) -GERRIT_CREDENTIALS = os.path.expanduser(os.environ.get('GERRIT_CREDENTIALS', - '~/.launchpadlib/creds')) - - -def add_change_proposed_message(bugtask, change_url, project, branch): - subject = 'Fix proposed to %s (%s)' % (short_project(project), branch) - body = 'Fix proposed to branch: %s\nReview: %s' % (branch, change_url) - bugtask.bug.newMessage(subject=subject, content=body) - - -def add_change_merged_message(bugtask, change_url, project, commit, - submitter, branch, git_log): - subject = 'Fix merged to %s (%s)' % (short_project(project), branch) - git_url = 'http://github.com/%s/commit/%s' % (project, commit) - body = '''Reviewed: %s -Committed: %s -Submitter: %s -Branch: %s\n''' % (change_url, git_url, submitter, branch) - body = body + '\n' + git_log - bugtask.bug.newMessage(subject=subject, content=body) - - -def set_in_progress(bugtask, launchpad, uploader, change_url): - """Set bug In progress with assignee being the uploader""" - - # Retrieve uploader from Launchpad. Use email as search key if - # provided, and only set if there is a clear match. - try: - searchkey = uploader[uploader.rindex("(") + 1:-1] - except ValueError: - searchkey = uploader - persons = launchpad.people.findPerson(text=searchkey) - if len(persons) == 1: - bugtask.assignee = persons[0] - - bugtask.status = "In Progress" - bugtask.lp_save() - - -def set_fix_committed(bugtask): - """Set bug fix committed""" - - bugtask.status = "Fix Committed" - bugtask.lp_save() - - -def set_fix_released(bugtask): - """Set bug fix released""" - - bugtask.status = "Fix Released" - bugtask.lp_save() - - -def release_fixcommitted(bugtask): - """Set bug FixReleased if it was FixCommitted""" - - if bugtask.status == u'Fix Committed': - set_fix_released(bugtask) - - -def tag_in_branchname(bugtask, branch): - """Tag bug with in-branch-name tag (if name is appropriate)""" - - lp_bug = bugtask.bug - branch_name = branch.replace('/', '-') - if branch_name.replace('-', '').isalnum(): - lp_bug.tags = lp_bug.tags + ["in-%s" % branch_name] - lp_bug.tags.append("in-%s" % branch_name) - lp_bug.lp_save() - - -def short_project(full_project_name): - """Return the project part of the git repository name""" - return full_project_name.split('/')[-1] - - -def git2lp(full_project_name): - """Convert Git repo name to Launchpad project""" - project_map = { - 'openstack/openstack-ci-puppet': 'openstack-ci', - 'openstack-ci/devstack-gate': 'openstack-ci', - 'openstack-ci/gerrit': 'openstack-ci', - 'openstack-ci/lodgeit': 'openstack-ci', - 'openstack-ci/meetbot': 'openstack-ci', - } - return project_map.get(full_project_name, short_project(full_project_name)) - - -def is_direct_release(full_project_name): - """Test against a list of projects who directly release changes.""" - return full_project_name in [ - 'openstack-ci/devstack-gate', - 'openstack-ci/lodgeit', - 'openstack-ci/meetbot', - 'openstack-dev/devstack', - 'openstack/openstack-ci', - 'openstack/openstack-ci-puppet', - 'openstack/openstack-manuals', - ] - - -def process_bugtask(launchpad, bugtask, git_log, args): - """Apply changes to bugtask, based on hook / branch...""" - - if args.hook == "change-merged": - if args.branch == 'master': - if is_direct_release(args.project): - set_fix_released(bugtask) - else: - set_fix_committed(bugtask) - elif args.branch == 'milestone-proposed': - release_fixcommitted(bugtask) - elif args.branch.startswith('stable/'): - series = args.branch[7:] - # Look for a related task matching the series - for reltask in bugtask.related_tasks: - if reltask.bug_target_name.endswith("/" + series): - # Use fixcommitted if there is any - set_fix_committed(reltask) - break - else: - # Use tagging if there isn't any - tag_in_branchname(bugtask, args.branch) - - add_change_merged_message(bugtask, args.change_url, args.project, - args.commit, args.submitter, args.branch, - git_log) - - if args.hook == "patchset-created": - if args.branch == 'master': - set_in_progress(bugtask, launchpad, args.uploader, args.change_url) - elif args.branch.startswith('stable/'): - series = args.branch[7:] - for reltask in bugtask.related_tasks: - if reltask.bug_target_name.endswith("/" + series): - set_in_progress(reltask, launchpad, - args.uploader, args.change_url) - break - - if args.patchset == '1': - add_change_proposed_message(bugtask, args.change_url, - args.project, args.branch) - - -def find_bugs(launchpad, git_log, args): - """Find bugs referenced in the git log and return related bugtasks""" - - bug_regexp = r'([Bb]ug|[Ll][Pp])[\s#:]*(\d+)' - tokens = re.split(bug_regexp, git_log) - - # Extract unique bug tasks - bugtasks = {} - for token in tokens: - if re.match('^\d+$', token) and (token not in bugtasks): - try: - lp_bug = launchpad.bugs[token] - for lp_task in lp_bug.bug_tasks: - if lp_task.bug_target_name == git2lp(args.project): - bugtasks[token] = lp_task - break - except KeyError: - # Unknown bug - pass - - return bugtasks.values() - - -def extract_git_log(args): - """Extract git log of all merged commits""" - cmd = ['git', - '--git-dir=' + BASE_DIR + '/git/' + args.project + '.git', - 'log', '--no-merges', args.commit + '^1..' + args.commit] - return subprocess.Popen(cmd, stdout=subprocess.PIPE).communicate()[0] - - -def main(): - parser = argparse.ArgumentParser() - parser.add_argument('hook') - #common - parser.add_argument('--change', default=None) - parser.add_argument('--change-url', default=None) - parser.add_argument('--project', default=None) - parser.add_argument('--branch', default=None) - parser.add_argument('--commit', default=None) - #change-merged - parser.add_argument('--submitter', default=None) - #patchset-created - parser.add_argument('--uploader', default=None) - parser.add_argument('--patchset', default=None) - - args = parser.parse_args() - - # Connect to Launchpad - launchpad = Launchpad.login_with('Gerrit User Sync', LPNET_SERVICE_ROOT, - GERRIT_CACHE_DIR, - credentials_file=GERRIT_CREDENTIALS, - version='devel') - - # Get git log - git_log = extract_git_log(args) - - # Process bugtasks found in git log - for bugtask in find_bugs(launchpad, git_log, args): - process_bugtask(launchpad, bugtask, git_log, args) - - -if __name__ == '__main__': - main() diff --git a/modules/gerrit/files/scripts/update_cla_group.py b/modules/gerrit/files/scripts/update_cla_group.py deleted file mode 100755 index d418cf0..0000000 --- a/modules/gerrit/files/scripts/update_cla_group.py +++ /dev/null @@ -1,71 +0,0 @@ -#! /usr/bin/env python -# Copyright (C) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Add launchpad ids listed in the wiki CLA page to the CLA group in LP. - -import os -import urllib -import re - -from launchpadlib.launchpad import Launchpad -from launchpadlib.uris import LPNET_SERVICE_ROOT - -DEBUG = False - -LP_CACHE_DIR = '~/.launchpadlib/cache' -LP_CREDENTIALS = '~/.launchpadlib/creds' -CONTRIBUTOR_RE = re.compile(r'.*?\|\|\s*(?P.*?)\s*\|\|\s*(?P.*?)\s*\|\|\s*(?P.*?)\s*\|\|.*?') -LINK_RE = re.compile(r'\[\[.*\|\s*(?P.*)\s*\]\]') - -for check_path in (os.path.dirname(LP_CACHE_DIR), - os.path.dirname(LP_CREDENTIALS)): - if not os.path.exists(check_path): - os.makedirs(check_path) - -wiki_members = [] -for line in urllib.urlopen('http://wiki.openstack.org/Contributors?action=raw'): - m = CONTRIBUTOR_RE.match(line) - if m and m.group('login') and m.group('trans'): - login = m.group('login') - if login=="<#c0c0c0>'''Launchpad ID'''": continue - l = LINK_RE.match(login) - if l: - login = l.group('name') - wiki_members.append(login) - -launchpad = Launchpad.login_with('CLA Team Sync', LPNET_SERVICE_ROOT, - LP_CACHE_DIR, - credentials_file = LP_CREDENTIALS) - -lp_members = [] - -team = launchpad.people['openstack-cla'] -for detail in team.members_details: - user = None - # detail.self_link == - # 'https://api.launchpad.net/1.0/~team/+member/${username}' - login = detail.self_link.split('/')[-1] - status = detail.status - lp_members.append(login) - -for wm in wiki_members: - if wm not in lp_members: - print "Need to add %s to LP" % (wm) - try: - person = launchpad.people[wm] - except: - print 'Unable to find %s on LP'%wm - continue - status = team.addMember(person=person, status="Approved") diff --git a/modules/gerrit/manifests/cron.pp b/modules/gerrit/manifests/cron.pp deleted file mode 100644 index 0698eb2..0000000 --- a/modules/gerrit/manifests/cron.pp +++ /dev/null @@ -1,31 +0,0 @@ -class gerrit::cron( - $script_user='update', - $script_key_file='/home/gerrit2/.ssh/id_rsa' - ) { - - cron { "expireoldreviews": - user => gerrit2, - hour => 6, - minute => 3, - command => "python /usr/local/gerrit/scripts/expire_old_reviews.py ${script_user} ${script_key_file}", - require => File['/usr/local/gerrit/scripts'], - } - - cron { "gerrit_repack": - user => gerrit2, - weekday => 0, - hour => 4, - minute => 7, - command => 'find /home/gerrit2/review_site/git/ -type d -name "*.git" -print -exec git --git-dir="{}" repack -afd \;', - environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin", - } - - cron { "removedbdumps": - user => gerrit2, - hour => 5, - minute => 1, - command => 'find /home/gerrit2/dbupdates/ -name "*.sql.gz" -mtime +30 -exec rm -f {} \;', - environment => "PATH=/usr/bin:/bin:/usr/sbin:/sbin", - } - -} diff --git a/modules/gerrit/manifests/init.pp b/modules/gerrit/manifests/init.pp deleted file mode 100644 index 219a6a9..0000000 --- a/modules/gerrit/manifests/init.pp +++ /dev/null @@ -1,393 +0,0 @@ -# Install and maintain Gerrit Code Review. -# params: -# vhost_name: -# used in the Apache virtual host, eg., review.example.com -# canonicalweburl: -# Used in the Gerrit config to generate links, eg., https://review.example.com/ -# ssl_cert_file: -# ssl_key_file: -# Used in the Apache virtual host to specify the SSL cert and key files. -# ssl_chain_file: -# Optional, if you have an intermediate cert Apache should serve. -# openidssourl: -# The URL to use for OpenID in SSO mode. -# email: -# The email address Gerrit should use when sending mail. -# database_poollimit: -# container_heaplimit: -# core_packedgitopenfiles: -# core_packedgitlimit: -# core_packedgitwindowsize: -# sshd_threads: -# httpd_acceptorthreads: -# httpd_minthreads: -# httpd_maxthreads: -# httpd_maxwait: -# Gerrit configuration options; see Gerrit docs. -# commentlinks: -# A list of regexes Gerrit should hyperlink. -# war: -# The URL of the Gerrit WAR that should be downloaded and installed. -# Note that only the final component is used for comparing to the most -# recently installed WAR. In other words, if you update the war from: -# -# http://tarballs.openstack.org/ci/gerrit.war -# to: -# http://somewhereelse.example.com/gerrit.war -# -# Gerrit won't be updated unless you delete gerrit.war from -# ~gerrit2/gerrit-wars. But if you change the URL from: -# -# http://tarballs.openstack.org/ci/gerrit-2.2.2.war -# to: -# http://tarballs.openstack.org/ci/gerrit-2.3.0.war -# Gerrit will be upgraded on the next puppet run. -# replicate_github: -# A boolean enabling replication to github -# replicate_local: -# A boolean enabling local replication for apache acceleration -# gitweb: -# A boolean enabling gitweb -# testmode: -# Set this to true to disable cron jobs and replication, -# which can interfere with testing. -# TODO: make more gerrit options configurable here - -class gerrit($vhost_name=$fqdn, - $canonicalweburl="https://$fqdn/", - $serveradmin="webmaster@$fqdn", - $ssl_cert_file='/etc/ssl/certs/ssl-cert-snakeoil.pem', - $ssl_key_file='/etc/ssl/private/ssl-cert-snakeoil.key', - $ssl_chain_file='', - $openidssourl="https://login.launchpad.net/+openid", - $email='', - $database_poollimit='', - $container_heaplimit='', - $core_packedgitopenfiles='', - $core_packedgitlimit='', - $core_packedgitwindowsize='', - $sshd_threads='', - $httpd_acceptorthreads='', - $httpd_minthreads='', - $httpd_maxthreads='', - $httpd_maxwait='', - $commentlinks = [], - $war, - $projects_file = 'UNDEF', - $enable_melody = 'false', - $melody_session = 'false', - $mysql_password, - $mysql_root_password, - $email_private_key, - $replicate_github=false, - $replicate_local=true, - $local_git_dir='/var/lib/git', - $replication_targets=[], - $gitweb=true, - $testmode=false - ) { - - include apache - - $java_home = $lsbdistcodename ? { - "precise" => "/usr/lib/jvm/java-6-openjdk-amd64/jre", - "oneiric" => "/usr/lib/jvm/java-6-openjdk/jre", - "natty" => "/usr/lib/jvm/java-6-openjdk/jre", - } - - user { "gerrit2": - ensure => present, - comment => "Gerrit", - home => "/home/gerrit2", - shell => "/bin/bash", - gid => "gerrit2", - managehome => true, - require => Group["gerrit2"] - } - - group { "gerrit2": - ensure => present - } - - if ($gitweb) { - package { "gitweb": - ensure => present - } - } - - $packages = ["openjdk-6-jre-headless"] - - package { $packages: - ensure => present, - } - - file { "/var/log/gerrit": - ensure => "directory", - owner => 'gerrit2' - } - - # Prepare gerrit directories. Even though some of these would be created - # by the init command, we can go ahead and create them now and populate them. - # That way the config files are already in place before init runs. - - file { "/home/gerrit2/review_site": - ensure => "directory", - owner => "gerrit2", - require => User["gerrit2"] - } - - file { "/home/gerrit2/review_site/etc": - ensure => "directory", - owner => "gerrit2", - require => File["/home/gerrit2/review_site"] - } - - file { "/home/gerrit2/review_site/bin": - ensure => "directory", - owner => "gerrit2", - require => File["/home/gerrit2/review_site"] - } - - file { "/home/gerrit2/review_site/static": - ensure => "directory", - owner => "gerrit2", - require => File["/home/gerrit2/review_site"] - } - - file { "/home/gerrit2/review_site/hooks": - ensure => "directory", - owner => "gerrit2", - require => File["/home/gerrit2/review_site"] - } - - # Skip replication if we're in test mode - if ($testmode == false) { - file { '/home/gerrit2/review_site/etc/replication.config': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - content => template('gerrit/replication.config.erb'), - replace => 'true', - require => File["/home/gerrit2/review_site/etc"] - } - } - - if ($projects_file != 'UNDEF') { - - if ($replicate_local) { - file { $local_git_dir: - ensure => "directory", - owner => "gerrit2", - } - } - - file { '/home/gerrit2/projects.yaml': - owner => 'gerrit2', - group => 'gerrit2', - mode => 444, - ensure => 'present', - source => $projects_file, - replace => true, - } - - exec { "make_local_repos": - user => 'gerrit2', - command => "/usr/local/gerrit/scripts/make_local_repos.py $local_git_dir", - subscribe => File["/home/gerrit2/projects.yaml"], - refreshonly => true, - require => File["/home/gerrit2/projects.yaml"] - } - - } - - # Gerrit sets these permissions in 'init'; don't fight them. - file { '/home/gerrit2/review_site/etc/gerrit.config': - owner => 'gerrit2', - group => 'gerrit2', - mode => 644, - ensure => 'present', - content => template('gerrit/gerrit.config.erb'), - replace => 'true', - require => File["/home/gerrit2/review_site/etc"] - } - - # Secret files. - - # Gerrit sets these permissions in 'init'; don't fight them. If - # these permissions aren't set correctly, gerrit init will write a - # new secure.config file and lose the mysql password. - file { '/home/gerrit2/review_site/etc/secure.config': - owner => 'gerrit2', - group => 'gerrit2', - mode => 600, - ensure => 'present', - content => template('gerrit/secure.config.erb'), - replace => 'true', - require => File["/home/gerrit2/review_site/etc"] - } - -# Set up MySQL. - - class {"mysql::server": - config_hash => { - 'root_password' => "${mysql_root_password}", - 'default_engine' => 'InnoDB', - 'bind_address' => '127.0.0.1', - } - } - include mysql::server::account_security - - mysql::db { "reviewdb": - user => "gerrit2", - password => "${mysql_password}", - host => "localhost", - grant => "all", - charset => "latin1", - } - -# Set up apache. - - apache::vhost { $vhost_name: - port => 443, - docroot => 'MEANINGLESS ARGUMENT', - priority => '50', - template => 'gerrit/gerrit.vhost.erb', - ssl => true, - } - a2mod { 'rewrite': - ensure => present - } - a2mod { 'proxy': - ensure => present - } - a2mod { 'proxy_http': - ensure => present - } - - # Install Gerrit itself. - - # The Gerrit WAR is specified as a url like 'http://tarballs.openstack.org/ci/gerrit-2.2.2-363-gd0a67ce.war' - # Set $basewar so that we can work with filenames like gerrit-2.2.2-363-gd0a67ce.war'. - - if $war =~ /.*\/(.*)/ { - $basewar = $1 - } else { - $basewar = $war - } - - # This directory is used to download and cache gerrit war files. - # That way the download and install steps are kept separate. - file { "/home/gerrit2/gerrit-wars": - ensure => "directory", - require => User["gerrit2"] - } - - # If we don't already have the specified WAR, download it. - exec { "download:$war": - command => "/usr/bin/wget $war -O /home/gerrit2/gerrit-wars/$basewar", - creates => "/home/gerrit2/gerrit-wars/$basewar", - require => File["/home/gerrit2/gerrit-wars"], - } - - # If gerrit.war isn't the same as $basewar, install it. - file { "/home/gerrit2/review_site/bin/gerrit.war": - source => "file:///home/gerrit2/gerrit-wars/$basewar", - require => Exec["download:$war"], - ensure => present, - replace => 'true', - # user, group, and mode have to be set this way to avoid retriggering gerrit-init on every run - # because gerrit init sets them this way - owner => 'gerrit2', - group => 'gerrit2', - mode => 644, - } - - - # If gerrit.war was just installed, run the Gerrit "init" command. - exec { "gerrit-initial-init": - user => 'gerrit2', - command => "/usr/bin/java -jar /home/gerrit2/review_site/bin/gerrit.war init -d /home/gerrit2/review_site --batch --no-auto-start", - subscribe => File["/home/gerrit2/review_site/bin/gerrit.war"], - require => [Package["openjdk-6-jre-headless"], - User["gerrit2"], - Mysql::Db["reviewdb"], - File["/home/gerrit2/review_site/etc/gerrit.config"], - File["/home/gerrit2/review_site/etc/secure.config"]], - notify => Exec["gerrit-start"], - unless => "/usr/bin/test -f /etc/init.d/gerrit", - } - - # If a new gerrit.war was just installed, run the Gerrit "init" command. - # Stop is included here because it may not be running or the init - # script may not exist, and in those cases, we don't care if it fails. - # Running the init script as the gerrit2 user _does_ work. - exec { "gerrit-init": - user => 'gerrit2', - command => "/etc/init.d/gerrit stop; /usr/bin/java -jar /home/gerrit2/review_site/bin/gerrit.war init -d /home/gerrit2/review_site --batch --no-auto-start", - subscribe => File["/home/gerrit2/review_site/bin/gerrit.war"], - refreshonly => true, - require => [Package["openjdk-6-jre-headless"], - User["gerrit2"], - Mysql::Db["reviewdb"], - File["/home/gerrit2/review_site/etc/gerrit.config"], - File["/home/gerrit2/review_site/etc/secure.config"]], - notify => Exec["gerrit-start"], - onlyif => "/usr/bin/test -f /etc/init.d/gerrit", - } - - # Symlink the init script. - file { "/etc/init.d/gerrit": - ensure => link, - target => '/home/gerrit2/review_site/bin/gerrit.sh', - require => Exec['gerrit-initial-init'], - } - - # The init script requires the path to gerrit to be set. - file { "/etc/default/gerritcodereview": - source => 'puppet:///modules/gerrit/gerritcodereview.default', - ensure => present, - replace => 'true', - owner => 'root', - group => 'root', - mode => 444, - } - - # Make sure the init script starts on boot. - file { ['/etc/rc0.d/K10gerrit', - '/etc/rc1.d/K10gerrit', - '/etc/rc2.d/S90gerrit', - '/etc/rc3.d/S90gerrit', - '/etc/rc4.d/S90gerrit', - '/etc/rc5.d/S90gerrit', - '/etc/rc6.d/K10gerrit']: - ensure => link, - target => '/etc/init.d/gerrit', - require => File['/etc/init.d/gerrit'], - } - - exec { "gerrit-start": - command => '/etc/init.d/gerrit start', - require => File['/etc/init.d/gerrit'], - refreshonly => true, - } - - file { '/usr/local/gerrit': - owner => 'root', - group => 'root', - mode => 755, - ensure => 'directory', - } - - file { '/usr/local/gerrit/scripts': - owner => 'root', - group => 'root', - mode => 755, - ensure => 'directory', - recurse => true, - require => File['/usr/local/gerrit'], - source => [ - "puppet:///modules/gerrit/scripts", - ], - } -} diff --git a/modules/gerrit/manifests/remotes.pp b/modules/gerrit/manifests/remotes.pp deleted file mode 100644 index 88a12ce..0000000 --- a/modules/gerrit/manifests/remotes.pp +++ /dev/null @@ -1,13 +0,0 @@ -class gerrit::remotes($ensure=present) { - cron { "gerritfetchremotes": - user => gerrit2, - ensure => $ensure, - minute => "*/30", - command => 'sleep $((RANDOM\%60+90)) && python /usr/local/gerrit/scripts/fetch_remotes.py', - require => File['/usr/local/gerrit/scripts'], - } - - file { '/home/gerrit2/remotes.config': - ensure => absent - } -} diff --git a/modules/gerrit/templates/gerrit.config.erb b/modules/gerrit/templates/gerrit.config.erb deleted file mode 100644 index be8d16c..0000000 --- a/modules/gerrit/templates/gerrit.config.erb +++ /dev/null @@ -1,84 +0,0 @@ -# This file is managed by puppet. -# https://github.com/openstack/openstack-ci-puppet - -[gerrit] - basePath = git - canonicalWebUrl = <%= canonicalweburl %> -[database] - type = MYSQL - hostname = localhost - database = reviewdb - username = gerrit2 -<% if database_poollimit != "" -%> - poolLimit = <%= database_poollimit %> -<% end -%> - connectionpool = true -[auth] - type = OPENID_SSO - openIdSsoUrl = <%= openidssourl %> - cookieSecure = true - contributorAgreements = true -[sendemail] - smtpServer = localhost -[container] - user = gerrit2 - javaHome = <%= java_home %> -<% if container_heaplimit != "" -%> - heapLimit = <%= container_heaplimit %> -<% end -%> -[core] -<% if core_packedgitopenfiles != "" -%> - packedGitOpenFiles = <%= core_packedgitopenfiles %> -<% end -%> -<% if core_packedgitlimit != "" -%> - packedGitLimit = <%= core_packedgitlimit %> -<% end -%> -<% if core_packedgitwindowsize != "" -%> - packedGitWindowSize = <%= core_packedgitwindowsize %> -<% end -%> -[sshd] - listenAddress = *:29418 -<% if sshd_threads != "" -%> - threads = <%= sshd_threads %> -<% end -%> -[httpd] - listenUrl = proxy-https://*:8081/ -<% if httpd_maxwait != "" -%> - maxWait = <%= httpd_maxwait %> -<% end -%> -<% if httpd_acceptorthreads != "" -%> - acceptorThreads = <%= httpd_acceptorthreads %> -<% end -%> -<% if httpd_minthreads != "" -%> - minThreads = <%= httpd_minthreads %> -<% end -%> -<% if httpd_maxthreads != "" -%> - maxThreads = <%= httpd_maxthreads %> -<% end -%> -[cache] - directory = cache -[cache "web_sessions"] - maxAge = 1d -[user] - email = <%= email %> -<% commentlinks.each do |commentlink| -%> -[commentlink "<%= commentlink['name'] %>"] - match = "<%= commentlink['match'] %>" - link = "<%= commentlink['link'] %>" -<% end -%> -[theme] - backgroundColor = ffffff - topMenuColor = ffffff - textColor = 264d69 - trimColor = eef3f5 - selectionColor = d1e6ea - changeTableOutdatedColor = f5cccc - tableOddRowColor = ffffff - tableEvenRowColor = f5f5ff -[melody] - monitoring = <%= enable_melody %> - session = <%= melody_session %> -<% if gitweb -%> -[gitweb] - revision = "?p=${project}.git;a=commitdiff;h=${commit}" -<% end -%> diff --git a/modules/gerrit/templates/gerrit.vhost.erb b/modules/gerrit/templates/gerrit.vhost.erb deleted file mode 100644 index 40ec8b6..0000000 --- a/modules/gerrit/templates/gerrit.vhost.erb +++ /dev/null @@ -1,72 +0,0 @@ -:80> - ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %> - - ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined - - Redirect / https://<%= scope.lookupvar("gerrit::vhost_name") %>/ - - - - -:443> - ServerName <%= scope.lookupvar("gerrit::vhost_name") %> - ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %> - - ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/gerrit-ssl-access.log combined - - SSLEngine on - - SSLCertificateFile <%= scope.lookupvar("gerrit::ssl_cert_file") %> - SSLCertificateKeyFile <%= scope.lookupvar("gerrit::ssl_key_file") %> -<% if scope.lookupvar("gerrit::ssl_chain_file") != "" %> - SSLCertificateChainFile <%= scope.lookupvar("gerrit::ssl_chain_file") %> -<% end %> - - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - RewriteEngine on - RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::vhost_name") %> - RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %> -<% if scope.lookupvar("gerrit::replicate_local") -%> - RewriteCond %{REQUEST_URI} !^/p/ -<% end -%> - RewriteRule ^/(.*)$ http://localhost:8081/$1 [P] - - ProxyPassReverse / http://localhost:8081/ - -<% if scope.lookupvar("gerrit::replicate_local") -%> - SetEnv GIT_PROJECT_ROOT /var/lib/git/ - SetEnv GIT_HTTP_EXPORT_ALL - - AliasMatch ^/p/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1 - AliasMatch ^/p/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1 - ScriptAlias /p/ /usr/lib/git-core/git-http-backend/ -<% end -%> - - - Order allow,deny - Allow from all - - - - - diff --git a/modules/gerrit/templates/replication.config.erb b/modules/gerrit/templates/replication.config.erb deleted file mode 100644 index 51bbfd7..0000000 --- a/modules/gerrit/templates/replication.config.erb +++ /dev/null @@ -1,18 +0,0 @@ -# This file is managed by puppet. -# https://github.com/openstack/openstack-ci-puppet - -<% if replicate_github -%> -[remote "github"] -url = git@github.com:${name}.git -authGroup = Anonymous Users -replicatePermissions = false -mirror = true -<% end -%> - -<% if replicate_local -%> -[remote "local"] -url = file:///var/lib/git/${name}.git -replicationDelay = 0 -threads = 4 -mirror = true -<% end -%> diff --git a/modules/gerrit/templates/secure.config.erb b/modules/gerrit/templates/secure.config.erb deleted file mode 100644 index 51af8c1..0000000 --- a/modules/gerrit/templates/secure.config.erb +++ /dev/null @@ -1,4 +0,0 @@ -[database] - password = <%= mysql_password %> -[auth] - registerEmailPrivateKey = <%= email_private_key %> diff --git a/modules/gerritbot/files/gerritbot b/modules/gerritbot/files/gerritbot deleted file mode 100755 index ef9cb36..0000000 --- a/modules/gerritbot/files/gerritbot +++ /dev/null @@ -1,273 +0,0 @@ -#! /usr/bin/env python - -# The configuration file should look like: -""" -[ircbot] -nick=NICKNAME -pass=PASSWORD -server=irc.freenode.net -port=6667 -channel_config=/path/to/yaml/config - -[gerrit] -user=gerrit2 -key=/path/to/id_rsa -host=review.example.com -port=29418 -""" - -# The yaml channel config should look like: -""" -openstack-dev: - events: - - patchset-created - - change-merged - projects: - - openstack/nova - - openstack/swift - branches: - - master -""" - -import ircbot -import time -import subprocess -import threading -import select -import json -import sys -import os -import ConfigParser -import daemon, daemon.pidlockfile -import traceback -import yaml - -class GerritBot(ircbot.SingleServerIRCBot): - def __init__(self, channels, nickname, password, server, port=6667): - ircbot.SingleServerIRCBot.__init__(self, - [(server, port)], - nickname, nickname) - self.channel_list = channels - self.nickname = nickname - self.password = password - - def on_nicknameinuse(self, c, e): - c.nick(c.get_nickname() + "_") - c.privmsg("nickserv", "identify %s " % self.password) - c.privmsg("nickserv", "ghost %s %s" % (self.nickname, self.password)) - c.privmsg("nickserv", "release %s %s" % (self.nickname, self.password)) - time.sleep(1) - c.nick(self.nickname) - - def on_welcome(self, c, e): - c.privmsg("nickserv", "identify %s "% self.password) - for channel in self.channel_list: - c.join(channel) - - def send(self, channel, msg): - self.connection.privmsg(channel, msg) - time.sleep(0.5) - -class Gerrit(threading.Thread): - def __init__(self, ircbot, channel_config, - username, keyfile, server, port=29418): - threading.Thread.__init__(self) - self.ircbot = ircbot - self.channel_config = channel_config - self.username = username - self.keyfile = keyfile - self.server = server - self.port = port - self.proc = None - self.poll = select.poll() - - def _open(self): - self.proc = subprocess.Popen(['/usr/bin/ssh', '-p', str(self.port), - '-i', self.keyfile, - '-l', self.username, self.server, - 'gerrit', 'stream-events'], - bufsize=1, - stdin=None, - stdout=subprocess.PIPE, - stderr=None, - ) - self.poll.register(self.proc.stdout) - - def _close(self): - try: - self.poll.unregister(self.proc.stdout) - except: - pass - try: - self.proc.kill() - except: - pass - self.proc = None - - def patchset_created(self, channel, data): - msg = '%s proposed a change to %s: %s %s' % ( - data['patchSet']['uploader']['name'], - data['change']['project'], - data['change']['subject'], - data['change']['url']) - self.ircbot.send(channel, msg) - - def comment_added(self, channel, data): - msg = 'A comment has been added to a proposed change to %s: %s %s' % ( - data['change']['project'], - data['change']['subject'], - data['change']['url']) - self.ircbot.send(channel, msg) - - for approval in data.get('approvals', []): - if (approval['type'] == 'VRIF' and approval['value'] == '-2' and - channel in self.channel_config.events.get( - 'x-vrif-minus-2', set())): - msg = 'Verification of a change to %s failed: %s %s' % ( - data['change']['project'], - data['change']['subject'], - data['change']['url']) - self.ircbot.send(channel, msg) - - if (approval['type'] == 'VRIF' and approval['value'] == '2' and - channel in self.channel_config.events.get( - 'x-vrif-plus-2', set())): - msg = 'Verification of a change to %s succeeded: %s %s' % ( - data['change']['project'], - data['change']['subject'], - data['change']['url']) - self.ircbot.send(channel, msg) - - if (approval['type'] == 'CRVW' and approval['value'] == '-2' and - channel in self.channel_config.events.get( - 'x-crvw-minus-2', set())): - msg = 'A change to %s has been rejected: %s %s' % ( - data['change']['project'], - data['change']['subject'], - data['change']['url']) - self.ircbot.send(channel, msg) - - if (approval['type'] == 'CRVW' and approval['value'] == '2' and - channel in self.channel_config.events.get( - 'x-crvw-plus-2', set())): - msg = 'A change to %s has been approved: %s %s' % ( - data['change']['project'], - data['change']['subject'], - data['change']['url']) - self.ircbot.send(channel, msg) - - def change_merged(self, channel, data): - msg = 'A change was merged to %s: %s %s' % ( - data['change']['project'], - data['change']['subject'], - data['change']['url']) - self.ircbot.send(channel, msg) - - def _read(self): - l = self.proc.stdout.readline() - data = json.loads(l) - channel_set = (self.channel_config.projects.get( - data['change']['project'], set()) & - self.channel_config.events.get( - data['type'], set()) & - self.channel_config.branches.get( - data['change']['branch'], set())) - for channel in channel_set: - if data['type'] == 'comment-added': - self.comment_added(channel, data) - elif data['type'] == 'patchset-created': - self.patchset_created(channel, data) - elif data['type'] == 'change-merged': - self.change_merged(channel, data) - - def _listen(self): - while True: - ret = self.poll.poll() - for (fd, event) in ret: - if fd == self.proc.stdout.fileno(): - if event == select.POLLIN: - self._read() - else: - raise Exception("event on ssh connection") - - def _run(self): - try: - if not self.proc: - self._open() - self._listen() - except: - traceback.print_exc() - self._close() - time.sleep(5) - - def run(self): - time.sleep(5) - while True: - self._run() - -class ChannelConfig(object): - def __init__(self, data): - self.data = data - keys = data.keys() - for key in keys: - if key[0] != '#': - data['#'+key] = data.pop(key) - self.channels = data.keys() - self.projects = {} - self.events = {} - self.branches = {} - for channel, val in self.data.iteritems(): - for event in val['events']: - event_set = self.events.get(event, set()) - event_set.add(channel) - self.events[event] = event_set - for project in val['projects']: - project_set = self.projects.get(project, set()) - project_set.add(channel) - self.projects[project] = project_set - for branch in val['branches']: - branch_set = self.branches.get(branch, set()) - branch_set.add(channel) - self.branches[branch] = branch_set - -def _main(): - config=ConfigParser.ConfigParser() - config.read(sys.argv[1]) - - fp = config.get('ircbot', 'channel_config') - if fp: - fp = os.path.expanduser(fp) - if not os.path.exists(fp): - raise Exception("Unable to read layout config file at %s" % fp) - else: - raise Exception("Channel Config must be specified in config file.") - - channel_config = ChannelConfig(yaml.load(open(fp))) - - bot = GerritBot(channel_config.channels, - config.get('ircbot', 'nick'), - config.get('ircbot', 'pass'), - config.get('ircbot', 'server'), - config.getint('ircbot', 'port')) - g = Gerrit(bot, - channel_config, - config.get('gerrit', 'user'), - config.get('gerrit', 'key'), - config.get('gerrit', 'host'), - config.getint('gerrit', 'port')) - g.start() - bot.start() - -def main(): - if len(sys.argv) != 2: - print "Usage: %s CONFIGFILE" % sys.argv[0] - sys.exit(1) - - pid = daemon.pidlockfile.TimeoutPIDLockFile( - "/var/run/gerritbot/gerritbot.pid", 10) - with daemon.DaemonContext(pidfile=pid): - _main() - - -if __name__ == "__main__": - main() diff --git a/modules/gerritbot/files/gerritbot.init b/modules/gerritbot/files/gerritbot.init deleted file mode 100755 index 7b9ce7d..0000000 --- a/modules/gerritbot/files/gerritbot.init +++ /dev/null @@ -1,171 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: gerritbot -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Gerrit IRC Bot -# Description: Announces Gerrit events to IRC -### END INIT INFO - -# Author: James Blair - -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="GerritBot" -NAME=gerritbot -DAEMON=/usr/local/gerrit/$NAME -DAEMON_ARGS="/home/gerrit2/gerritbot.config" -PIDFILE=/var/run/$NAME/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME -USER=gerrit2 - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -pidof_gerritbot() { - # if there is actually an gerritbot process whose pid is in PIDFILE, - # print it and return 0. - if [ -e "$PIDFILE" ]; then - if ps -ef | grep gerrit[b]ot | grep python | awk '{print $2}' | grep -w $(cat $PIDFILE); then - return 0 - fi - fi - return 1 -} - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - - mkdir -p /var/run/$NAME - chown $USER /var/run/$NAME - start-stop-daemon --start --quiet --pidfile $PIDFILE -c $USER --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE -c $USER --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --signal 9 --pidfile $PIDFILE - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - rm -f /var/run/$NAME/* - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - PID=$(pidof_gerritbot) || true - if [ -n "$PID" ]; then - log_daemon_msg "$DESC is running (pid $PID)." - exit 0 - else - log_daemon_msg "$DESC is NOT running." - if [ -e "$PIDFILE" ]; then - exit 1 - else - exit 3 - fi - fi - ;; - #reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - #log_daemon_msg "Reloading $DESC" "$NAME" - #do_reload - #log_end_msg $? - #;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/modules/gerritbot/files/gerritbot_channel_config.yaml b/modules/gerritbot/files/gerritbot_channel_config.yaml deleted file mode 100644 index 6c4831e..0000000 --- a/modules/gerritbot/files/gerritbot_channel_config.yaml +++ /dev/null @@ -1,56 +0,0 @@ -openstack-infra: - events: - - patchset-created - - change-merged - - x-vrif-minus-2 - projects: - - openstack/openstack-ci-puppet - - openstack-ci/config - - openstack-ci/devstack-gate - - openstack-ci/gerrit - - openstack-ci/gerrit-trigger-plugin - - openstack-ci/gerrit-verification-status-plugin - - openstack-ci/gerritbot - - openstack-ci/gerritlib - - openstack-ci/git-review - - openstack-ci/jenkins-job-builder - - openstack-ci/lodgeit - - openstack-ci/meetbot - - openstack-ci/pypi-mirror - - openstack-ci/zuul - branches: - - master - -openstack-dev: - events: - - change-merged - - x-vrif-minus-2 - projects: - - openstack/cinder - - openstack/glance - - openstack/horizon - - openstack/keystone - - openstack/nova - - openstack/openstack-common - - openstack/python-cinderclient - - openstack/python-glanceclient - - openstack/python-keystoneclient - - openstack/python-novaclient - - openstack/python-openstackclient - - openstack/python-quantumclient - - openstack/python-swiftclient - - openstack/quantum - - openstack/swift - branches: - - master - -stackforge-dev: - events: - - patchset-created - - change-merged - - x-vrif-minus-2 - projects: - - stackforge/ceilometer - - heat-api/heat - branches: - - master diff --git a/modules/gerritbot/manifests/init.pp b/modules/gerritbot/manifests/init.pp deleted file mode 100644 index 45864e7..0000000 --- a/modules/gerritbot/manifests/init.pp +++ /dev/null @@ -1,57 +0,0 @@ -class gerritbot( - $nick, - $password, - $server, - $user, - $vhost_name - ) { - - file { "/usr/local/gerrit/gerritbot": - owner => 'root', - group => 'root', - mode => 555, - ensure => 'present', - source => 'puppet:///modules/gerritbot/gerritbot', - require => File['/usr/local/gerrit'], - } - - file { "/etc/init.d/gerritbot": - owner => 'root', - group => 'root', - mode => 555, - ensure => 'present', - source => 'puppet:///modules/gerritbot/gerritbot.init', - require => File['/usr/local/gerrit/gerritbot'], - } - - file { "/home/gerrit2/gerritbot_channel_config.yaml": - owner => 'root', - group => 'gerrit2', - mode => 440, - ensure => 'present', - source => 'puppet:///modules/gerritbot/gerritbot_channel_config.yaml', - replace => true, - require => User['gerrit2'], - } - - service { 'gerritbot': - name => 'gerritbot', - ensure => running, - enable => true, - hasrestart => true, - require => File['/etc/init.d/gerritbot'], - subscribe => [File["/usr/local/gerrit/gerritbot"], - File["/home/gerrit2/gerritbot_channel_config.yaml"]], - } - - file { '/home/gerrit2/gerritbot.config': - owner => 'root', - group => 'gerrit2', - mode => 440, - ensure => 'present', - content => template('gerritbot/gerritbot.config.erb'), - replace => 'true', - require => User['gerrit2'] - } - -} diff --git a/modules/gerritbot/templates/gerritbot.config.erb b/modules/gerritbot/templates/gerritbot.config.erb deleted file mode 100644 index 0712697..0000000 --- a/modules/gerritbot/templates/gerritbot.config.erb +++ /dev/null @@ -1,13 +0,0 @@ -[ircbot] -nick=<%= nick %> -pass=<%= password %> -server=<%= server %> -port=6667 -channel_config=/home/gerrit2/gerritbot_channel_config.yaml -lockfile=/var/run/gerritbot/gerritbot.pid - -[gerrit] -user=<%= user %> -key=/home/gerrit2/.ssh/gerritbot_rsa -host=<%= vhost_name %> -port=29418 diff --git a/modules/github/files/scripts/close_pull_requests.py b/modules/github/files/scripts/close_pull_requests.py deleted file mode 100755 index 13f9e89..0000000 --- a/modules/github/files/scripts/close_pull_requests.py +++ /dev/null @@ -1,88 +0,0 @@ -#! /usr/bin/env python -# Copyright (C) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Github pull requests closer reads a project config file called projects.yaml -# It should look like: - -# - project: PROJECT_NAME -# options: -# - close-pull - -# Github authentication information is read from github.secure.config, -# which should look like: - -# [github] -# username = GITHUB_USERNAME -# password = GITHUB_PASSWORD -# -# or -# -# [github] -# oauth_token = GITHUB_OAUTH_TOKEN - -import ConfigParser -import github -import os -import yaml -import logging - -logging.basicConfig(level=logging.ERROR) - -PROJECTS_YAML = os.environ.get('PROJECTS_YAML', - '/home/gerrit2/projects.yaml') -GITHUB_SECURE_CONFIG = os.environ.get('GITHUB_SECURE_CONFIG', - '/home/gerrit2/github.secure.config') - -MESSAGE = """Thank you for contributing to OpenStack! - -%(project)s uses Gerrit for code review. - -Please visit http://wiki.openstack.org/GerritWorkflow and follow the instructions there to upload your change to Gerrit. -""" - -secure_config = ConfigParser.ConfigParser() -secure_config.read(GITHUB_SECURE_CONFIG) -config = yaml.load(open(PROJECTS_YAML)) - -if secure_config.has_option("github", "oauth_token"): - ghub = github.Github(secure_config.get("github", "oauth_token")) -else: - ghub = github.Github(secure_config.get("github", "username"), - secure_config.get("github", "password")) - -orgs = ghub.get_user().get_orgs() -orgs_dict = dict(zip([o.login.lower() for o in orgs], orgs)) -for section in config: - project = section['project'] - - # Make sure we're supposed to close pull requests for this project: - if 'options' not in section or 'close-pull' not in section['options']: - continue - - # Find the project's repo - project_split = project.split('/', 1) - if len(project_split) > 1: - repo = orgs_dict[project_split[0].lower()].get_repo(project_split[1]) - else: - repo = ghub.get_user().get_repo(project) - - # Close each pull request - pull_requests = repo.get_pulls("open") - for req in pull_requests: - vars = dict(project=project) - issue_data = {"url": repo.url + "/issues/" + str(req.number)} - issue = github.Issue.Issue(req._requester, issue_data, completed = True) - issue.create_comment(MESSAGE % vars) - req.edit(state = "closed") diff --git a/modules/github/manifests/init.pp b/modules/github/manifests/init.pp deleted file mode 100644 index 24b0554..0000000 --- a/modules/github/manifests/init.pp +++ /dev/null @@ -1,74 +0,0 @@ -class github ( - $username, - $oauth_token, - $projects = [] - ) { - - include pip - - package { "PyGithub": - ensure => latest, # okay to use latest for pip - provider => pip, - require => Class[pip] - } - - group { "github": - ensure => present - } - - user { "github": - ensure => present, - comment => "Github API User", - shell => "/bin/bash", - gid => "github", - require => Group["github"] - } - - file { '/etc/github': - owner => 'root', - group => 'root', - mode => 755, - ensure => 'directory', - } - - file { '/etc/github/github.config': - ensure => absent - } - - file { '/etc/github/github.secure.config': - owner => 'root', - group => 'github', - mode => 440, - ensure => 'present', - content => template('github/github.secure.config.erb'), - replace => 'true', - require => [Group['github'], File['/etc/github']], - } - - file { '/usr/local/github': - owner => 'root', - group => 'root', - mode => 755, - ensure => 'directory', - } - - file { '/usr/local/github/scripts': - owner => 'root', - group => 'root', - mode => 755, - ensure => 'directory', - recurse => true, - require => File['/usr/local/github'], - source => [ - "puppet:///modules/github/scripts", - ], - } - - cron { "githubclosepull": - user => github, - minute => "*/5", - command => 'sleep $((RANDOM\%60+90)) && python /usr/local/github/scripts/close_pull_requests.py', - require => File['/usr/local/github/scripts'], - } - -} diff --git a/modules/github/templates/github.secure.config.erb b/modules/github/templates/github.secure.config.erb deleted file mode 100644 index 92e1493..0000000 --- a/modules/github/templates/github.secure.config.erb +++ /dev/null @@ -1,3 +0,0 @@ -[github] -username = <%= username %> -oauth_token = <%= oauth_token %> diff --git a/modules/iptables/manifests/init.pp b/modules/iptables/manifests/init.pp deleted file mode 100644 index 5a9946c..0000000 --- a/modules/iptables/manifests/init.pp +++ /dev/null @@ -1,53 +0,0 @@ -#http://projects.puppetlabs.com/projects/1/wiki/Module_Iptables_Patterns - -class iptables($rules='', $public_tcp_ports=[], $public_udp_ports=[]) { - package { - "iptables-persistent": ensure => present; - } - - service { "iptables-persistent": - require => Package["iptables-persistent"], - - # Because there is no running process for this service, the normal status - # checks fail. Because puppet then thinks the service has been manually - # stopped, it won't restart it. This fake status command will trick puppet - # into thinking the service is *always* running (which in a way it is, as - # iptables is part of the kernel.) - hasstatus => true, - status => "true", - - # Under Debian, the "restart" parameter does not reload the rules, so tell - # Puppet to fall back to stop/start, which does work. - hasrestart => false, - - } - - file { "/etc/iptables": - ensure => directory - } - - file { - "/etc/iptables/rules": - owner => "root", - group => "root", - mode => 640, - content => template('iptables/rules.erb'), - require => [Package["iptables-persistent"], File["/etc/iptables"]], - - # When this file is updated, make sure the rules get reloaded. - notify => Service["iptables-persistent"], - ; - } - - file { - "/etc/iptables/rules.v4": - owner => "root", - group => "root", - mode => 640, - ensure => link, - target => "/etc/iptables/rules", - require => File["/etc/iptables/rules"], - notify => Service["iptables-persistent"] - } - -} diff --git a/modules/iptables/templates/rules.erb b/modules/iptables/templates/rules.erb deleted file mode 100644 index 382689a..0000000 --- a/modules/iptables/templates/rules.erb +++ /dev/null @@ -1,27 +0,0 @@ -*filter -:INPUT ACCEPT [0:0] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] -:openstack-INPUT - [0:0] --A INPUT -j openstack-INPUT --A FORWARD -j openstack-INPUT --A openstack-INPUT -i lo -j ACCEPT --A openstack-INPUT -p icmp --icmp-type any -j ACCEPT -#-A openstack-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT --A openstack-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -# SSH from anywhere --A openstack-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -# SNMP from openstack cacti --A openstack-INPUT -m udp -p udp --dport 161 -s 50.57.120.246 -j ACCEPT -# Public TCP ports -<% public_tcp_ports.each do |port| -%> --A openstack-INPUT -m state --state NEW -m tcp -p tcp --dport <%= port %> -j ACCEPT -<% end -%> -# Public UDP ports -<% public_udp_ports.each do |port| -%> --A openstack-INPUT -m udp -p udp --dport <%= port %> -j ACCEPT -<% end -%> -# Per-host rules -<%= rules %> --A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited -COMMIT diff --git a/modules/jenkins_master/files/stackforge.png b/modules/jenkins_master/files/stackforge.png deleted file mode 100644 index 29a3ec8..0000000 Binary files a/modules/jenkins_master/files/stackforge.png and /dev/null differ diff --git a/modules/jenkins_master/templates/jenkins.vhost.erb b/modules/jenkins_master/templates/jenkins.vhost.erb deleted file mode 100644 index a82d067..0000000 --- a/modules/jenkins_master/templates/jenkins.vhost.erb +++ /dev/null @@ -1,46 +0,0 @@ -:80> - ServerAdmin <%= scope.lookupvar("jenkins_master::serveradmin") %> - - ErrorLog ${APACHE_LOG_DIR}/jenkins_master-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/jenkins_master-access.log combined - - Redirect / https://<%= scope.lookupvar("jenkins_master::vhost_name") %>/ - - - -:443> - ServerName <%= scope.lookupvar("jenkins_master::vhost_name") %> - ServerAdmin <%= scope.lookupvar("jenkins_master::serveradmin") %> - - ErrorLog ${APACHE_LOG_DIR}/jenkins_master-ssl-error.log - - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/jenkins_master-ssl-access.log combined - - SSLEngine on - - SSLCertificateFile <%= scope.lookupvar("jenkins_master::ssl_cert_file") %> - SSLCertificateKeyFile <%= scope.lookupvar("jenkins_master::ssl_key_file") %> - <% if scope.lookupvar("jenkins_master::ssl_chain_file") != "" %> - SSLCertificateChainFile <%= scope.lookupvar("jenkins_master::ssl_chain_file") %> - <% end %> - - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - RewriteEngine on - RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("jenkins_master::vhost_name") %> - RewriteRule ^.*$ https://<%= scope.lookupvar("jenkins_master::vhost_name") %>/ - - RewriteRule /zuul/status http://127.0.0.1:8001/status [P] - - ProxyPass / http://127.0.0.1:8080/ retry=0 - ProxyPassReverse / http://127.0.0.1:8080/ - diff --git a/modules/jenkins_slave/files/authentication.conf b/modules/jenkins_slave/files/authentication.conf deleted file mode 100644 index e069dc3..0000000 --- a/modules/jenkins_slave/files/authentication.conf +++ /dev/null @@ -1,5 +0,0 @@ -[Launchpad] -host = .launchpad.net -scheme = ssh -user = hudson-openstack - diff --git a/modules/jenkins_slave/files/bazaar.conf b/modules/jenkins_slave/files/bazaar.conf deleted file mode 100644 index 27b90b7..0000000 --- a/modules/jenkins_slave/files/bazaar.conf +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] -email = OpenStack Jenkins -launchpad_username = hudson-openstack - diff --git a/modules/launchpad_sync/files/update_gerrit_users.py b/modules/launchpad_sync/files/update_gerrit_users.py deleted file mode 100755 index 7d7d630..0000000 --- a/modules/launchpad_sync/files/update_gerrit_users.py +++ /dev/null @@ -1,410 +0,0 @@ -#! /usr/bin/env python -# Copyright (C) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Synchronize Gerrit users from Launchpad. - -import os -import sys -import fcntl -import uuid -import subprocess - -from datetime import datetime - -# There is a bug (810019) somewhere deep which causes pkg_resources -# to bitch if it's imported after argparse. launchpadlib imports it, -# so if we head it off at the pass, we can skip cronspam -import pkg_resources - -import StringIO -import ConfigParser -import argparse -import MySQLdb - -from launchpadlib.launchpad import Launchpad -from launchpadlib.uris import LPNET_SERVICE_ROOT - -from openid.consumer import consumer -from openid.cryptutil import randomString - -DEBUG = False - -# suppress pyflakes -pkg_resources.get_supported_platform() - -pid_file = '/tmp/update_gerrit_users.pid' -fp = open(pid_file, 'w') -try: - fcntl.lockf(fp, fcntl.LOCK_EX | fcntl.LOCK_NB) -except IOError: - # another instance is running - sys.exit(0) - -parser = argparse.ArgumentParser() -parser.add_argument('user', help='The gerrit admin user') -parser.add_argument('ssh_key', help='The gerrit admin SSH key file') -parser.add_argument('site', help='The site in use (typically openstack or stackforge)') -parser.add_argument('root_team', help='The root launchpad team to pull from') -options = parser.parse_args() - -GERRIT_USER = options.user -GERRIT_CONFIG = os.environ.get('GERRIT_CONFIG', - '/home/gerrit2/review_site/etc/gerrit.config') -GERRIT_SECURE_CONFIG = os.environ.get('GERRIT_SECURE_CONFIG', - '/home/gerrit2/review_site/etc/secure.config') -GERRIT_SSH_KEY = options.ssh_key -GERRIT_CACHE_DIR = os.path.expanduser(os.environ.get('GERRIT_CACHE_DIR', - '~/.launchpadlib/cache')) -GERRIT_CREDENTIALS = os.path.expanduser(os.environ.get('GERRIT_CREDENTIALS', - '~/.launchpadlib/creds')) -GERRIT_BACKUP_PATH = os.environ.get('GERRIT_BACKUP_PATH', - '/home/gerrit2/dbupdates') - -for check_path in (os.path.dirname(GERRIT_CACHE_DIR), - os.path.dirname(GERRIT_CREDENTIALS), - GERRIT_BACKUP_PATH): - if not os.path.exists(check_path): - os.makedirs(check_path) - -def get_broken_config(filename): - """ gerrit config ini files are broken and have leading tabs """ - text = "" - with open(filename,"r") as conf: - for line in conf.readlines(): - text = "%s%s" % (text, line.lstrip()) - - fp = StringIO.StringIO(text) - c=ConfigParser.ConfigParser() - c.readfp(fp) - return c - -def get_type(in_type): - if in_type == "RSA": - return "ssh-rsa" - else: - return "ssh-dsa" - -gerrit_config = get_broken_config(GERRIT_CONFIG) -secure_config = get_broken_config(GERRIT_SECURE_CONFIG) - -DB_USER = gerrit_config.get("database", "username") -DB_PASS = secure_config.get("database","password") -DB_DB = gerrit_config.get("database","database") - -db_backup_file = "%s.%s.sql" % (DB_DB, datetime.isoformat(datetime.now())) -db_backup_path = os.path.join(GERRIT_BACKUP_PATH, db_backup_file) -retval = os.system("mysqldump --opt -u%s -p%s %s | gzip -9 > %s.gz" % - (DB_USER, DB_PASS, DB_DB, db_backup_path)) -if retval != 0: - print "Problem taking a db dump, aborting db update" - sys.exit(retval) - -conn = MySQLdb.connect(user = DB_USER, passwd = DB_PASS, db = DB_DB) -cur = conn.cursor() - - -launchpad = Launchpad.login_with('Gerrit User Sync', LPNET_SERVICE_ROOT, - GERRIT_CACHE_DIR, - credentials_file = GERRIT_CREDENTIALS) - -def get_sub_teams(team, have_teams): - for sub_team in launchpad.people[team].sub_teams: - if sub_team.name not in have_teams: - have_teams = get_sub_teams(sub_team.name, have_teams) - have_teams.append(team) - return have_teams - - -teams_todo = get_sub_teams(options.root_team, []) - -users={} -groups={} -groups_in_groups={} -group_implies_groups={} -group_ids={} -projects = subprocess.check_output(['/usr/bin/ssh', '-p', '29418', - '-i', GERRIT_SSH_KEY, - '-l', GERRIT_USER, 'localhost', - 'gerrit', 'ls-projects']).split('\n') - -for team_todo in teams_todo: - - team = launchpad.people[team_todo] - groups[team.name] = team.display_name - - # Attempt to get nested group memberships. ~nova-core, for instance, is a - # member of ~nova, so membership in ~nova-core should imply membership in - # ~nova - group_in_group = groups_in_groups.get(team.name, {}) - for subgroup in team.sub_teams: - group_in_group[subgroup.name] = 1 - # We should now have a dictionary of the form {'nova': {'nova-core': 1}} - groups_in_groups[team.name] = group_in_group - - for detail in team.members_details: - - user = None - - # detail.self_link == - # 'https://api.launchpad.net/1.0/~team/+member/${username}' - login = detail.self_link.split('/')[-1] - - if users.has_key(login): - user = users[login] - else: - - user = dict(add_groups=[]) - - status = detail.status - if (status == "Approved" or status == "Administrator"): - user['add_groups'].append(team.name) - users[login] = user - -# If we picked up subgroups that were not in our original list of groups -# make sure they get added -for (supergroup, subgroups) in groups_in_groups.items(): - for group in subgroups.keys(): - if group not in groups.keys(): - groups[group] = None - -# account_groups -# groups is a dict of team name to team display name -# here, for every group we have in that dict, we're building another dict of -# group_name to group_id - and if the database doesn't already have the -# group, we're adding it -for (group_name, group_display_name) in groups.items(): - if cur.execute("select group_id from account_groups where name = %s", - group_name): - group_ids[group_name] = cur.fetchall()[0][0] - else: - cur.execute("""insert into account_group_id (s) values (NULL)"""); - cur.execute("select max(s) from account_group_id") - group_id = cur.fetchall()[0][0] - - # Match the 40-char 'uuid' that java is producing - group_uuid = uuid.uuid4() - second_uuid = uuid.uuid4() - full_uuid = "%s%s" % (group_uuid.hex, second_uuid.hex[:8]) - - cur.execute("""insert into account_groups - (group_id, group_type, owner_group_id, - name, description, group_uuid) - values - (%s, 'INTERNAL', 1, %s, %s, %s)""", - (group_id, group_name, group_display_name, full_uuid)) - cur.execute("""insert into account_group_names (group_id, name) values - (%s, %s)""", - (group_id, group_name)) - - group_ids[group_name] = group_id - -# account_group_includes -# groups_in_groups should be a dict of dicts, where the key is the larger -# group and the inner dict is a list of groups that are members of the -# larger group. So {'nova': {'nova-core': 1}} -for (group_name, subgroups) in groups_in_groups.items(): - for subgroup_name in subgroups.keys(): - try: - cur.execute("""insert into account_group_includes - (group_id, include_id) - values (%s, %s)""", - (group_ids[group_name], group_ids[subgroup_name])) - except MySQLdb.IntegrityError: - pass - -# Make a list of implied group membership -# building a list which is the opposite of groups_in_group. Here -# group_implies_groups is a dict keyed by group_id containing a list of -# group_ids of implied membership. SO: if nova is 1 and nova-core is 2: -# {'2': [1]} -for group_id in group_ids.values(): - total_groups = [] - groups_todo = [group_id] - while len(groups_todo) > 0: - current_group = groups_todo.pop() - total_groups.append(current_group) - cur.execute("""select group_id from account_group_includes - where include_id = %s""", (current_group)) - for row in cur.fetchall(): - if row[0] != 1 and row[0] not in total_groups: - groups_todo.append(row[0]) - group_implies_groups[group_id] = total_groups - -if DEBUG: - def get_group_name(in_group_id): - for (group_name, group_id) in group_ids.items(): - if group_id == in_group_id: - return group_name - - print "groups in groups" - for (k,v) in groups_in_groups.items(): - print k, v - - print "group_imples_groups" - for (k, v) in group_implies_groups.items(): - print get_group_name(k) - new_groups=[] - for val in v: - new_groups.append(get_group_name(val)) - print "\t", new_groups - -for (username, user_details) in users.items(): - member = launchpad.people[username] - # accounts - account_id = None - if cur.execute("""select account_id from account_external_ids where - external_id in (%s)""", ("username:%s" % username)): - account_id = cur.fetchall()[0][0] - # We have this bad boy - all we need to do is update his group membership - - else: - # We need details - if not member.is_team: - - openid_consumer = consumer.Consumer(dict(id=randomString(16, '0123456789abcdef')), None) - openid_request = openid_consumer.begin("https://launchpad.net/~%s" % member.name) - user_details['openid_external_id'] = openid_request.endpoint.getLocalID() - - # Handle username change - if cur.execute("""select account_id from account_external_ids where - external_id in (%s)""", user_details['openid_external_id']): - account_id = cur.fetchall()[0][0] - cur.execute("""update account_external_ids - set external_id=%s - where external_id like 'username%%' - and account_id = %s""", - ('username:%s' % username, account_id)) - else: - email = None - try: - email = member.preferred_email_address.email - except ValueError: - pass - user_details['email'] = email - - - cur.execute("""insert into account_id (s) values (NULL)"""); - cur.execute("select max(s) from account_id") - account_id = cur.fetchall()[0][0] - - cur.execute("""insert into accounts (account_id, full_name, preferred_email) values - (%s, %s, %s)""", (account_id, username, user_details['email'])) - - # account_external_ids - ## external_id - if not cur.execute("""select account_id from account_external_ids - where account_id = %s and external_id = %s""", - (account_id, user_details['openid_external_id'])): - cur.execute("""insert into account_external_ids - (account_id, email_address, external_id) - values (%s, %s, %s)""", - (account_id, user_details['email'], user_details['openid_external_id'])) - if not cur.execute("""select account_id from account_external_ids - where account_id = %s and external_id = %s""", - (account_id, "username:%s" % username)): - cur.execute("""insert into account_external_ids - (account_id, external_id) values (%s, %s)""", - (account_id, "username:%s" % username)) - - if user_details.get('email', None) is not None: - if not cur.execute("""select account_id from account_external_ids - where account_id = %s and external_id = %s""", - (account_id, "mailto:%s" % user_details['email'])): - cur.execute("""insert into account_external_ids - (account_id, email_address, external_id) - values (%s, %s, %s)""", - (account_id, user_details['email'], "mailto:%s" % - user_details['email'])) - - if account_id is not None: - # account_ssh_keys - user_details['ssh_keys'] = ["%s %s %s" % (get_type(key.keytype), key.keytext, key.comment) for key in member.sshkeys] - - for key in user_details['ssh_keys']: - - cur.execute("""select ssh_public_key from account_ssh_keys where - account_id = %s""", account_id) - db_keys = [r[0].strip() for r in cur.fetchall()] - if key.strip() not in db_keys: - - cur.execute("""select max(seq)+1 from account_ssh_keys - where account_id = %s""", account_id) - seq = cur.fetchall()[0][0] - if seq is None: - seq = 1 - cur.execute("""insert into account_ssh_keys - (ssh_public_key, valid, account_id, seq) - values - (%s, 'Y', %s, %s)""", - (key.strip(), account_id, seq)) - - # account_group_members - # user_details['add_groups'] is a list of group names for which the - # user is either "Approved" or "Administrator" - - groups_to_add = [] - groups_to_watch = {} - groups_to_rm = {} - - for group in user_details['add_groups']: - # if you are in the group nova-core, that should also put you in nova - add_groups = group_implies_groups[group_ids[group]] - add_groups.append(group_ids[group]) - for add_group in add_groups: - if add_group not in groups_to_add: - groups_to_add.append(add_group) - # We only want to add watches for direct project membership groups - groups_to_watch[group_ids[group]] = group - - # groups_to_add is now the full list of all groups we think the user - # should belong to. we want to limit the users groups to this list - for group in groups: - if group_ids[group] not in groups_to_add: - if group not in groups_to_rm.values(): - groups_to_rm[group_ids[group]] = group - - for group_id in groups_to_add: - if not cur.execute("""select account_id from account_group_members - where account_id = %s and group_id = %s""", - (account_id, group_id)): - # The current user does not exist in the group. Add it. - cur.execute("""insert into account_group_members - (account_id, group_id) - values (%s, %s)""", (account_id, group_id)) - os_project_name = groups_to_watch.get(group_id, None) - if os_project_name is not None: - if os_project_name.endswith("-core"): - os_project_name = os_project_name[:-5] - os_project_name = "{site}/{project}".format(site=options.site, project=os_project_name) - if os_project_name in projects: - if not cur.execute("""select account_id - from account_project_watches - where account_id = %s - and project_name = %s""", - (account_id, os_project_name)): - cur.execute("""insert into account_project_watches - VALUES - ("Y", "N", "N", %s, %s, "*")""", - (account_id, os_project_name)) - - for (group_id, group_name) in groups_to_rm.items(): - cur.execute("""delete from account_group_members - where account_id = %s and group_id = %s""", - (account_id, group_id)) - -os.system("ssh -i %s -p29418 %s@localhost gerrit flush-caches" % - (GERRIT_SSH_KEY, GERRIT_USER)) - -conn.commit() diff --git a/modules/launchpad_sync/files/update_users.py b/modules/launchpad_sync/files/update_users.py deleted file mode 100644 index b40fbfd..0000000 --- a/modules/launchpad_sync/files/update_users.py +++ /dev/null @@ -1,431 +0,0 @@ -#! /usr/bin/env python -# Copyright (C) 2012 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# Synchronize Gerrit users from Launchpad. -# TODO items: -# 1. add a temporary (instance level) object store for the launchpad class -# 2. split out the two classes into separate files to be used as a library - -import os -import sys -import ConfigParser -import StringIO -import paramiko -import json -import logging -import uuid -from launchpadlib.launchpad import Launchpad -from launchpadlib.uris import LPNET_SERVICE_ROOT - -from datetime import datetime - -from openid.consumer import consumer -from openid.cryptutil import randomString - -GERRIT_USER = os.environ.get('GERRIT_USER', 'launchpadsync') -GERRIT_CONFIG = os.environ.get('GERRIT_CONFIG', - '/home/gerrit2/review_site/etc/gerrit.config') -GERRIT_SECURE_CONFIG = os.environ.get('GERRIT_SECURE_CONFIG', - '/home/gerrit2/review_site/etc/secure.config') -GERRIT_SSH_KEY = os.environ.get('GERRIT_SSH_KEY', - '/home/gerrit2/.ssh/launchpadsync_rsa') -GERRIT_CACHE_DIR = os.path.expanduser(os.environ.get('GERRIT_CACHE_DIR', - '~/.launchpadlib/cache')) -GERRIT_CREDENTIALS = os.path.expanduser(os.environ.get('GERRIT_CREDENTIALS', - '~/.launchpadlib/creds')) -GERRIT_BACKUP_PATH = os.environ.get('GERRIT_BACKUP_PATH', - '/home/gerrit2/dbupdates') - -logging.basicConfig(format='%(asctime)-6s: %(name)s - %(levelname)s - %(message)s', filename='/var/log/gerrit/update_users.log') -logger= logging.getLogger('update_users') -logger.setLevel(logging.INFO) - -for check_path in (os.path.dirname(GERRIT_CACHE_DIR), - os.path.dirname(GERRIT_CREDENTIALS), - GERRIT_BACKUP_PATH): - if not os.path.exists(check_path): - os.makedirs(check_path) - -def get_broken_config(filename): - """ gerrit config ini files are broken and have leading tabs """ - text = "" - with open(filename,"r") as conf: - for line in conf.readlines(): - text = "%s%s" % (text, line.lstrip()) - - fp = StringIO.StringIO(text) - c=ConfigParser.ConfigParser() - c.readfp(fp) - return c - -gerrit_config = get_broken_config(GERRIT_CONFIG) -secure_config = get_broken_config(GERRIT_SECURE_CONFIG) - -DB_USER = gerrit_config.get("database", "username") -DB_PASS = secure_config.get("database","password") -DB_DB = gerrit_config.get("database","database") - -def make_db_backup(): - db_backup_file = "%s.%s.sql" % (DB_DB, datetime.isoformat(datetime.now())) - db_backup_path = os.path.join(GERRIT_BACKUP_PATH, db_backup_file) - retval = os.system("mysqldump --opt -u%s -p%s %s | gzip -9 > %s.gz" % - (DB_USER, DB_PASS, DB_DB, db_backup_path)) - if retval != 0: - logger.error("Problem taking a db dump, aborting db update") - sys.exit(retval) - -class LaunchpadAction(object): - def __init__(self): - logger.info('Connecting to Launchpad') - self.launchpad= Launchpad.login_with('Gerrit User Sync', LPNET_SERVICE_ROOT, - GERRIT_CACHE_DIR, - credentials_file = GERRIT_CREDENTIALS) - - logger.info('Getting Launchpad teams') - self.lp_teams= self.get_all_sub_teams('openstack', []) - - def get_all_sub_teams(self, team, have_teams): - for sub_team in self.launchpad.people[team].sub_teams: - if sub_team.name not in have_teams: - have_teams = self.get_all_sub_teams(sub_team.name, have_teams) - have_teams.append(team) - return have_teams - - def get_sub_teams(self, team): - sub_teams= [] - for sub_team in self.launchpad.people[team].sub_teams: - sub_teams.append(sub_team.name) - return sub_teams - - def get_teams(self): - return self.lp_teams - - def get_all_users(self): - logger.info('Getting Launchpad users') - users= [] - for team in self.lp_teams: - for detail in self.launchpad.people[team].members_details: - if (detail.status == 'Approved' or detail.status == 'Administrator'): - name= detail.self_link.split('/')[-1] - if ((users.count(name) == 0) and (name not in self.lp_teams)): - users.append(name) - return users - - def get_user_data(self, user): - return self.launchpad.people[user] - - def get_team_members(self, team, gerrit): - users= [] - for detail in self.launchpad.people[team].members_details: - if (detail.status == 'Approved' or detail.status == 'Administrator'): - name= detail.self_link.split('/')[-1] - # if we found a subteam - if name in self.lp_teams: - # check subteam for implied subteams - for implied_group in gerrit.get_implied_groups(name): - if implied_group in self.lp_teams: - users.extend(self.get_team_members(implied_group, gerrit)) - users.extend(self.get_team_members(name, gerrit)) - continue - users.append(name) - # check team for implied teams - for implied_group in gerrit.get_implied_groups(team): - if implied_group in self.lp_teams: - users.extend(self.get_team_members(implied_group, gerrit)) - # filter out dupes - users= list(set(users)) - return users - - def get_team_watches(self, team): - users= [] - for detail in self.launchpad.people[team].members_details: - if (detail.status == 'Approved' or detail.status == 'Administrator'): - name= detail.self_link.split('/')[-1] - if name in self.lp_teams: - continue - if users.count(name) == 0: - users.append(name) - return users - - def get_team_display_name(self, team): - team_data = self.launchpad.people[team] - return team_data.display_name - -class GerritAction(object): - def __init__(self): - logger.info('Connecting to Gerrit') - self.ssh= paramiko.SSHClient() - self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) - self.ssh.connect('localhost', username=GERRIT_USER, port=29418, key_filename=GERRIT_SSH_KEY) - - def cleanup(self): - logger.info('Closing connection to Gerrit') - self.ssh.close() - - def run_query(self, query): - command= 'gerrit gsql --format JSON -c "{0}"'.format(query) - stdin, stdout, stderr= self.ssh.exec_command(command) -# trying to get stdout return code or stderr can hang with large result sets -# for line in stderr: -# logger.error(line) - return stdout - - def get_groups(self): - logger.info('Getting Gerrit groups') - groups= [] - query= "select name from account_groups" - stdout= self.run_query(query) - for line in stdout: - row= json.loads(line) - if row['type'] == 'row': - group= row['columns']['name'] - groups.append(group) - return groups - - def get_users(self): - logger.info('Getting Gerrit users') - users= [] - query= "select external_id from account_external_ids" - stdout= self.run_query(query) - for line in stdout: - row= json.loads(line) - if row['type'] == 'row': - user= row['columns']['external_id'].replace('username:','') - users.append(user) - return users - - def get_group_id(self, group_name): - query= "select group_id from account_groups where name='{0}'".format(group_name) - stdout= self.run_query(query) - line= stdout.readline() - row= json.loads(line) - if row['type'] == 'row': - return row['columns']['group_id'] - else: - return 0 - - def get_user_id(self, user_name): - query= "select account_id from account_external_ids where external_id='username:{0}'".format(user_name) - stdout= self.run_query(query) - line= stdout.readline() - row= json.loads(line) - return row['columns']['account_id'] - - def get_users_from_group(self, group_name): - logger.info('Getting Gerrit users from group %s', group_name) - users= [] - gid= self.get_group_id(group_name) - - query= "select external_id from account_external_ids join account_group_members on account_group_members.account_id=account_external_ids.account_id where account_group_members.group_id={0} and external_id like 'username%%'".format(gid) - stdout= self.run_query(query) - for line in stdout: - row= json.loads(line) - if row['type'] == 'row': - user= row['columns']['external_id'].replace('username:','') - users.append(user) - return users - - def get_users_from_watches(self, group_name): - logger.info('Getting Gerrit users from watch list %s', group_name) - users= [] - if group_name.endswith("-core"): - group_name = group_name[:-5] - group_name = "openstack/{0}".format(group_name) - - query= "select external_id from account_external_ids join account_project_watches on account_project_watches.account_id=account_external_ids.account_id where account_project_watches.project_name like '{0}' and external_id like 'username%%'".format(group_name) - stdout= self.run_query(query) - for line in stdout: - row= json.loads(line) - if row['type'] == 'row': - user= row['columns']['external_id'].replace('username:','') - users.append(user) - return users - - - def get_implied_groups(self, group_name): - gid= self.get_group_id(group_name) - groups= [] - query= "select name from account_groups join account_group_includes on account_group_includes.include_id=account_groups.group_id where account_group_includes.group_id={0}".format(gid) - stdout= self.run_query(query) - for line in stdout: - row= json.loads(line) - if row['type'] == 'row': - group= row['columns']['name'] - groups.append(group) - return groups - - def add_group(self, group_name, group_display_name): - logger.info('New group %s (%s)', group_display_name, group) - query= "insert into account_group_id (s) values (NULL)" - stdout= self.run_query(query) - row= json.loads(stdout.readline()) - if row['rowCount'] is not 1: - print "Could not get a new account group ID" - raise - query= "select max(s) from account_group_id" - stdout= self.run_query(query) - row= json.loads(stdout.readline()) - gid= row['columns']['max(s)'] - full_uuid= "{0}{1}".format(uuid.uuid4().hex, uuid.uuid4().hex[:8]) - query= "insert into account_groups (group_id, group_type, owner_group_id, name, description, group_uuid) values ({0}, 'INTERNAL', 1, '{1}', '{2}', '{3}')". format(gid, group_name, group_display_name, full_uuid) - self.run_query(query) - query= "insert into account_group_names (group_id, name) values ({0}, '{1}')".format(gid, group_name) - self.run_query(query) - - def add_user(self, user_name, user_data): - logger.info("Adding Gerrit user %s", user_name) - openid_consumer = consumer.Consumer(dict(id=randomString(16, '0123456789abcdef')), None) - openid_request = openid_consumer.begin("https://launchpad.net/~%s" % user_data.name) - user_openid_external_id = openid_request.endpoint.getLocalID() - query= "select account_id from account_external_ids where external_id in ('{0}')".format(user_openid_external_id) - stdout= self.run_query(query) - row= json.loads(stdout.readline()) - if row['type'] == 'row': - # we have a result so this is an updated user name - account_id= row['columns']['account_id'] - query= "update account_external_ids set external_id='{0}' where external_id like 'username%%' and account_id = {1}".format('username:%s' % user_name, account_id) - self.run_query(query) - else: - # we really do have a new user - user_ssh_keys= ["%s %s %s" % ('ssh-%s' % key.keytype.lower(), key.keytext, key.comment) for key in user_data.sshkeys] - user_email= None - try: - user_email = user_data.preferred_email_address.email - except ValueError: - pass - query= "insert into account_id (s) values (NULL)" - self.run_query(query) - query= "select max(s) from account_id" - stdout= self.run_query(query) - row= json.loads(stdout.readline()) - uid= row['columns']['max(s)'] - query= "insert into accounts (account_id, full_name, preferred_email) values ({0}, '{1}', '{2}')".format(uid, user_name, user_email) - self.run_query(query) - keyno= 1 - for key in user_ssh_keys: - query= "insert into account_ssh_keys (ssh_public_key, valid, account_id, seq) values ('{0}', 'Y', {1}, {2})".format(key.strip(), uid, keyno) - self.run_query(query) - keyno = keyno + 1 - query= "insert into account_external_ids (account_id, email_address, external_id) values ({0}, '{1}', '{2}')".format(uid, user_email, user_openid_external_id) - self.run_query(query) - query= "insert into account_external_ids (account_id, external_id) values ({0}, '{1}')".format(uid, "username:%s" % user_name) - self.run_query(query) - if user_email is not None: - query= "insert into account_external_ids (account_id, email_address, external_id) values ({0}. '{1}', '{2}')".format(uid, user_email, "mailto:%s" % user_email) - return None - - def add_user_to_group(self, user_name, group_name): - logger.info("Adding Gerrit user %s to group %s", user_name, group_name) - uid= self.get_user_id(user_name) - gid= self.get_group_id(group_name) - if gid is 0: - print "Trying to add user {0} to non-existent group {1}".format(user_name, group_name) - raise - query= "insert into account_group_members (account_id, group_id) values ({0}, {1})".format(uid, gid) - self.run_query(query) - - def add_user_to_watch(self, user_name, group_name): - logger.info("Adding Gerrit user %s to watch group %s", user_name, group_name) - uid= self.get_user_id(user_name) - if group_name.endswith("-core"): - group_name = group_name[:-5] - group_name = "openstack/{0}".format(group_name) - query= "insert into account_project_watches VALUES ('Y', 'N', 'N', {0}, '{1}', '*')". format(uid, group_name) - self.run_query(query) - - - def del_user_from_group(self, user_name, group_name): - logger.info("Deleting Gerrit user %s from group %s", user_name, group_name) - uid= self.get_user_id(user_name) - gid= self.get_group_id(group_name) - query= "delete from account_group_members where account_id = {0} and group_id = {1}".format(uid, gid) - self.run_query(query) - if group_name.endswith("-core"): - group_name = group_name[:-5] - group_name= "openstack/{0}".format(group_name) - query= "delete from account_project_watches where account_id = {0} and project_name= '{1}'".format(uid, group_name) - self.run_query(query) - - def rebuild_sub_groups(self, group, sub_groups): - gid= self.get_group_id(group) - for sub_group in sub_groups: - sgid= self.get_group_id(sub_group) - query= "select group_id from account_group_includes where group_id={0} and include_id={1}".format(gid, sgid) - stdout= self.run_query(query) - row= json.loads(stdout.readline()) - if row['type'] != 'row': - logger.info('Adding implied group %s to group %s', group, sub_group) - query= "insert into account_group_includes (group_id, include_id) values ({0}, {1})".format(gid, sgid) - self.run_query(query) - - -# Actual work starts here! - -lp= LaunchpadAction() -gerrit= GerritAction() - -logger.info('Making DB backup') -make_db_backup() - -logger.info('Starting group reconcile') -lp_groups= lp.get_teams() -gerrit_groups= gerrit.get_groups() - -group_diff= filter(lambda a: a not in gerrit_groups, lp_groups) -for group in group_diff: - group_display_name= lp.get_team_display_name(group) - gerrit.add_group(group, group_display_name) - -for group in lp_groups: - sub_group= lp.get_sub_teams(group) - if sub_group: - gerrit.rebuild_sub_groups(group, sub_group) - -logger.info('End group reconcile') - -logger.info('Starting user reconcile') -lp_users= lp.get_all_users() -gerrit_users= gerrit.get_users() - -user_diff= filter(lambda a: a not in gerrit_users, lp_users) -for user in user_diff: - gerrit.add_user(user, lp.get_user_data(user)) - -logger.info('End user reconcile') - -logger.info('Starting user to group reconcile') -lp_groups= lp.get_teams() -for group in lp_groups: - # First find users to attach to groups - gerrit_group_users= gerrit.get_users_from_group(group) - lp_group_users= lp.get_team_members(group, gerrit) - - group_diff= filter(lambda a: a not in gerrit_group_users, lp_group_users) - for user in group_diff: - gerrit.add_user_to_group(user, group) - # Second find users to attach to watches - lp_group_watches= lp.get_team_watches(group) - gerrit_group_watches= gerrit.get_users_from_watches(group) - group_diff= filter(lambda a: a not in gerrit_group_watches, lp_group_watches) - for user in group_diff: - gerrit.add_user_to_watch(user, group) - # Third find users to remove from groups/watches - group_diff= filter(lambda a: a not in lp_group_users, gerrit_group_users) - for user in group_diff: - gerrit.del_user_from_group(user, group) - -logger.info('Ending user to group reconcile') - -gerrit.cleanup() diff --git a/modules/launchpad_sync/manifests/init.pp b/modules/launchpad_sync/manifests/init.pp deleted file mode 100644 index f6544bd..0000000 --- a/modules/launchpad_sync/manifests/init.pp +++ /dev/null @@ -1,36 +0,0 @@ -class launchpad_sync( - $user='gerrit2', - $script_user='update', - $script_key_file='/home/gerrit2/.ssh/id_rsa', - $site, - $root_team -) { - - include mysql - include mysql::python - - $packages = [ - "python-openid", # for launchpad sync script - "python-launchpadlib", # for launchpad sync script - ] - - package { $packages: - ensure => present, - } - - file { '/usr/local/bin/update_gerrit_users.py': - owner => 'root', - group => 'root', - mode => 755, - source => "puppet:///modules/launchpad_sync/update_gerrit_users.py", - ensure => present, - } - - cron { "sync_launchpad_users": - user => $user, - minute => "*/15", - command => "sleep $((RANDOM\\%60+60)) && python /usr/local/bin/update_gerrit_users.py ${script_user} ${script_key_file} ${site} ${root_team}", - require => File['/usr/local/bin/update_gerrit_users.py'], - } - -} diff --git a/modules/lodgeit/files/header-bg2.png b/modules/lodgeit/files/header-bg2.png deleted file mode 100644 index 146faec..0000000 Binary files a/modules/lodgeit/files/header-bg2.png and /dev/null differ diff --git a/modules/lodgeit/manifests/init.pp b/modules/lodgeit/manifests/init.pp deleted file mode 100644 index a69a1af..0000000 --- a/modules/lodgeit/manifests/init.pp +++ /dev/null @@ -1,52 +0,0 @@ -class lodgeit { - $packages = [ "python-imaging", - "python-jinja2", - "python-pybabel", - "python-werkzeug", - "python-simplejson", - "python-pygments", - "drizzle", - "python-mysqldb" ] - - include apache - - include pip - a2mod { 'proxy': - ensure => present - } - a2mod { 'proxy_http': - ensure => present - } - - package { $packages: ensure => present } - - package { 'SQLAlchemy': - provider => pip, - ensure => present, - require => Class[pip] - } - - file { '/srv/lodgeit': - ensure => directory - } - - service { 'drizzle': - ensure => running, - hasrestart => true - } - - vcsrepo { "/tmp/lodgeit-main": - ensure => latest, - provider => git, - source => "https://github.com/openstack-ci/lodgeit.git", - } - -# create initial git DB backup location - - exec { "create_db_backup": - command => "git init /var/backups/lodgeit_db", - path => "/bin:/usr/bin", - onlyif => "test ! -d /var/backups/lodgeit_db" - } - -} diff --git a/modules/lodgeit/manifests/site.pp b/modules/lodgeit/manifests/site.pp deleted file mode 100644 index 82f57d7..0000000 --- a/modules/lodgeit/manifests/site.pp +++ /dev/null @@ -1,75 +0,0 @@ -define lodgeit::site($vhost_name="paste.$name.org", $port, $image="") { - - include remove_nginx - - apache::vhost::proxy { $vhost_name: - port => 80, - dest => "http://localhost:$port", - require => File["/srv/lodgeit/${name}"], - } - - file { "/etc/init/${name}-paste.conf": - ensure => 'present', - content => template("lodgeit/upstart.erb"), - replace => 'true', - require => Package[nginx], - notify => Service["${name}-paste"] - } - - file { "/srv/lodgeit/${name}": - ensure => directory, - recurse => true, - source => "/tmp/lodgeit-main" - } - - if $image != '' { - file { "/srv/lodgeit/${name}/lodgeit/static/${image}": - ensure => present, - source => "puppet:///lodgeit/${image}" - } - } - - file { "/srv/lodgeit/${name}/manage.py": - mode => 755, - replace => true, - content => template("lodgeit/manage.py.erb"), - notify => Service["${name}-paste"] - } - - file { "/srv/lodgeit/${name}/lodgeit/views/layout.html": - replace => true, - content => template("lodgeit/layout.html.erb") - } - - exec { "create_database_${name}": - command => "drizzle --user=root -e \"create database if not exists ${name};\"", - path => "/bin:/usr/bin", - unless => "drizzle --disable-column-names -r --batch -e \"show databases like 'openstack'\" | grep openstack >/dev/null", - require => Service["drizzle"] - } - -# create a backup .sql file in git - - exec { "create_db_backup_${name}": - command => "touch ${name}.sql && git add ${name}.sql && git commit -am \"Initial commit for ${name}\"", - cwd => "/var/backups/lodgeit_db/", - path => "/bin:/usr/bin", - onlyif => "test ! -f /var/backups/lodgeit_db/${name}.sql" - } - -# cron to take a backup and commit it in git - - cron { "update_backup_${name}": - user => root, - hour => 6, - minute => 23, - command => "sleep $((RANDOM\\%60+60)) && cd /var/backups/lodgeit_db && drizzledump -uroot ${name} > ${name}.sql && git commit -qam \"Updating DB backup for ${name}\"" - } - - service { "${name}-paste": - provider => upstart, - ensure => running, - require => [Service["drizzle", "nginx"], Exec["create_database_${name}"]] - } - -} diff --git a/modules/lodgeit/templates/layout.html.erb b/modules/lodgeit/templates/layout.html.erb deleted file mode 100644 index ae6d257..0000000 --- a/modules/lodgeit/templates/layout.html.erb +++ /dev/null @@ -1,88 +0,0 @@ - - - - {{ page_title|e }} | LodgeIt! - - - - - - - {%- if css %} - - {%- endif %} - - -
- - - {#
    - {% for lang, name in i18n_languages %} -
  • - - {{ lang }} - -
    • - {% endfor %} -
#} -
-

{{ page_title|e }}

- {%- if new_replies %} -
-

{% trans %}Someone Replied To Your Paste{% endtrans %}

- {% for paste in new_replies %} -

{% trans date=paste.pub_date|datetimeformat, parent=paste.parent.paste_id, - paste=paste.paste_id, paste_url=paste.url|e, parent_url=paste.parent.url|e %} - on {{ date }} someone replied to your paste - #{{ parent }}, - in paste #{{ paste }}. Click here to {% endtrans %} - - {%- trans %}compare those two pastes{% endtrans %}. -

- {% endfor %} -

{% trans %}hide this notification{% endtrans %}

-
- {% elif request.first_visit %} -
-

{% trans %}Welcome On LodgeIt{% endtrans %}

-

{%- trans -%} - Welcome to the LodgeIt pastebin. In order to use the notification feature - a 31 day cookie with an unique ID was created for you. The lodgeit database - does not store any information about you, it's just used for an advanced - pastebin experience :-). Read more on the {% endtrans -%} - {% trans %}about lodgeit{% endtrans %} - {%- trans %} page. Have fun :-){%- endtrans -%} -

-

- {% trans %}hide this notification{% endtrans %} -

-
- {% endif -%} - {% block body %}{% endblock -%} -
-
-
- - diff --git a/modules/lodgeit/templates/manage.py.erb b/modules/lodgeit/templates/manage.py.erb deleted file mode 100644 index 6f1a614..0000000 --- a/modules/lodgeit/templates/manage.py.erb +++ /dev/null @@ -1,36 +0,0 @@ -import os - -from werkzeug import script, create_environ, run_wsgi_app -from werkzeug.serving import run_simple - -from lodgeit import local -from lodgeit.application import make_app -from lodgeit.database import session - -dburi = 'drizzle://127.0.0.1:4427/<%= name %>' - -SECRET_KEY = 'no secret key' - -def run_app(app, path='/'): - env = create_environ(path, SECRET_KEY) - return run_wsgi_app(app, env) - -action_runserver = script.make_runserver( - lambda: make_app(dburi, SECRET_KEY), - use_reloader=True) - -action_shell = script.make_shell( - lambda: { - 'app': make_app(dburi, SECRET_KEY, False, True), - 'local': local, - 'session': session, - 'run_app': run_app - }, - ('\nWelcome to the interactive shell environment of LodgeIt!\n' - '\n' - 'You can use the following predefined objects: app, local, session.\n' - 'To run the application (creates a request) use *run_app*.') -) - -if __name__ == '__main__': - script.run() diff --git a/modules/lodgeit/templates/upstart.erb b/modules/lodgeit/templates/upstart.erb deleted file mode 100644 index 4b2cb47..0000000 --- a/modules/lodgeit/templates/upstart.erb +++ /dev/null @@ -1,8 +0,0 @@ -description "<%= name %> Lodgeit server" -author "Andrew Hutchings " - -start on (local-filesystems and net-device-up) -stop on runlevel [!2345] - -exec python /srv/lodgeit/<%= name %>/manage.py runserver -h 127.0.0.1 -p <%= port %> - diff --git a/modules/logrotate/manifests/file.pp b/modules/logrotate/manifests/file.pp deleted file mode 100644 index 8c11c96..0000000 --- a/modules/logrotate/manifests/file.pp +++ /dev/null @@ -1,22 +0,0 @@ -define logrotate::file($log, - $options, - $ensure=present, - $prerotate='undef', - $postrotate='undef', - $firstaction='undef', - $lastaction='undef') { - - # $options should be an array containing 1 or more logrotate - # directives (e.g. missingok, compress). - - include logrotate - - file { "/etc/logrotate.d/${name}": - owner => root, - group => root, - mode => 644, - ensure => $ensure, - content => template("logrotate/config.erb"), - require => File["/etc/logrotate.d"], - } -} diff --git a/modules/logrotate/manifests/init.pp b/modules/logrotate/manifests/init.pp deleted file mode 100644 index 662074c..0000000 --- a/modules/logrotate/manifests/init.pp +++ /dev/null @@ -1,16 +0,0 @@ -# Adapted from http://projects.puppetlabs.com/projects/1/wiki/Logrotate_Patterns - -class logrotate { - - package { "logrotate": - ensure => present, - } - - file { "/etc/logrotate.d": - ensure => directory, - owner => root, - group => root, - mode => 755, - require => Package["logrotate"], - } -} diff --git a/modules/logrotate/templates/config.erb b/modules/logrotate/templates/config.erb deleted file mode 100644 index 58c8cf0..0000000 --- a/modules/logrotate/templates/config.erb +++ /dev/null @@ -1,24 +0,0 @@ -<%= log %> { -<% options.each do |opt| -%> <%= opt %> -<% end -%> -<% if prerotate != 'undef' -%> - prerotate - <%= prerotate %> - endscript -<% end -%> -<% if postrotate != 'undef' -%> - postrotate - <%= postrotate %> - endscript -<% end -%> -<% if firstaction != 'undef' -%> - firstaction - <%= firstaction %> - endscript -<% end -%> -<% if lastaction != 'undef' -%> - lastaction - <%= lastaction %> - endscript -<% end -%> -} diff --git a/modules/mailman/files/html-templates-en/admindbdetails.html b/modules/mailman/files/html-templates-en/admindbdetails.html deleted file mode 100644 index a6b7eb9..0000000 --- a/modules/mailman/files/html-templates-en/admindbdetails.html +++ /dev/null @@ -1,60 +0,0 @@ -The administrative requests are displayed in one of two ways, on a summary page, and on a details page. -The summary page contains pending subscription and unsubscription -requests, as well as postings being held for your approval, grouped by -sender email address. The details page contains a more detailed view of -each held message, including the all the message's headers and an -excerpt of the message body. - -

On all the pages, the following actions are available: - -

  • Defer -- Defer your decision until later. No action is -taken now for this pending administrative request, but for held -postings, you can still forward or preserve the message (see below). - -
  • Approve -- Approve the message, sending it on to the list. -For membership requests, approve the change in membership status. - -
  • Reject -- Reject the message, sending a rejection notice to -the sender, and discarding the original message. For membership -requests, reject the change in membership status. In either case, you -should add a reason for the rejection in the accompanying text box. - -
  • Discard -- Throw away the original message, without sending a -rejection notice. For membership requests, this simply discards the -request without notice to the person making the request. This is -usually the action you want to take for known spam.
- -

For held messages, turn on the Preserve option if you want to -save a copy of the message for the site administrator. This is useful -for abusive messages that you want to discard, but need to keep a record -of for later inspection. - -

Turn on the Forward to option, and fill in the forwarding -address if you want to forward the message to someone else not on the -list. To edit a held message before it is sent on to the list, you -should forward the message to yourself (or the list owners), and discard -the original message. Then, when the message shows up in your mailbox, -make your edits and resend the message to the list, including an -Approved: header with the list password as its value. It is -proper netiquette in this case to include a note in the resent message, -explaining that you have modified the text. - -

If the sender is a list member who is being moderated, you can -optionally clear their moderation flag. This is useful when your list -is configured to put new members on probation, and you've decided that -this member can be trusted to post to the list without approval. - -

If the sender is not a list member, you can add the email address to -a sender filter. Sender filters are described on the sender filter privacy page, and may be one of -auto-accept (Accepts), auto-hold (Holds), -auto-reject (Rejects), or auto-discard (Discards). This -option will not be available if the address is already on one of the -sender filters. - -

When you're finished, click on the Submit All Data button at -the top or bottom of the page. This button will submit all selected -actions for all administrative requests that you've made a decision for. - -

Return to the summary page. diff --git a/modules/mailman/files/html-templates-en/admindbpreamble.html b/modules/mailman/files/html-templates-en/admindbpreamble.html deleted file mode 100644 index 659b77e..0000000 --- a/modules/mailman/files/html-templates-en/admindbpreamble.html +++ /dev/null @@ -1,10 +0,0 @@ -This page contains a subset of the %(listname)s mailing list -postings that are being held for your approval. It currently shows -%(description)s - -

For each administrative request, please select the action to take, -clicking on the Submit All Data when finished. More detailed -instructions are available here. - -

You can also view a summary of all -pending requests. diff --git a/modules/mailman/files/html-templates-en/admindbsummary.html b/modules/mailman/files/html-templates-en/admindbsummary.html deleted file mode 100644 index 20ffef5..0000000 --- a/modules/mailman/files/html-templates-en/admindbsummary.html +++ /dev/null @@ -1,14 +0,0 @@ -This page contains a summary of the current set of administrative -requests requiring your approval for the -%(listname)s mailing list. -First, you will find the list of pending -subscription and unsubscription requests, if any, followed by any -postings being held for your approval. - -

For each administrative request, please select the action to take, -clicking on the Submit All Data button when finished. -More detailed instructions are also -available. - -

You can also view the details of all -held postings. diff --git a/modules/mailman/files/html-templates-en/adminsubscribeack.txt b/modules/mailman/files/html-templates-en/adminsubscribeack.txt deleted file mode 100644 index 388a3a2..0000000 --- a/modules/mailman/files/html-templates-en/adminsubscribeack.txt +++ /dev/null @@ -1,3 +0,0 @@ -%(member)s has been successfully subscribed to %(listname)s. - - diff --git a/modules/mailman/files/html-templates-en/adminunsubscribeack.txt b/modules/mailman/files/html-templates-en/adminunsubscribeack.txt deleted file mode 100644 index 2ebcfeb..0000000 --- a/modules/mailman/files/html-templates-en/adminunsubscribeack.txt +++ /dev/null @@ -1,2 +0,0 @@ -%(member)s has been removed from %(listname)s. - diff --git a/modules/mailman/files/html-templates-en/admlogin.html b/modules/mailman/files/html-templates-en/admlogin.html deleted file mode 100644 index 4dd2574..0000000 --- a/modules/mailman/files/html-templates-en/admlogin.html +++ /dev/null @@ -1,40 +0,0 @@ - - - %(listname)s %(who)s Authentication - - - -

-%(message)s - - - - - - - - - - - -
- %(listname)s %(who)s - Authentication -
List %(who)s Password:
-
-

Important: From this point on, you - must have cookies enabled in your browser, otherwise no - administrative changes will take effect. - -

Session cookies are used in Mailman's - administrative interface so that you don't need to - re-authenticate with every administrative operation. This - cookie will expire automatically when you exit your browser, or - you can explicitly expire the cookie by hitting the - Logout link under Other Administrative - Activities (which you'll see once you successfully log in). -

- - diff --git a/modules/mailman/files/html-templates-en/approve.txt b/modules/mailman/files/html-templates-en/approve.txt deleted file mode 100644 index dfb0dfb..0000000 --- a/modules/mailman/files/html-templates-en/approve.txt +++ /dev/null @@ -1,15 +0,0 @@ -Your request to %(requestaddr)s: - - %(cmd)s - -has been forwarded to the person running the list. - -This is probably because you are trying to subscribe to a 'closed' -list. - -You will receive email notification of the list owner's decision about -your subscription request. - -Any questions about the list owner's policy should be directed to: - - %(adminaddr)s diff --git a/modules/mailman/files/html-templates-en/archidxentry.html b/modules/mailman/files/html-templates-en/archidxentry.html deleted file mode 100644 index f9bb57a..0000000 --- a/modules/mailman/files/html-templates-en/archidxentry.html +++ /dev/null @@ -1,4 +0,0 @@ -
  • %(subject)s -  -%(author)s - diff --git a/modules/mailman/files/html-templates-en/archidxfoot.html b/modules/mailman/files/html-templates-en/archidxfoot.html deleted file mode 100644 index 8fbf736..0000000 --- a/modules/mailman/files/html-templates-en/archidxfoot.html +++ /dev/null @@ -1,63 +0,0 @@ - -

    - Last message date: - %(lastdate)s
    - Archived on: %(archivedate)s -

    -

    -
    -
    - This archive was generated by Pipermail %(version)s. - - -
    - - - - - diff --git a/modules/mailman/files/html-templates-en/archidxhead.html b/modules/mailman/files/html-templates-en/archidxhead.html deleted file mode 100644 index 9db8595..0000000 --- a/modules/mailman/files/html-templates-en/archidxhead.html +++ /dev/null @@ -1,89 +0,0 @@ - - - - OpenStack Open Source Cloud Computing Software » The %(listname)s %(archive)s Archive by %(archtype)s - - %(encoding)s - - - - - - - - - - - - - - - - - - - - - - - -
    - -
    - - -
    - -

    %(archive)s Archives by %(archtype)s

    - -

    Starting: %(firstdate)s
    - Ending: %(lastdate)s
    - Messages: %(size)s

    -

      diff --git a/modules/mailman/files/html-templates-en/archlistend.html b/modules/mailman/files/html-templates-en/archlistend.html deleted file mode 100644 index 9bc052d..0000000 --- a/modules/mailman/files/html-templates-en/archlistend.html +++ /dev/null @@ -1 +0,0 @@ - diff --git a/modules/mailman/files/html-templates-en/archliststart.html b/modules/mailman/files/html-templates-en/archliststart.html deleted file mode 100644 index cdf5d17..0000000 --- a/modules/mailman/files/html-templates-en/archliststart.html +++ /dev/null @@ -1,4 +0,0 @@ - - - - diff --git a/modules/mailman/files/html-templates-en/archtoc.html b/modules/mailman/files/html-templates-en/archtoc.html deleted file mode 100644 index f3cc27f..0000000 --- a/modules/mailman/files/html-templates-en/archtoc.html +++ /dev/null @@ -1,127 +0,0 @@ - - - - OpenStack Open Source Cloud Computing Software » The %(listname)s Archives - - %(meta)s - - - - - - - - - - - - - - - - - - - - - - -
      - -
      - - -
      - -

      The %(listname)s Archives

      -

      - You can get more information about this list - or you can download the full raw archive - (%(size)s). -

      - %(noarchive_msg)s - %(archive_listing_start)s - %(archive_listing)s - %(archive_listing_end)s -
      -
      - -
      -
      - - diff --git a/modules/mailman/files/html-templates-en/archtocentry.html b/modules/mailman/files/html-templates-en/archtocentry.html deleted file mode 100644 index 00cf9c4..0000000 --- a/modules/mailman/files/html-templates-en/archtocentry.html +++ /dev/null @@ -1,12 +0,0 @@ - - - - - %(textlink)s - - diff --git a/modules/mailman/files/html-templates-en/archtocnombox.html b/modules/mailman/files/html-templates-en/archtocnombox.html deleted file mode 100644 index 5694863..0000000 --- a/modules/mailman/files/html-templates-en/archtocnombox.html +++ /dev/null @@ -1,127 +0,0 @@ - - - - OpenStack Open Source Cloud Computing Software » The %(listname)s Archives - - %(meta)s - - - - - - - - - - - - - - - - - - - - - - -
      - -
      - - -
      - -

      The %(listname)s Archives

      -

      - You can get more information about this list. -

      - %(noarchive_msg)s - %(archive_listing_start)s - %(archive_listing)s - %(archive_listing_end)s - -
      -
      - -
      -
      - - - diff --git a/modules/mailman/files/html-templates-en/article.html b/modules/mailman/files/html-templates-en/article.html deleted file mode 100644 index 872dc6a..0000000 --- a/modules/mailman/files/html-templates-en/article.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - OpenStack Open Source Cloud Computing Software » Message: %(title)s - - - - - - - - - - - - - - - - - - - - - - - - - %(encoding)s - %(prev)s - %(next)s - - -
      - -
      - - -
      -

      %(subject_html)s

      - %(author_html)s - %(email_html)s -
      - %(datestr_html)s -

      -
      - -%(body)s - -
      -

      - -
      -More information about the %(listname)s -mailing list
      - -
      -
      - -
      -
      - - diff --git a/modules/mailman/files/html-templates-en/bounce.txt b/modules/mailman/files/html-templates-en/bounce.txt deleted file mode 100644 index 8e02cc7..0000000 --- a/modules/mailman/files/html-templates-en/bounce.txt +++ /dev/null @@ -1,13 +0,0 @@ -This is a Mailman mailing list bounce action notice: - - List: %(listname)s - Member: %(addr)s - Action: Subscription %(negative)s%(did)s. - Reason: Excessive or fatal bounces. - %(but)s - -%(reenable)s -The triggering bounce notice is attached below. - -Questions? -Contact the Mailman site administrator at %(owneraddr)s. diff --git a/modules/mailman/files/html-templates-en/checkdbs.txt b/modules/mailman/files/html-templates-en/checkdbs.txt deleted file mode 100644 index d53925a..0000000 --- a/modules/mailman/files/html-templates-en/checkdbs.txt +++ /dev/null @@ -1,7 +0,0 @@ -The %(real_name)s@%(host_name)s mailing list has %(count)d request(s) -waiting for your consideration at: - - %(adminDB)s - -Please attend to this at your earliest convenience. This notice of -pending requests, if any, will be sent out daily. diff --git a/modules/mailman/files/html-templates-en/convert.txt b/modules/mailman/files/html-templates-en/convert.txt deleted file mode 100644 index ae17a79..0000000 --- a/modules/mailman/files/html-templates-en/convert.txt +++ /dev/null @@ -1,34 +0,0 @@ -The %(listname)s mailing list has just undergone a big change. It is -running on a new mailing list package called "Mailman". This will -hopefully solve a lot of problems that administering this list has -presented. - -How does this affect you? - -1) Mail intended for the whole list should be sent to: %(listaddr)s. - -2) You have been given an arbitrary password to prevent others from -unsubscribing you without your knowledge. It will be mailed to you in -a separate email, which you may have already received. Don't worry if -you forget this password; a reminder will be sent to you via email -every month. - -3) If you have World Wide Web access, you can use it any time to -unsubscribe from this list, to switch to and from digest mode, to -check back issues of the list (which will be available after the list -has been getting posts for a day or so), etc. The Web address for -these resources is: - - %(listinfo_url)s - -4) If you do not have WWW access, you can do these same things via -email. Send mail to %(requestaddr)s with a subject or body containing -just the word "help" (without the quotes). You will receive an -automated reply giving you further directions. - -Please address any questions or problems with this new setup to: -%(adminaddr)s. - -This message was auto-generated by Mailman %(version)s. For more -information on the Mailman software, visit the Mailman homepage at -http://www.list.org/ diff --git a/modules/mailman/files/html-templates-en/cronpass.txt b/modules/mailman/files/html-templates-en/cronpass.txt deleted file mode 100644 index 52ce5ea..0000000 --- a/modules/mailman/files/html-templates-en/cronpass.txt +++ /dev/null @@ -1,19 +0,0 @@ -This is a reminder, sent out once a month, about your %(hostname)s -mailing list memberships. It includes your subscription info and how -to use it to change it or unsubscribe from a list. - -You can visit the URLs to change your membership status or -configuration, including unsubscribing, setting digest-style delivery -or disabling delivery altogether (e.g., for a vacation), and so on. - -In addition to the URL interfaces, you can also use email to make such -changes. For more info, send a message to the '-request' address of -the list (for example, %(exreq)s) containing just the word 'help' in -the message body, and an email message will be sent to you with -instructions. - -If you have questions, problems, comments, etc, send them to -%(owner)s. Thanks! - -Passwords for %(useraddr)s: - diff --git a/modules/mailman/files/html-templates-en/disabled.txt b/modules/mailman/files/html-templates-en/disabled.txt deleted file mode 100644 index 54998a8..0000000 --- a/modules/mailman/files/html-templates-en/disabled.txt +++ /dev/null @@ -1,25 +0,0 @@ -Your membership in the mailing list %(listname)s has been disabled -%(reason)s. You will not get any more messages from this -list until you re-enable your membership. You will receive -%(noticesleft)s more reminders like this before your membership in the -list is deleted. - -To re-enable your membership, you can simply respond to this message -(leaving the Subject: line intact), or visit the confirmation page at - - %(confirmurl)s - -You can also visit your membership page at - - %(optionsurl)s - -On your membership page, you can change various delivery options such -as your email address and whether you get digests or not. As a -reminder, your membership password is - - %(password)s - -If you have any questions or problems, you can contact the list owner -at - - %(owneraddr)s diff --git a/modules/mailman/files/html-templates-en/emptyarchive.html b/modules/mailman/files/html-templates-en/emptyarchive.html deleted file mode 100644 index ab034aa..0000000 --- a/modules/mailman/files/html-templates-en/emptyarchive.html +++ /dev/null @@ -1,121 +0,0 @@ - - - - OpenStack Open Source Cloud Computing Software » The %(listname)s Archives - - - - - - - - - - - - - - - - - - - -i - - - -
      - -
      - - -
      -

      The %(listname)s Archives

      -

      - No messages have been posted to this list yet, so the archives are - currently empty. You can get more information - about this list. -

      -
      -
      - -
      -
      - - diff --git a/modules/mailman/files/html-templates-en/headfoot.html b/modules/mailman/files/html-templates-en/headfoot.html deleted file mode 100644 index f2dd04e..0000000 --- a/modules/mailman/files/html-templates-en/headfoot.html +++ /dev/null @@ -1,28 +0,0 @@ -This text can include -Python -format strings which are resolved against list attributes. The -list of substitutions allowed are: - -
        -
      • real_name - The "pretty" name of the list; usually - the list name with capitalization. - -
      • list_name - The name by which the list is - identified in URLs, where case is significant. - -
      • host_name - The fully qualified domain name - that the list server runs on. - -
      • web_page_url - The base URL for Mailman. This - can be appended with, - e.g. listinfo/%(list_name)s to yield the - listinfo page for the mailing list. - -
      • description - The brief description of the - mailing list. - -
      • info - The full description of the mailing - list. - -
      • cgiext - The extension added to CGI scripts. -
      diff --git a/modules/mailman/files/html-templates-en/help.txt b/modules/mailman/files/html-templates-en/help.txt deleted file mode 100644 index 654eda3..0000000 --- a/modules/mailman/files/html-templates-en/help.txt +++ /dev/null @@ -1,33 +0,0 @@ -Help for %(listname)s mailing list: - -This is email command help for version %(version)s of the "Mailman" -list manager. The following describes commands you can send to get -information about and control your subscription to Mailman lists at -this site. A command can be in the subject line or in the body of the -message. - -Note that much of the following can also be accomplished via the World -Wide Web, at: - - %(listinfo_url)s - -In particular, you can use the Web site to have your password sent to -your delivery address. - -List specific commands (subscribe, who, etc) should be sent to the -*-request address for the particular list, e.g. for the 'mailman' -list, use 'mailman-request@...'. - -About the descriptions - words in "<>"s signify REQUIRED items and -words in "[]" denote OPTIONAL items. Do not include the "<>"s or -"[]"s when you use the commands. - -The following commands are valid: - - %(commands)s - -Commands should be sent to %(requestaddr)s - -Questions and concerns for the attention of a person should be sent to - - %(adminaddr)s diff --git a/modules/mailman/files/html-templates-en/invite.txt b/modules/mailman/files/html-templates-en/invite.txt deleted file mode 100644 index 920c842..0000000 --- a/modules/mailman/files/html-templates-en/invite.txt +++ /dev/null @@ -1,20 +0,0 @@ -Your address "%(email)s" has been invited to join the %(listname)s -mailing list at %(hostname)s by the %(listname)s mailing list owner. -You may accept the invitation by simply replying to this message, -keeping the Subject: header intact. - -You can also visit this web page: - - %(confirmurl)s - -Or you should include the following line -- and only the following -line -- in a message to %(requestaddr)s: - - confirm %(cookie)s - -Note that simply sending a `reply' to this message should work from -most mail readers. - -If you want to decline this invitation, please simply disregard this -message. If you have any questions, please send them to -%(listowner)s. diff --git a/modules/mailman/files/html-templates-en/listinfo.html b/modules/mailman/files/html-templates-en/listinfo.html deleted file mode 100644 index 2a747fd..0000000 --- a/modules/mailman/files/html-templates-en/listinfo.html +++ /dev/null @@ -1,259 +0,0 @@ - - - - OpenStack Open Source Cloud Computing Software » <MM-List-Name> - <MM-List-Description> - - - - - - - - - - - - - - - - - - - - - - - -
      - -
      - - -
      -

      -

      ArchiveView by:Downloadable version
      %(archivelabel)s: - [ Thread ] - [ Subject ] - [ Author ] - [ Date ] -
      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      - -- - -
      -

        -

      - About - - - - -
      -

      -

      To see the collection of prior postings to the list, - visit the - Archives. - -

      -
      - Using -
      - To post a message to all the list members, send email to - . - -

      You can subscribe to the list, or change your existing - subscription, in the sections below. -

      - Subscribing to -
      -

      - Subscribe to by filling out the following - form. -

        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        Your email address: -  
        Your name (optional): 
        You may enter a - privacy password below. This provides only mild security, - but should prevent others from messing with your - subscription. Do not use a valuable password as - it will occasionally be emailed back to you in cleartext. - -

        If you choose not to enter a password, one will be - automatically generated for you, and it will be sent to - you once you've confirmed your subscription. You can - always request a mail-back of your password when you edit - your personal options. - -

        Pick a password: 
        Reenter password to confirm: 
        Which language do you prefer to display your messages?  
        Would you like to receive list mail batched in a daily - digest? - No - Yes -
        -

        -
        - -
      -
      - - Subscribers -
      - - - -

      - - - -

      -
      - -
      - -
      - -
    - - diff --git a/modules/mailman/files/html-templates-en/masthead.txt b/modules/mailman/files/html-templates-en/masthead.txt deleted file mode 100644 index 30c526a..0000000 --- a/modules/mailman/files/html-templates-en/masthead.txt +++ /dev/null @@ -1,13 +0,0 @@ -Send %(real_name)s mailing list submissions to - %(got_list_email)s - -To subscribe or unsubscribe via the World Wide Web, visit - %(got_listinfo_url)s -or, via email, send a message with subject or body 'help' to - %(got_request_email)s - -You can reach the person managing the list at - %(got_owner_email)s - -When replying, please edit your Subject line so it is more specific than -"Re: Contents of %(real_name)s digest..." diff --git a/modules/mailman/files/html-templates-en/newlist.txt b/modules/mailman/files/html-templates-en/newlist.txt deleted file mode 100644 index 3362887..0000000 --- a/modules/mailman/files/html-templates-en/newlist.txt +++ /dev/null @@ -1,35 +0,0 @@ -The mailing list `%(listname)s' has just been created for you. The -following is some basic information about your mailing list. - -Your mailing list password is: - - %(password)s - -You need this password to configure your mailing list. You also need -it to handle administrative requests, such as approving mail if you -choose to run a moderated list. - -You can configure your mailing list at the following web page: - - %(admin_url)s - -The web page for users of your mailing list is: - - %(listinfo_url)s - -You can even customize these web pages from the list configuration -page. However, you do need to know HTML to be able to do this. - -There is also an email-based interface for users (not administrators) -of your list; you can get info about using it by sending a message -with just the word `help' as subject or in the body, to: - - %(requestaddr)s - -To unsubscribe a user: from the mailing list 'listinfo' web page, -click on or enter the user's email address as if you were that user. -Where that user would put in their password to unsubscribe, put in -your admin password. You can also use your password to change -member's options, including digestification, delivery disabling, etc. - -Please address all questions to %(siteowner)s. diff --git a/modules/mailman/files/html-templates-en/nomoretoday.txt b/modules/mailman/files/html-templates-en/nomoretoday.txt deleted file mode 100644 index 1019dce..0000000 --- a/modules/mailman/files/html-templates-en/nomoretoday.txt +++ /dev/null @@ -1,8 +0,0 @@ -We have received a message from your address `%(sender)s' requesting -an automated response from the %(listname)s mailing list. We have -seen %(num)s such messages from you today. In order to avoid problems -such as mail loops between email robots, we will not be sending you -any further email responses today. Please try again tomorrow. - -If you believe this message is in error, or if you have any questions, -please contact the list owner at %(owneremail)s. diff --git a/modules/mailman/files/html-templates-en/options.html b/modules/mailman/files/html-templates-en/options.html deleted file mode 100644 index 1e4db36..0000000 --- a/modules/mailman/files/html-templates-en/options.html +++ /dev/null @@ -1,420 +0,0 @@ - - - - OpenStack Open Source Cloud Computing Software » <MM-Presentable-User> membership configuration for <MM-List-Name> - - - - - - - - - - - - - - - - - - - - - - -
    - -
    - - -
    - - - -
    - - mailing list membership configuration for - -
    -

    - - - - - -
    - 's subscription status, - password, and options for the mailing list. -
    - - - - -

    -

    - - -

    - - - - - - - - -
    - - Changing your membership information -
    You can change the address that you are subscribed - to the mailing list with by entering the new address in the - fields below. Note that a confirmation email will be sent to - the new address, and the change must be confirmed before it is - processed. - -

    Confirmations time out after about . - -

    You can also optionally set or change your real name - (i.e. John Smith). - -

    If you want to make the membership changes for all the - lists that you are subscribed to at , turn on the - Change globally check box. - -

    - - - - - - - -
    New address:
    Again to - confirm:
    -
    - - - - -
    Your name - (optional):
    -
    -

    Change globally

    - -

    - - - - - - - -
    - Unsubscribing from - Your other subscriptions -
    - Turn on the confirmation checkbox and hit this button to - unsubscribe from this mailing list. Warning: - This action will be taken immediately! -

    -

    		- You can view a list of all the other mailing lists at - for which you are a member. Use this if you want to - make the same membership option changes to this other - subscriptions. - -

    -

    -
    - - - - - - -
    - Your Password -
    - -
    -

    Forgotten Your Password?

    -
    - Click this button to have your password emailed to your - membership address. -

    -

    - -
    -     		- -
    -

    Change Your Password

    - - - - - - - - -
    New - password:
    Again to - confirm:
    - - -

    Change globally. -
    -
    - -

    - - -
    - Your Subscription Options -
    - -

    -Current values are checked. - -

    Note that some of the options have a Set globally -checkbox. Checking this field will cause the changes to be made to -every mailing list that you are a member of on . Click on -List my other subscriptions above to see which other mailing -lists you are subscribed to. -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    - - Mail delivery

    - Set this option to Enabled to receive messages posted - to this mailing list. Set it to Disabled if you want - to stay subscribed, but don't want mail delivered to you for a - while (e.g. you're going on vacation). If you disable mail - delivery, don't forget to re-enable it when you come back; it - will not be automatically re-enabled. -

    		- Enabled
    - Disabled

    - Set globally -

    - Set Digest Mode

    - If you turn digest mode on, you'll get posts bundled together - (usually one per day but possibly more on busy lists), instead - of singly when they're sent. If digest mode is changed from - on to off, you may receive one last digest. -

    		- Off
    - On -
    - Get MIME or Plain Text Digests?

    - Your mail reader may or may not support MIME digests. In - general MIME digests are preferred, but if you have a problem - reading them, select plain text digests. -

    		- MIME
    - Plain Text

    - Set globally -

    - Receive your own posts to the list?

    - Ordinarily, you will get a copy of every message you post to - the list. If you don't want to receive this copy, set this - option to No. -

    		- No
    - Yes -
    - Receive acknowledgement mail when you send mail to - the list?

    -

    		- No
    - Yes -
    - Get password reminder email for this list?

    - Once a month, you will get an email containing a password - reminder for every list at this host to which you are - subscribed. You can turn this off on a per-list basis by - selecting No for this option. If you turn off - password reminders for all the lists you are subscribed to, no - reminder email will be sent to you. -

    		- No
    - Yes

    - Set globally -

    - Conceal yourself from subscriber list?

    - When someone views the list membership, your email address is - normally shown (in an obscured fashion to thwart spam - harvesters). If you do not want your email address to show up - on this membership roster at all, select Yes for this option. -

    		- No
    - Yes -
    - What language do you prefer?

    -

    		- -
    - Which topic categories would you like to subscribe - to?

    - By selecting one or more topics, you can filter the - traffic on the mailing list, so as to receive only a - subset of the messages. If a message matches one of - your selected topics, then you will get the message, - otherwise you will not. - -

    If a message does not match any topic, the delivery - rule depends on the setting of the option below. If - you do not select any topics of interest, you will get - all the messages sent to the mailing list. -

    		- -
    - Do you want to receive messages that do not match any - topic filter?

    - - This option only takes effect if you've subscribed to - at least one topic above. It describes what the - default delivery rule is for messages that don't match - any topic filter. Selecting No says that if - the message does not match any topic filters, then you - won't get the message, while selecting Yes - says to deliver such non-matching messages to you. - -

    If no topics of interest are selected above, then - you will receive every message sent to the mailing - list. -

    		- No
    - Yes -
    - Avoid duplicate copies of messages?

    - - When you are listed explicitly in the To: or - Cc: headers of a list message, you can opt to - not receive another copy from the mailing list. - Select Yes to avoid receiving copies from the - mailing list; select No to receive copies. - -

    If the list has member personalized messages - enabled, and you elect to receive copies, every copy - will have a X-Mailman-Copy: yes header added - to it. - -

    		- No
    - Yes

    - Set globally -

    -
    -
    - -

    - - -

    - -
    - -
    -
    - - - diff --git a/modules/mailman/files/html-templates-en/postack.txt b/modules/mailman/files/html-templates-en/postack.txt deleted file mode 100644 index 7402e4c..0000000 --- a/modules/mailman/files/html-templates-en/postack.txt +++ /dev/null @@ -1,8 +0,0 @@ -Your message entitled - - %(subject)s - -was successfully received by the %(listname)s mailing list. - -List info page: %(listinfo_url)s -Your preferences: %(optionsurl)s diff --git a/modules/mailman/files/html-templates-en/postauth.txt b/modules/mailman/files/html-templates-en/postauth.txt deleted file mode 100644 index a107277..0000000 --- a/modules/mailman/files/html-templates-en/postauth.txt +++ /dev/null @@ -1,13 +0,0 @@ -As list administrator, your authorization is requested for the -following mailing list posting: - - List: %(listname)s@%(hostname)s - From: %(sender)s - Subject: %(subject)s - Reason: %(reason)s - -At your convenience, visit: - - %(admindb_url)s - -to approve or deny the request. diff --git a/modules/mailman/files/html-templates-en/postheld.txt b/modules/mailman/files/html-templates-en/postheld.txt deleted file mode 100644 index 877bb40..0000000 --- a/modules/mailman/files/html-templates-en/postheld.txt +++ /dev/null @@ -1,15 +0,0 @@ -Your mail to '%(listname)s' with the subject - - %(subject)s - -Is being held until the list moderator can review it for approval. - -The reason it is being held: - - %(reason)s - -Either the message will get posted to the list, or you will receive -notification of the moderator's decision. If you would like to cancel -this posting, please visit the following URL: - - %(confirmurl)s diff --git a/modules/mailman/files/html-templates-en/private.html b/modules/mailman/files/html-templates-en/private.html deleted file mode 100644 index ba0db1f..0000000 --- a/modules/mailman/files/html-templates-en/private.html +++ /dev/null @@ -1,44 +0,0 @@ - - - %(realname)s Private Archives Authentication - - - -
    -%(message)s - - - - - - - - - - - - - - - -
    - %(realname)s Private - Archives Authentication -
    Email address:
    Password:
    -
    -

    Important: From this point on, you - must have cookies enabled in your browser, otherwise - you will have to re-authenticate with every operation. - -

    Session cookies are used in Mailman's - private archive interface so that you don't need to - re-authenticate with every operation. This - cookie will expire automatically when you exit your browser, or - you can explicitly expire the cookie by visiting your - member options page and clicking the - Log out button. -

    - - diff --git a/modules/mailman/files/html-templates-en/probe.txt b/modules/mailman/files/html-templates-en/probe.txt deleted file mode 100644 index e0ae4ff..0000000 --- a/modules/mailman/files/html-templates-en/probe.txt +++ /dev/null @@ -1,25 +0,0 @@ -This is a probe message. You can ignore this message. - -The %(listname)s mailing list has received a number of bounces from you, -indicating that there may be a problem delivering messages to %(address)s. -A bounce sample is attached below. Please examine this message to make sure -there are no problems with your email address. You may want to check with -your mail administrator for more help. - -If you are reading this, you don't need to do anything to remain an enabled -member of the mailing list. If this message had bounced, you would not be -reading it, and your membership would have been disabled. Normally when you -are disabled, you receive occasional messages asking you to re-enable your -subscription. - -You can also visit your membership page at - - %(optionsurl)s - -On your membership page, you can change various delivery options such -as your email address and whether you get digests or not. - -If you have any questions or problems, you can contact the list owner -at - - %(owneraddr)s diff --git a/modules/mailman/files/html-templates-en/refuse.txt b/modules/mailman/files/html-templates-en/refuse.txt deleted file mode 100644 index 9b6d9bb..0000000 --- a/modules/mailman/files/html-templates-en/refuse.txt +++ /dev/null @@ -1,13 +0,0 @@ -Your request to the %(listname)s mailing list - - %(request)s - -has been rejected by the list moderator. The moderator gave the -following reason for rejecting your request: - -"%(reason)s" - -Any questions or comments should be directed to the list administrator -at: - - %(adminaddr)s diff --git a/modules/mailman/files/html-templates-en/roster.html b/modules/mailman/files/html-templates-en/roster.html deleted file mode 100644 index aa90e7b..0000000 --- a/modules/mailman/files/html-templates-en/roster.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - OpenStack Open Source Cloud Computing Software » <MM-List-Name> Subscribers - - - -
    - -
    - - -
    - -

    - - - - - - - - - - - - - - - -
    - - Subscribers -
    - -

    -

    - -

    Click on your address to visit your subscription - options page.
    (Parenthesized entries have list delivery - disabled.)

    -
    -
    - - Non-digested Members of : -
    -     		-
    - Digested - Members of : -
    -
    -

    -

    		-

    -

    - -

    - -
    - -
    -
    - - - diff --git a/modules/mailman/files/html-templates-en/subauth.txt b/modules/mailman/files/html-templates-en/subauth.txt deleted file mode 100644 index 9c20c3d..0000000 --- a/modules/mailman/files/html-templates-en/subauth.txt +++ /dev/null @@ -1,11 +0,0 @@ -Your authorization is required for a mailing list subscription request -approval: - - For: %(username)s - List: %(listname)s@%(hostname)s - -At your convenience, visit: - - %(admindb_url)s - -to process the request. diff --git a/modules/mailman/files/html-templates-en/subscribe.html b/modules/mailman/files/html-templates-en/subscribe.html deleted file mode 100644 index a78f8a2..0000000 --- a/modules/mailman/files/html-templates-en/subscribe.html +++ /dev/null @@ -1,115 +0,0 @@ - - -OpenStack Open Source Cloud Computing Software » <MM-List-Name> Subscription results - - - - - - - - - - - - - - - - - - - - - - -
    - -
    - - -
    -

    Subscription results

    - - -
    - - -
    - -
    -
    - - diff --git a/modules/mailman/files/html-templates-en/subscribeack.txt b/modules/mailman/files/html-templates-en/subscribeack.txt deleted file mode 100644 index fad433f..0000000 --- a/modules/mailman/files/html-templates-en/subscribeack.txt +++ /dev/null @@ -1,33 +0,0 @@ -Welcome to the %(real_name)s@%(host_name)s mailing list! -%(welcome)s -To post to this list, send your email to: - - %(emailaddr)s - -General information about the mailing list is at: - - %(listinfo_url)s - -If you ever want to unsubscribe or change your options (eg, switch to or -from digest mode, change your password, etc.), visit your subscription -page at: - - %(optionsurl)s -%(umbrella)s -You can also make such adjustments via email by sending a message to: - - %(real_name)s-request@%(host_name)s - -with the word `help' in the subject or body (don't include the -quotes), and you will get back a message with instructions. - -You must know your password to change your options (including changing -the password, itself) or to unsubscribe. It is: - - %(password)s - -Normally, Mailman will remind you of your %(host_name)s mailing list -passwords once every month, although you can disable this if you -prefer. This reminder will also include instructions on how to -unsubscribe or change your account options. There is also a button on -your options page that will email your current password to you. diff --git a/modules/mailman/files/html-templates-en/unsub.txt b/modules/mailman/files/html-templates-en/unsub.txt deleted file mode 100644 index b08f65b..0000000 --- a/modules/mailman/files/html-templates-en/unsub.txt +++ /dev/null @@ -1,23 +0,0 @@ -Mailing list removal confirmation notice for mailing list %(listname)s - -We have received a request%(remote)s for the removal of your email -address, "%(email)s" from the %(listaddr)s mailing list. To confirm -that you want to be removed from this mailing list, simply reply to -this message, keeping the Subject: header intact. Or visit this web -page: - - %(confirmurl)s - -Or include the following line -- and only the following line -- in a -message to %(requestaddr)s: - - confirm %(cookie)s - -Note that simply sending a `reply' to this message should work from -most mail readers, since that usually leaves the Subject: line in -the right form (additional "Re:" text in the Subject: is okay). - -If you do not wish to be removed from this list, please simply -disregard this message. If you think you are being maliciously -removed from the list, or have any other questions, send them to -%(listadmin)s. diff --git a/modules/mailman/files/html-templates-en/unsubauth.txt b/modules/mailman/files/html-templates-en/unsubauth.txt deleted file mode 100644 index 920f6c1..0000000 --- a/modules/mailman/files/html-templates-en/unsubauth.txt +++ /dev/null @@ -1,11 +0,0 @@ -Your authorization is required for a mailing list unsubscription -request approval: - - By: %(username)s - From: %(listname)s@%(hostname)s - -At your convenience, visit: - - %(admindb_url)s - -to process the request. diff --git a/modules/mailman/files/html-templates-en/userpass.txt b/modules/mailman/files/html-templates-en/userpass.txt deleted file mode 100644 index 2a53a84..0000000 --- a/modules/mailman/files/html-templates-en/userpass.txt +++ /dev/null @@ -1,24 +0,0 @@ -You, or someone posing as you, has requested a password reminder for -your membership on the mailing list %(fqdn_lname)s. You will need -this password in order to change your membership options (e.g. do you -want regular delivery or digest delivery), and having this password -makes it easier for you to unsubscribe from the mailing list. - -You are subscribed with the address: %(user)s - -Your %(listname)s password is: %(password)s - -To make changes to your membership options, log in and visit your -options web page: - - %(options_url)s - -You can also make such changes via email by sending a message to: - - %(requestaddr)s - -with the text "help" in the subject or body. The automatic reply will -contain more detailed instructions. - -Questions or comments? Please send them to the %(listname)s mailing -list administrator at %(owneraddr)s. diff --git a/modules/mailman/files/html-templates-en/verify.txt b/modules/mailman/files/html-templates-en/verify.txt deleted file mode 100644 index 8e767f0..0000000 --- a/modules/mailman/files/html-templates-en/verify.txt +++ /dev/null @@ -1,22 +0,0 @@ -Mailing list subscription confirmation notice for mailing list %(listname)s - -We have received a request%(remote)s for subscription of your email -address, "%(email)s", to the %(listaddr)s mailing list. To confirm -that you want to be added to this mailing list, simply reply to this -message, keeping the Subject: header intact. Or visit this web page: - - %(confirmurl)s - -Or include the following line -- and only the following line -- in a -message to %(requestaddr)s: - - confirm %(cookie)s - -Note that simply sending a `reply' to this message should work from -most mail readers, since that usually leaves the Subject: line in -the right form (additional "Re:" text in the Subject: is okay). - -If you do not wish to be subscribed to this list, please simply -disregard this message. If you think you are being maliciously -subscribed to the list, or have any other questions, send them to -%(listadmin)s. diff --git a/modules/mailman/files/index.html b/modules/mailman/files/index.html deleted file mode 100644 index 1c70d95..0000000 --- a/modules/mailman/files/index.html +++ /dev/null @@ -1,4 +0,0 @@ -

    It works!

    -

    This is the default web page for this server.

    -

    The web server software is running but no content has been added, yet.

    - diff --git a/modules/mailman/manifests/init.pp b/modules/mailman/manifests/init.pp deleted file mode 100644 index c838d44..0000000 --- a/modules/mailman/manifests/init.pp +++ /dev/null @@ -1,58 +0,0 @@ -class mailman($vhost_name=$fqdn) { - - include apache - - package { "mailman": - ensure => installed, - } - - apache::vhost { $vhost_name: - port => 80, - docroot => "/var/www/", - priority => '50', - template => 'mailman/mailman.vhost.erb', - } - a2mod { 'rewrite': - ensure => present - } - - file { "/var/www/index.html": - source => 'puppet:///modules/mailman/index.html', - owner => 'root', - group => 'root', - ensure => 'present', - replace => 'true', - mode => 444, - require => Package["apache2"], - } - - file { '/etc/mailman/mm_cfg.py': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - content => template('mailman/mm_cfg.py.erb'), - replace => 'true', - require => Package["mailman"] - } - - service { 'mailman': - ensure => running, - hasrestart => true, - hasstatus => false, - subscribe => File['/etc/mailman/mm_cfg.py'], - require => Package["mailman"] - } - - file { '/etc/mailman/en': - owner => 'root', - group => 'list', - mode => 644, - ensure => 'directory', - recurse => true, - require => Package['mailman'], - source => [ - "puppet:///modules/mailman/html-templates-en", - ], - } -} diff --git a/modules/mailman/templates/mailman.vhost.erb b/modules/mailman/templates/mailman.vhost.erb deleted file mode 100644 index 263a0b2..0000000 --- a/modules/mailman/templates/mailman.vhost.erb +++ /dev/null @@ -1,52 +0,0 @@ - - ServerName <%= scope.lookupvar("mailman::vhost_name") %> - - ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("mailman::vhost_name") %>-error.log - - # Possible values include: debug, info, notice, warn, error, crit, - # alert, emerg. - LogLevel warn - - CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("mailman::vhost_name") %>-access.log combined - - DocumentRoot /var/www - -RewriteEngine on -RewriteRule ^/$ /cgi-bin/mailman/listinfo [R] - -# We can find mailman here: -ScriptAlias /cgi-bin/mailman/ /usr/lib/cgi-bin/mailman/ -# And the public archives: -Alias /pipermail/ /var/lib/mailman/archives/public/ -# Logos: -Alias /images/mailman/ /usr/share/images/mailman/ - -# Use this if you don't want the "cgi-bin" component in your URL: -# In case you want to access mailman through a shorter URL you should enable -# this: -#ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ -# In this case you need to set the DEFAULT_URL_PATTERN in -# /etc/mailman/mm_cfg.py to http://%s/mailman/ for the cookie -# authentication code to work. Note that you need to change the base -# URL for all the already-created lists as well. - - - AllowOverride None - Options ExecCGI - AddHandler cgi-script .cgi - Order allow,deny - Allow from all - - - Options FollowSymlinks - AllowOverride None - Order allow,deny - Allow from all - - - AllowOverride None - Order allow,deny - Allow from all - - - diff --git a/modules/mailman/templates/mm_cfg.py.erb b/modules/mailman/templates/mm_cfg.py.erb deleted file mode 100644 index 08202a9..0000000 --- a/modules/mailman/templates/mm_cfg.py.erb +++ /dev/null @@ -1,114 +0,0 @@ -# -*- python -*- - -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 USA - - -"""This is the module which takes your site-specific settings. - -From a raw distribution it should be copied to mm_cfg.py. If you -already have an mm_cfg.py, be careful to add in only the new settings -you want. The complete set of distributed defaults, with annotation, -are in ./Defaults. In mm_cfg, override only those you want to -change, after the - - from Defaults import * - -line (see below). - -Note that these are just default settings - many can be overridden via the -admin and user interfaces on a per-list or per-user basis. - -Note also that some of the settings are resolved against the active list -setting by using the value as a format string against the -list-instance-object's dictionary - see the distributed value of -DEFAULT_MSG_FOOTER for an example.""" - - -####################################################### -# Here's where we get the distributed defaults. # - -from Defaults import * - -############################################################## -# Put YOUR site-specific configuration below, in mm_cfg.py . # -# See Defaults.py for explanations of the values. # - -#------------------------------------------------------------- -# The name of the list Mailman uses to send password reminders -# and similar. Don't change if you want mailman-owner to be -# a valid local part. -MAILMAN_SITE_LIST = 'mailman' - -#------------------------------------------------------------- -# If you change these, you have to configure your http server -# accordingly (Alias and ScriptAlias directives in most httpds) -DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/' -PRIVATE_ARCHIVE_URL = '/cgi-bin/mailman/private' -IMAGE_LOGOS = '/images/mailman/' - -#------------------------------------------------------------- -# Default domain for email addresses of newly created MLs -DEFAULT_EMAIL_HOST = '<%= vhost_name %>' -#------------------------------------------------------------- -# Default host for web interface of newly created MLs -DEFAULT_URL_HOST = '<%= vhost_name %>' -#------------------------------------------------------------- -# Required when setting any of its arguments. -add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) - -#------------------------------------------------------------- -# The default language for this server. -DEFAULT_SERVER_LANGUAGE = 'en' - -#------------------------------------------------------------- -# Iirc this was used in pre 2.1, leave it for now -USE_ENVELOPE_SENDER = 0 # Still used? - -#------------------------------------------------------------- -# Unset send_reminders on newly created lists -DEFAULT_SEND_REMINDERS = 0 - -#------------------------------------------------------------- -# Uncomment this if you configured your MTA such that it -# automatically recognizes newly created lists. -# (see /usr/share/doc/mailman/README.Exim4.Debian or -# /usr/share/mailman/postfix-to-mailman.py) -MTA=None # Misnomer, suppresses alias output on newlist - -#------------------------------------------------------------- -# Uncomment if you use Postfix virtual domains (but not -# postfix-to-mailman.py), but be sure to see -# /usr/share/doc/mailman/README.Debian first. -# MTA='Postfix' - -#------------------------------------------------------------- -# Uncomment if you want to filter mail with SpamAssassin. For -# more information please visit this website: -# http://www.jamesh.id.au/articles/mailman-spamassassin/ -# GLOBAL_PIPELINE.insert(1, 'SpamAssassin') - -# Note - if you're looking for something that is imported from mm_cfg, but you -# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py. - -# Enable VERP, but let Exim create the VERP addresses since it's -# more efficient. --jeblair - -VERP_PASSWORD_REMINDERS = 1 -VERP_PERSONALIZED_DELIVERIES = 1 -VERP_CONFIRMATIONS = 1 -VERP_DELIVERY_INTERVAL = 0 diff --git a/modules/meetbot/manifests/init.pp b/modules/meetbot/manifests/init.pp deleted file mode 100644 index c95ebc7..0000000 --- a/modules/meetbot/manifests/init.pp +++ /dev/null @@ -1,47 +0,0 @@ -class meetbot { - - include apache - - vcsrepo { "/opt/meetbot": - ensure => latest, - provider => git, - source => "https://github.com/openstack-ci/meetbot.git", - } - - user { "meetbot": - shell => "/sbin/nologin", - home => "/var/lib/meetbot", - system => true, - gid => "meetbot", - require => Group["meetbot"] - } - - group { "meetbot": - ensure => present - } - - package { ['supybot', 'python-twisted']: - ensure => present - } - - file { "/var/lib/meetbot": - ensure => directory, - owner => 'meetbot', - require => User['meetbot'] - } - - file { "/usr/share/pyshared/supybot/plugins/MeetBot": - ensure => directory, - recurse => true, - source => "/opt/meetbot/MeetBot", - require => [Package["supybot"], - Vcsrepo["/opt/meetbot"]] - } - - file { "/etc/nginx/sites-enabled/default": - ensure => absent, - require => Package['nginx'], - notify => Service['nginx'] - } - -} diff --git a/modules/meetbot/manifests/site.pp b/modules/meetbot/manifests/site.pp deleted file mode 100644 index 70bc23f..0000000 --- a/modules/meetbot/manifests/site.pp +++ /dev/null @@ -1,117 +0,0 @@ -define meetbot::site($nick, $nickpass, $network, $server, $vhost_name=$fqdn, $channels, $use_ssl) { - - include remove_nginx - - apache::vhost { $vhost_name: - port => 80, - docroot => "/srv/meetbot-$name", - priority => '50', - } - - file { "/var/lib/meetbot/${name}": - ensure => directory, - owner => 'meetbot', - require => File["/var/lib/meetbot"] - } - - file { "/srv/meetbot-${name}": - ensure => directory, - } - - file { "/srv/meetbot-${name}/index.html": - ensure => present, - content => template("meetbot/index.html.erb"), - require => File["/srv/meetbot-${name}"] - } - - file { "/srv/meetbot-${name}/irclogs": - ensure => link, - target => "/var/lib/meetbot/${name}/logs/ChannelLogger/${network}/", - require => File["/srv/meetbot-${name}"] - } - - file { "/srv/meetbot-${name}/meetings": - ensure => link, - target => "/var/lib/meetbot/${name}/meetings/", - require => File["/srv/meetbot-${name}"] - } - - - file { "/var/lib/meetbot/${name}/conf": - ensure => directory, - owner => 'meetbot', - require => File["/var/lib/meetbot/${name}"] - } - - file { "/var/lib/meetbot/${name}/data": - ensure => directory, - owner => 'meetbot', - require => File["/var/lib/meetbot/${name}"] - } - - file { "/var/lib/meetbot/${name}/data/tmp": - ensure => directory, - owner => 'meetbot', - require => File["/var/lib/meetbot/${name}/data"] - } - - file { "/var/lib/meetbot/${name}/backup": - ensure => directory, - owner => 'meetbot', - require => File["/var/lib/meetbot/${name}"] - } - - file { "/var/lib/meetbot/${name}/logs": - ensure => directory, - owner => 'meetbot', - require => File["/var/lib/meetbot/${name}"] - } - - # set to root/root so meetbot doesn't overwrite - file { "/var/lib/meetbot/${name}.conf": - ensure => present, - content => template("meetbot/supybot.conf.erb"), - owner => 'root', - group => 'root', - require => File["/var/lib/meetbot"], - notify => Service["${name}-meetbot"] - } - - file { "/var/lib/meetbot/${name}/ircmeeting": - ensure => directory, - recurse => true, - source => "/opt/meetbot/ircmeeting", - owner => 'meetbot', - require => [Vcsrepo["/opt/meetbot"], - File["/var/lib/meetbot/${name}"]] - } - - file { "/var/lib/meetbot/${name}/ircmeeting/meetingLocalConfig.py": - ensure => present, - content => template("meetbot/meetingLocalConfig.py.erb"), - owner => 'meetbot', - require => File["/var/lib/meetbot/${name}/ircmeeting"], - notify => Service["${name}-meetbot"] - } - -# we set this file as root ownership because meetbot overwrites it on shutdown -# this means when puppet changes it and restarts meetbot the file is reset - - file { "/etc/init/${name}-meetbot.conf": - ensure => 'present', - content => template("meetbot/upstart.erb"), - replace => 'true', - require => File["/var/lib/meetbot/${name}.conf"], - owner => 'root', - notify => Service["${name}-meetbot"] - } - - service { "${name}-meetbot": - provider => upstart, - ensure => running, - require => [Vcsrepo["/opt/meetbot"], - File["/etc/init/${name}-meetbot.conf"]], - subscribe => [File["/usr/share/pyshared/supybot/plugins/MeetBot"], - File["/var/lib/meetbot/${name}/ircmeeting"]] - } -} diff --git a/modules/meetbot/templates/index.html.erb b/modules/meetbot/templates/index.html.erb deleted file mode 100644 index 7f59643..0000000 --- a/modules/meetbot/templates/index.html.erb +++ /dev/null @@ -1,16 +0,0 @@ - - - - - - <%= name.capitalize %> IRC log server - - -

    Welcome to <%= name.capitalize %> IRC log server

    - - - diff --git a/modules/meetbot/templates/meetingLocalConfig.py.erb b/modules/meetbot/templates/meetingLocalConfig.py.erb deleted file mode 100644 index b2af6ed..0000000 --- a/modules/meetbot/templates/meetingLocalConfig.py.erb +++ /dev/null @@ -1,4 +0,0 @@ -class Config(object): - # These two are **required**: - logFileDir = '/var/lib/meetbot/<%= name %>/meetings/' - logUrlPrefix = 'http://<%= vhost_name %>/meetings/' diff --git a/modules/meetbot/templates/supybot.conf.erb b/modules/meetbot/templates/supybot.conf.erb deleted file mode 100644 index 3828d40..0000000 --- a/modules/meetbot/templates/supybot.conf.erb +++ /dev/null @@ -1,1420 +0,0 @@ -### -# Determines the bot's default nick. -# -# Default value: supybot -### -supybot.nick: <%= nick %> - -### -# Determines what alternative nicks will be used if the primary nick -# (supybot.nick) isn't available. A %s in this nick is replaced by the -# value of supybot.nick when used. If no alternates are given, or if all -# are used, the supybot.nick will be perturbed appropriately until an -# unused nick is found. -# -# Default value: %s` %s_ -### -supybot.nick.alternates: %s` %s_ - -### -# Determines the bot's ident string, if the server doesn't provide one -# by default. -# -# Default value: supybot -### -supybot.ident: <%= nick %> - -### -# Determines the user the bot sends to the server. A standard user using -# the current version of the bot will be generated if this is left -# empty. -# -# Default value: -### -supybot.user: <%= nick %> - -### -# Determines what networks the bot will connect to. -# -# Default value: -### -supybot.networks: <%= network %> - -### -# Determines what password will be used on network. Yes, we know that -# technically passwords are server-specific and not network-specific, -# but this is the best we can do right now. -# -# Default value: -### -supybot.networks.<%= network %>.password: - -### -# Determines what servers the bot will connect to for FreeNode. Each -# will be tried in order, wrapping back to the first when the cycle is -# completed. -# -# Default value: -### -supybot.networks.<%= network %>.servers: <%= server %> - -### -# Determines what channels the bot will join only on network. -# -# Default value: -### -supybot.networks.<%= network %>.channels: <%= channels %> - -### -# Determines what key (if any) will be used to join the channel. -# -# Default value: -### -supybot.networks.<%= network %>.channels.key: - -### -# Determines whether the bot will attempt to connect with SSL sockets to -# network. -# -# Default value: False -### -supybot.networks.<%= network %>.ssl: <%= use_ssl %> - -### -# Determines how timestamps printed for human reading should be -# formatted. Refer to the Python documentation for the time module to -# see valid formatting characters for time formats. -# -# Default value: %I:%M %p, %B %d, %Y -### -supybot.reply.format.time: %I:%M %p, %B %d, %Y - -### -# Determines whether elapsed times will be given as "1 day, 2 hours, 3 -# minutes, and 15 seconds" or as "1d 2h 3m 15s". -# -# Default value: False -### -supybot.reply.format.time.elapsed.short: False - -### -# Determines the absolute maximum length of the bot's reply -- no reply -# will be passed through the bot with a length greater than this. -# -# Default value: 131072 -### -supybot.reply.maximumLength: 131072 - -### -# Determines whether the bot will break up long messages into chunks and -# allow users to use the 'more' command to get the remaining chunks. -# -# Default value: True -### -supybot.reply.mores: True - -### -# Determines what the maximum number of chunks (for use with the 'more' -# command) will be. -# -# Default value: 50 -### -supybot.reply.mores.maximum: 50 - -### -# Determines how long individual chunks will be. If set to 0, uses our -# super-tweaked, get-the-most-out-of-an-individual-message default. -# -# Default value: 0 -### -supybot.reply.mores.length: 0 - -### -# Determines how many mores will be sent instantly (i.e., without the -# use of the more command, immediately when they are formed). Defaults -# to 1, which means that a more command will be required for all but the -# first chunk. -# -# Default value: 1 -### -supybot.reply.mores.instant: 1 - -### -# Determines whether the bot will send multi-message replies in a single -# message or in multiple messages. For safety purposes (so the bot is -# less likely to flood) it will normally send everything in a single -# message, using mores if necessary. -# -# Default value: True -### -supybot.reply.oneToOne: True - -### -# Determines whether the bot will reply with an error message when it is -# addressed but not given a valid command. If this value is False, the -# bot will remain silent, as long as no other plugins override the -# normal behavior. -# -# Default value: True -### -supybot.reply.whenNotCommand: True - -### -# Determines whether error messages that result from bugs in the bot -# will show a detailed error message (the uncaught exception) or a -# generic error message. -# -# Default value: False -### -supybot.reply.error.detailed: False - -### -# Determines whether the bot will send error messages to users in -# private. You might want to do this in order to keep channel traffic to -# minimum. This can be used in combination with -# supybot.reply.error.withNotice. -# -# Default value: False -### -supybot.reply.error.inPrivate: False - -### -# Determines whether the bot will send error messages to users via -# NOTICE instead of PRIVMSG. You might want to do this so users can -# ignore NOTICEs from the bot and not have to see error messages; or you -# might want to use it in combination with supybot.reply.errorInPrivate -# so private errors don't open a query window in most IRC clients. -# -# Default value: False -### -supybot.reply.error.withNotice: False - -### -# Determines whether the bot will send an error message to users who -# attempt to call a command for which they do not have the necessary -# capability. You may wish to make this True if you don't want users to -# understand the underlying security system preventing them from running -# certain commands. -# -# Default value: False -### -supybot.reply.error.noCapability: False - -### -# Determines whether the bot will reply privately when replying in a -# channel, rather than replying to the whole channel. -# -# Default value: False -### -supybot.reply.inPrivate: False - -### -# Determines whether the bot will reply with a notice when replying in a -# channel, rather than replying with a privmsg as normal. -# -# Default value: False -### -supybot.reply.withNotice: False - -### -# Determines whether the bot will reply with a notice when it is sending -# a private message, in order not to open a /query window in clients. -# This can be overridden by individual users via the user configuration -# variable reply.withNoticeWhenPrivate. -# -# Default value: False -### -supybot.reply.withNoticeWhenPrivate: False - -### -# Determines whether the bot will always prefix the user's nick to its -# reply to that user's command. -# -# Default value: True -### -supybot.reply.withNickPrefix: True - -### -# Determines whether the bot should attempt to reply to all messages -# even if they don't address it (either via its nick or a prefix -# character). If you set this to True, you almost certainly want to set -# supybot.reply.whenNotCommand to False. -# -# Default value: False -### -supybot.reply.whenNotAddressed: False - -### -# Determines whether the bot will allow you to send channel-related -# commands outside of that channel. Sometimes people find it confusing -# if a channel-related command (like Filter.outfilter) changes the -# behavior of the channel but was sent outside the channel itself. -# -# Default value: False -### -supybot.reply.requireChannelCommandsToBeSentInChannel: False - -### -# Supybot normally replies with the full help whenever a user misuses a -# command. If this value is set to True, the bot will only reply with -# the syntax of the command (the first line of the help) rather than the -# full help. -# -# Default value: False -### -supybot.reply.showSimpleSyntax: False - -### -# Determines what prefix characters the bot will reply to. A prefix -# character is a single character that the bot will use to determine -# what messages are addressed to it; when there are no prefix characters -# set, it just uses its nick. Each character in this string is -# interpreted individually; you can have multiple prefix chars -# simultaneously, and if any one of them is used as a prefix the bot -# will assume it is being addressed. -# -# Default value: -### -supybot.reply.whenAddressedBy.chars: ! - -### -# Determines what strings the bot will reply to when they are at the -# beginning of the message. Whereas prefix.chars can only be one -# character (although there can be many of them), this variable is a -# space-separated list of strings, so you can set something like '@@ ??' -# and the bot will reply when a message is prefixed by either @@ or ??. -# -# Default value: -### -supybot.reply.whenAddressedBy.strings: - -### -# Determines whether the bot will reply when people address it by its -# nick, rather than with a prefix character. -# -# Default value: True -### -supybot.reply.whenAddressedBy.nick: False - -### -# Determines whether the bot will reply when people address it by its -# nick at the end of the message, rather than at the beginning. -# -# Default value: False -### -supybot.reply.whenAddressedBy.nick.atEnd: False - -### -# Determines what extra nicks the bot will always respond to when -# addressed by, even if its current nick is something else. -# -# Default value: -### -supybot.reply.whenAddressedBy.nicks: - -### -# Determines whether the bot will unidentify someone when that person -# changes his or her nick. Setting this to True will cause the bot to -# track such changes. It defaults to False for a little greater -# security. -# -# Default value: False -### -supybot.followIdentificationThroughNickChanges: False - -### -# Determines whether the bot will always join a channel when it's -# invited. If this value is False, the bot will only join a channel if -# the user inviting it has the 'admin' capability (or if it's explicitly -# told to join the channel using the Admin.join command) -# -# Default value: False -### -supybot.alwaysJoinOnInvite: False - -### -# Determines what message the bot replies with when a command succeeded. -# If this configuration variable is empty, no success message will be -# sent. -### -supybot.replies.success: The operation succeeded. - -### -# Determines what error message the bot gives when it wants to be -# ambiguous. -### -supybot.replies.error: An error has occurred and has been logged. Please\ - contact this bot's administrator for more\ - information. - -### -# Determines what message the bot replies with when someone tries to use -# a command that requires being identified or having a password and -# neither credential is correct. -### -supybot.replies.incorrectAuthentication: Your hostmask doesn't match or your\ - password is wrong. - -### -# Determines what error message the bot replies with when someone tries -# to accessing some information on a user the bot doesn't know about. -### -supybot.replies.noUser: I can't find %s in my user database. If you didn't\ - give a user name, then I might not know what your\ - user is, and you'll need to identify before this\ - command might work. - -### -# Determines what error message the bot replies with when someone tries -# to do something that requires them to be registered but they're not -# currently recognized. -### -supybot.replies.notRegistered: You must be registered to use this command.\ - If you are already registered, you must\ - either identify (using the identify command)\ - or add a hostmask matching your current\ - hostmask (using the "hostmask add" command). - -### -# Determines what error message is given when the bot is telling someone -# they aren't cool enough to use the command they tried to use. -### -supybot.replies.noCapability: You don't have the %s capability. If you think\ - that you should have this capability, be sure\ - that you are identified before trying again.\ - The 'whoami' command can tell you if you're\ - identified. - -### -# Determines what generic error message is given when the bot is telling -# someone that they aren't cool enough to use the command they tried to -# use, and the author of the code calling errorNoCapability didn't -# provide an explicit capability for whatever reason. -### -supybot.replies.genericNoCapability: You're missing some capability you\ - need. This could be because you\ - actually possess the anti-capability\ - for the capability that's required of\ - you, or because the channel provides\ - that anti-capability by default, or\ - because the global capabilities include\ - that anti-capability. Or, it could be\ - because the channel or\ - supybot.capabilities.default is set to\ - False, meaning that no commands are\ - allowed unless explicitly in your\ - capabilities. Either way, you can't do\ - what you want to do. - -### -# Determines what error messages the bot sends to people who try to do -# things in a channel that really should be done in private. -### -supybot.replies.requiresPrivacy: That operation cannot be done in a channel. - -### -# Determines what message the bot sends when it thinks you've -# encountered a bug that the developers don't know about. -### -supybot.replies.possibleBug: This may be a bug. If you think it is, please\ - file a bug report at . - -### -# A floating point number of seconds to throttle snarfed URLs, in order -# to prevent loops between two bots snarfing the same URLs and having -# the snarfed URL in the output of the snarf message. -# -# Default value: 10.0 -### -supybot.snarfThrottle: 10.0 - -### -# Determines the number of seconds between running the upkeep function -# that flushes (commits) open databases, collects garbage, and records -# some useful statistics at the debugging level. -# -# Default value: 3600 -### -supybot.upkeepInterval: 3600 - -### -# Determines whether the bot will periodically flush data and -# configuration files to disk. Generally, the only time you'll want to -# set this to False is when you want to modify those configuration files -# by hand and don't want the bot to flush its current version over your -# modifications. Do note that if you change this to False inside the -# bot, your changes won't be flushed. To make this change permanent, you -# must edit the registry yourself. -# -# Default value: True -### -supybot.flush: False - -### -# Determines what characters are valid for quoting arguments to commands -# in order to prevent them from being tokenized. -# -# Default value: " -### -supybot.commands.quotes: " - -### -# Determines whether the bot will allow nested commands, which rule. You -# definitely should keep this on. -# -# Default value: True -### -supybot.commands.nested: True - -### -# Determines what the maximum number of nested commands will be; users -# will receive an error if they attempt commands more nested than this. -# -# Default value: 10 -### -supybot.commands.nested.maximum: 10 - -### -# Supybot allows you to specify what brackets are used for your nested -# commands. Valid sets of brackets include [], <>, and {} (). [] has -# strong historical motivation, as well as being the brackets that don't -# require shift. <> or () might be slightly superior because they cannot -# occur in a nick. If this string is empty, nested commands will not be -# allowed in this channel. -# -# Default value: [] -### -supybot.commands.nested.brackets: [] - -### -# Supybot allows nested commands. Enabling this option will allow nested -# commands with a syntax similar to UNIX pipes, for example: 'bot: foo | -# bar'. -# -# Default value: False -### -supybot.commands.nested.pipeSyntax: False - -### -# Determines what commands have default plugins set, and which plugins -# are set to be the default for each of those commands. -### -supybot.commands.defaultPlugins.addcapability: Admin -supybot.commands.defaultPlugins.capabilities: User -supybot.commands.defaultPlugins.disable: Owner -supybot.commands.defaultPlugins.enable: Owner -supybot.commands.defaultPlugins.help: Misc -supybot.commands.defaultPlugins.ignore: Admin - -### -# Determines what plugins automatically get precedence over all other -# plugins when selecting a default plugin for a command. By default, -# this includes the standard loaded plugins. You probably shouldn't -# change this if you don't know what you're doing; if you do know what -# you're doing, then also know that this set is case-sensitive. -# -# Default value: Plugin Admin Misc User Owner Config Channel -### -supybot.commands.defaultPlugins.importantPlugins: Plugin Admin Misc User Owner Config Channel -supybot.commands.defaultPlugins.list: Misc -supybot.commands.defaultPlugins.reload: Owner -supybot.commands.defaultPlugins.removecapability: Admin -supybot.commands.defaultPlugins.unignore: Admin - -### -# Determines what commands are currently disabled. Such commands will -# not appear in command lists, etc. They will appear not even to exist. -# -# Default value: -### -supybot.commands.disabled: - -### -# Determines whether the bot will defend itself against command- -# flooding. -# -# Default value: True -### -supybot.abuse.flood.command: True - -### -# Determines how many commands users are allowed per minute. If a user -# sends more than this many commands in any 60 second period, he or she -# will be ignored for supybot.abuse.flood.command.punishment seconds. -# -# Default value: 12 -### -supybot.abuse.flood.command.maximum: 12 - -### -# Determines how many seconds the bot will ignore users who flood it -# with commands. -# -# Default value: 300 -### -supybot.abuse.flood.command.punishment: 300 - -### -# Determines whether the bot will defend itself against invalid command- -# flooding. -# -# Default value: True -### -supybot.abuse.flood.command.invalid: True - -### -# Determines how many invalid commands users are allowed per minute. If -# a user sends more than this many invalid commands in any 60 second -# period, he or she will be ignored for -# supybot.abuse.flood.command.invalid.punishment seconds. Typically, -# this value is lower than supybot.abuse.flood.command.maximum, since -# it's far less likely (and far more annoying) for users to flood with -# invalid commands than for them to flood with valid commands. -# -# Default value: 5 -### -supybot.abuse.flood.command.invalid.maximum: 5 - -### -# Determines how many seconds the bot will ignore users who flood it -# with invalid commands. Typically, this value is higher than -# supybot.abuse.flood.command.punishment, since it's far less likely -# (and far more annoying) for users to flood witih invalid commands than -# for them to flood with valid commands. -# -# Default value: 600 -### -supybot.abuse.flood.command.invalid.punishment: 600 - -### -# Determines the default length of time a driver should block waiting -# for input. -# -# Default value: 1.0 -### -supybot.drivers.poll: 1.0 - -### -# Determines what driver module the bot will use. Socket, a simple -# driver based on timeout sockets, is used by default because it's -# simple and stable. Twisted is very stable and simple, and if you've -# got Twisted installed, is probably your best bet. -# -# Default value: default -### -supybot.drivers.module: Twisted - -### -# Determines the maximum time the bot will wait before attempting to -# reconnect to an IRC server. The bot may, of course, reconnect earlier -# if possible. -# -# Default value: 300.0 -### -supybot.drivers.maxReconnectWait: 300.0 - -### -# Determines what directory configuration data is put into. -# -# Default value: conf -### -supybot.directories.conf: /var/lib/meetbot/<%= name %>/conf - -### -# Determines what directory data is put into. -# -# Default value: data -### -supybot.directories.data: /var/lib/meetbot/<%= name %>/data - -### -# Determines what directory temporary files are put into. -# -# Default value: tmp -### -supybot.directories.data.tmp: /var/lib/meetbot/<%= name %>/data/tmp - -### -# Determines what directory backup data is put into. -# -# Default value: backup -### -supybot.directories.backup: /var/lib/meetbot/<%= name %>/backup - -### -# Determines what directories the bot will look for plugins in. Accepts -# a comma-separated list of strings. This means that to add another -# directory, you can nest the former value and add a new one. E.g. you -# can say: bot: 'config supybot.directories.plugins [config -# supybot.directories.plugins], newPluginDirectory'. -# -# Default value: -### -supybot.directories.plugins: /usr/share/pyshared/supybot/plugins - -### -# Determines what directory the bot will store its logfiles in. -# -# Default value: logs -### -supybot.directories.log: /var/lib/meetbot/<%= name %>/logs - -### -# Determines what plugins will be loaded. -# -# Default value: -### -supybot.plugins: MeetBot Admin ChannelLogger Misc Owner User Services Config Channel - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.Admin: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.Admin.public: True - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.Channel: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.Channel.public: True - -### -# Determines whether the bot will always try to rejoin a channel -# whenever it's kicked from the channel. -# -# Default value: True -### -supybot.plugins.Channel.alwaysRejoin: True - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.ChannelLogger: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.ChannelLogger.public: True - -### -# Determines whether logging is enabled. -# -# Default value: True -### -supybot.plugins.ChannelLogger.enable: True - -### -# Determines whether channel logfiles will be flushed anytime they're -# written to, rather than being buffered by the operating system. -# -# Default value: False -### -supybot.plugins.ChannelLogger.flushImmediately: False - -### -# Determines whether formatting characters (such as bolding, color, -# etc.) are removed when writing the logs to disk. -# -# Default value: True -### -supybot.plugins.ChannelLogger.stripFormatting: True - -### -# Determines whether the logs for this channel are timestamped with the -# timestamp in supybot.log.timestampFormat. -# -# Default value: True -### -supybot.plugins.ChannelLogger.timestamp: True - -### -# Determines what string a message should be prefixed with in order not -# to be logged. If you don't want any such prefix, just set it to the -# empty string. -# -# Default value: [nolog] -### -supybot.plugins.ChannelLogger.noLogPrefix: [nolog] - -### -# Determines whether the bot will automatically rotate the logs for this -# channel. The bot will rotate logs when the timestamp for the log -# changes. The timestamp is set according to the 'filenameTimestamp' -# configuration variable. -# -# Default value: False -### -supybot.plugins.ChannelLogger.rotateLogs: True - -### -# Determines how to represent the timestamp used for the filename in -# rotated logs. When this timestamp changes, the old logfiles will be -# closed and a new one started. The format characters for the timestamp -# are in the time.strftime docs at python.org. In order for your logs to -# be rotated, you'll also have to enable -# supybot.plugins.ChannelLogger.rotateLogs. -# -# Default value: %Y-%m-%d -### -supybot.plugins.ChannelLogger.filenameTimestamp: %Y-%m-%d - -### -# Determines whether the bot will partition its channel logs into -# separate directories based on different criteria. -# -# Default value: True -### -supybot.plugins.ChannelLogger.directories: True - -### -# Determines whether the bot will use a network directory if using -# directories. -# -# Default value: True -### -supybot.plugins.ChannelLogger.directories.network: True - -### -# Determines whether the bot will use a channel directory if using -# directories. -# -# Default value: True -### -supybot.plugins.ChannelLogger.directories.channel: True - -### -# Determines whether the bot will use a timestamp (determined by -# supybot.plugins.ChannelLogger.directories.timestamp.format) if using -# directories. -# -# Default value: False -### -supybot.plugins.ChannelLogger.directories.timestamp: False - -### -# Determines what timestamp format will be used in the directory -# stucture for channel logs if -# supybot.plugins.ChannelLogger.directories.timestamp is True. -# -# Default value: %B -### -supybot.plugins.ChannelLogger.directories.timestamp.format: %B - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.Config: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.Config.public: True - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.MeetBot: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.MeetBot.public: True - -### -# Enable configuration via the supybot config mechanism. -# -# Default value: False -### -supybot.plugins.MeetBot.enableSupybotBasedConfig: False - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.Misc: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.Misc.public: True - -### -# Determines whether the bot will list private plugins with the list -# command if given the --private switch. If this is disabled, non-owner -# users should be unable to see what private plugins are loaded. -# -# Default value: True -### -supybot.plugins.Misc.listPrivatePlugins: True - -### -# Determines the format string for timestamps in the Misc.last command. -# Refer to the Python documentation for the time module to see what -# formats are accepted. If you set this variable to the empty string, -# the timestamp will not be shown. -# -# Default value: [%H:%M:%S] -### -supybot.plugins.Misc.timestampFormat: [%H:%M:%S] - -### -# Determines whether or not the timestamp will be included in the output -# of last when it is part of a nested command -# -# Default value: False -### -supybot.plugins.Misc.last.nested.includeTimestamp: False - -### -# Determines whether or not the nick will be included in the output of -# last when it is part of a nested command -# -# Default value: False -### -supybot.plugins.Misc.last.nested.includeNick: False - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.Owner: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.Owner.public: True - -### -# Determines what quit message will be used by default. If the quit -# command is called without a quit message, this will be used. If this -# value is empty, the nick of the person giving the quit command will be -# used. -# -# Default value: -### -supybot.plugins.Owner.quitMsg: - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.Services: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.Services.public: True - -### -# Determines what nicks the bot will use with services. -# -# Default value: -### -supybot.plugins.Services.nicks: <%= nick %> - -### -# Determines what networks this plugin will be disabled on. -# -# Default value: QuakeNet -### -supybot.plugins.Services.disabledNetworks: QuakeNet - -### -# Determines whether the bot will not join any channels until it is -# identified. This may be useful, for instances, if you have a vhost -# that isn't set until you're identified, or if you're joining +r -# channels that won't allow you to join unless you identify. -# -# Default value: False -### -supybot.plugins.Services.noJoinsUntilIdentified: False - -### -# Determines how many seconds the bot will wait between successive GHOST -# attempts. -# -# Default value: 60 -### -supybot.plugins.Services.ghostDelay: 60 - -### -# Determines what nick the 'NickServ' service has. -# -# Default value: -### -supybot.plugins.Services.NickServ: NickServ - -### -# Determines what password the bot will use with NickServ. -# -# Default value: -### -supybot.plugins.Services.NickServ.password: -supybot.plugins.Services.NickServ.password.<%= nick %>: <%= nickpass %> - -### -# Determines what nick the 'ChanServ' service has. -# -# Default value: -### -supybot.plugins.Services.ChanServ: ChanServ - -### -# Determines what password the bot will use with ChanServ. -# -# Default value: -### -supybot.plugins.Services.ChanServ.password: - -### -# Determines whether the bot will request to get opped by the ChanServ -# when it joins the channel. -# -# Default value: False -### -supybot.plugins.Services.ChanServ.op: False - -### -# Determines whether the bot will request to get half-opped by the -# ChanServ when it joins the channel. -# -# Default value: False -### -supybot.plugins.Services.ChanServ.halfop: False - -### -# Determines whether the bot will request to get voiced by the ChanServ -# when it joins the channel. -# -# Default value: False -### -supybot.plugins.Services.ChanServ.voice: False - -### -# Determines whether this plugin is loaded by default. -### -supybot.plugins.User: True - -### -# Determines whether this plugin is publicly visible. -# -# Default value: True -### -supybot.plugins.User.public: True - -### -# Determines whether the bot will always load important plugins (Admin, -# Channel, Config, Misc, Owner, and User) regardless of what their -# configured state is. Generally, if these plugins are configured not to -# load, you didn't do it on purpose, and you still want them to load. -# Users who don't want to load these plugins are smart enough to change -# the value of this variable appropriately :) -# -# Default value: True -### -supybot.plugins.alwaysLoadImportant: True - -### -# Determines what databases are available for use. If this value is not -# configured (that is, if its value is empty) then sane defaults will be -# provided. -# -# Default value: anydbm cdb flat pickle -### -supybot.databases: - -### -# Determines what filename will be used for the users database. This -# file will go into the directory specified by the -# supybot.directories.conf variable. -# -# Default value: users.conf -### -supybot.databases.users.filename: users.conf - -### -# Determines how long it takes identification to time out. If the value -# is less than or equal to zero, identification never times out. -# -# Default value: 0 -### -supybot.databases.users.timeoutIdentification: 0 - -### -# Determines whether the bot will allow users to unregister their users. -# This can wreak havoc with already-existing databases, so by default we -# don't allow it. Enable this at your own risk. (Do also note that this -# does not prevent the owner of the bot from using the unregister -# command.) -# -# Default value: False -### -supybot.databases.users.allowUnregistration: False - -### -# Determines what filename will be used for the ignores database. This -# file will go into the directory specified by the -# supybot.directories.conf variable. -# -# Default value: ignores.conf -### -supybot.databases.ignores.filename: ignores.conf - -### -# Determines what filename will be used for the channels database. This -# file will go into the directory specified by the -# supybot.directories.conf variable. -# -# Default value: channels.conf -### -supybot.databases.channels.filename: channels.conf - -### -# Determines whether database-based plugins that can be channel-specific -# will be so. This can be overridden by individual channels. Do note -# that the bot needs to be restarted immediately after changing this -# variable or your db plugins may not work for your channel; also note -# that you may wish to set -# supybot.databases.plugins.channelSpecific.link appropriately if you -# wish to share a certain channel's databases globally. -# -# Default value: True -### -supybot.databases.plugins.channelSpecific: False - -### -# Determines what channel global (non-channel-specific) databases will -# be considered a part of. This is helpful if you've been running -# channel-specific for awhile and want to turn the databases for your -# primary channel into global databases. If -# supybot.databases.plugins.channelSpecific.link.allow prevents linking, -# the current channel will be used. Do note that the bot needs to be -# restarted immediately after changing this variable or your db plugins -# may not work for your channel. -# -# Default value: # -### -supybot.databases.plugins.channelSpecific.link: # - -### -# Determines whether another channel's global (non-channel-specific) -# databases will be allowed to link to this channel's databases. Do note -# that the bot needs to be restarted immediately after changing this -# variable or your db plugins may not work for your channel. -# -# Default value: True -### -supybot.databases.plugins.channelSpecific.link.allow: True - -### -# Determines whether CDB databases will be allowed as a database -# implementation. -# -# Default value: True -### -supybot.databases.types.cdb: True - -### -# Determines how often CDB databases will have their modifications -# flushed to disk. When the number of modified records is greater than -# this part of the number of unmodified records, the database will be -# entirely flushed to disk. -# -# Default value: 0.5 -### -supybot.databases.types.cdb.maximumModifications: 0.5 - -### -# Determines what will be used as the default banmask style. -# -# Default value: host user -### -supybot.protocols.irc.banmask: host user - -### -# Determines whether the bot will strictly follow the RFC; currently -# this only affects what strings are considered to be nicks. If you're -# using a server or a network that requires you to message a nick such -# as services@this.network.server then you you should set this to False. -# -# Default value: False -### -supybot.protocols.irc.strictRfc: False - -### -# Determines what user modes the bot will request from the server when -# it first connects. Many people might choose +i; some networks allow -# +x, which indicates to the auth services on those networks that you -# should be given a fake host. -# -# Default value: -### -supybot.protocols.irc.umodes: - -### -# Determines what vhost the bot will bind to before connecting to the -# IRC server. -# -# Default value: -### -supybot.protocols.irc.vhost: - -### -# Determines how many old messages the bot will keep around in its -# history. Changing this variable will not take effect until the bot is -# restarted. -# -# Default value: 1000 -### -supybot.protocols.irc.maxHistoryLength: 1000 - -### -# A floating point number of seconds to throttle queued messages -- that -# is, messages will not be sent faster than once per throttleTime -# seconds. -# -# Default value: 1.0 -### -supybot.protocols.irc.throttleTime: 1.0 - -### -# Determines whether the bot will send PINGs to the server it's -# connected to in order to keep the connection alive and discover -# earlier when it breaks. Really, this option only exists for debugging -# purposes: you always should make it True unless you're testing some -# strange server issues. -# -# Default value: True -### -supybot.protocols.irc.ping: True - -### -# Determines the number of seconds between sending pings to the server, -# if pings are being sent to the server. -# -# Default value: 120 -### -supybot.protocols.irc.ping.interval: 120 - -### -# Determines whether the bot will refuse duplicate messages to be queued -# for delivery to the server. This is a safety mechanism put in place to -# prevent plugins from sending the same message multiple times; most of -# the time it doesn't matter, unless you're doing certain kinds of -# plugin hacking. -# -# Default value: False -### -supybot.protocols.irc.queuing.duplicates: False - -### -# Determines how many seconds must elapse between JOINs sent to the -# server. -# -# Default value: 0.0 -### -supybot.protocols.irc.queuing.rateLimit.join: 0.0 - -### -# Determines how many bytes the bot will 'peek' at when looking through -# a URL for a doctype or title or something similar. It'll give up after -# it reads this many bytes, even if it hasn't found what it was looking -# for. -# -# Default value: 4096 -### -supybot.protocols.http.peekSize: 4096 - -### -# Determines what proxy all HTTP requests should go through. The value -# should be of the form 'host:port'. -# -# Default value: -### -supybot.protocols.http.proxy: - -### -# Determines whether the bot will ignore unregistered users by default. -# Of course, that'll make it particularly hard for those users to -# register or identify with the bot, but that's your problem to solve. -# -# Default value: False -### -supybot.defaultIgnore: False - -### -# A string that is the external IP of the bot. If this is the empty -# string, the bot will attempt to find out its IP dynamically (though -# sometimes that doesn't work, hence this variable). -# -# Default value: -### -supybot.externalIP: - -### -# Determines what the default timeout for socket objects will be. This -# means that *all* sockets will timeout when this many seconds has gone -# by (unless otherwise modified by the author of the code that uses the -# sockets). -# -# Default value: 10 -### -supybot.defaultSocketTimeout: 10 - -### -# Determines what file the bot should write its PID (Process ID) to, so -# you can kill it more easily. If it's left unset (as is the default) -# then no PID file will be written. A restart is required for changes to -# this variable to take effect. -# -# Default value: -### -supybot.pidFile: - -### -# Determines whether the bot will automatically thread all commands. -# -# Default value: False -### -supybot.debug.threadAllCommands: False - -### -# Determines whether the bot will automatically flush all flushers -# *very* often. Useful for debugging when you don't know what's breaking -# or when, but think that it might be logged. -# -# Default value: False -### -supybot.debug.flushVeryOften: False - -### -# Determines what the bot's logging format will be. The relevant -# documentation on the available formattings is Python's documentation -# on its logging module. -# -# Default value: %(levelname)s %(asctime)s %(name)s %(message)s -### -supybot.log.format: %(levelname)s %(asctime)s %(name)s %(message)s - -### -# Determines what the minimum priority level logged to file will be. Do -# note that this value does not affect the level logged to stdout; for -# that, you should set the value of supybot.log.stdout.level. Valid -# values are DEBUG, INFO, WARNING, ERROR, and CRITICAL, in order of -# increasing priority. -# -# Default value: INFO -### -supybot.log.level: INFO - -### -# Determines the format string for timestamps in logfiles. Refer to the -# Python documentation for the time module to see what formats are -# accepted. If you set this variable to the empty string, times will be -# logged in a simple seconds-since-epoch format. -# -# Default value: %Y-%m-%dT%H:%M:%S -### -supybot.log.timestampFormat: %Y-%m-%dT%H:%M:%S - -### -# Determines whether the bot will log to stdout. -# -# Default value: True -### -supybot.log.stdout: True - -### -# Determines whether the bot's logs to stdout (if enabled) will be -# colorized with ANSI color. -# -# Default value: False -### -supybot.log.stdout.colorized: True - -### -# Determines whether the bot will wrap its logs when they're output to -# stdout. -# -# Default value: True -### -supybot.log.stdout.wrap: True - -### -# Determines what the bot's logging format will be. The relevant -# documentation on the available formattings is Python's documentation -# on its logging module. -# -# Default value: %(levelname)s %(asctime)s %(message)s -### -supybot.log.stdout.format: %(levelname)s %(asctime)s %(message)s - -### -# Determines what the minimum priority level logged will be. Valid -# values are DEBUG, INFO, WARNING, ERROR, and CRITICAL, in order of -# increasing priority. -# -# Default value: INFO -### -supybot.log.stdout.level: INFO - -### -# Determines whether the bot will separate plugin logs into their own -# individual logfiles. -# -# Default value: False -### -supybot.log.plugins.individualLogfiles: False - -### -# Determines what the bot's logging format will be. The relevant -# documentation on the available formattings is Python's documentation -# on its logging module. -# -# Default value: %(levelname)s %(asctime)s %(message)s -### -supybot.log.plugins.format: %(levelname)s %(asctime)s %(message)s - -### -# These are the capabilities that are given to everyone by default. If -# they are normal capabilities, then the user will have to have the -# appropriate anti-capability if you want to override these -# capabilities; if they are anti-capabilities, then the user will have -# to have the actual capability to override these capabilities. See -# docs/CAPABILITIES if you don't understand why these default to what -# they do. -# -# Default value: -owner -admin -trusted -### -supybot.capabilities: -owner -admin -trusted - -### -# Determines whether the bot by default will allow users to have a -# capability. If this is disabled, a user must explicitly have the -# capability for whatever command he wishes to run. -# -# Default value: True -### -supybot.capabilities.default: True diff --git a/modules/meetbot/templates/upstart.erb b/modules/meetbot/templates/upstart.erb deleted file mode 100644 index a32b496..0000000 --- a/modules/meetbot/templates/upstart.erb +++ /dev/null @@ -1,9 +0,0 @@ -description "<%= name %> Meetbot Server" -author "Andrew Hutchings " - -start on (local-filesystem and net-device-up) -stop on runlevel [!2345] - -env PYTHONPATH=/var/lib/meetbot/<%= name %> - -exec start-stop-daemon --start --chdir /var/lib/meetbot/openstack --chuid meetbot --name meetbot --startas /usr/bin/python /usr/bin/supybot /var/lib/meetbot/<%= name %>.conf diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp deleted file mode 100644 index a797bb9..0000000 --- a/modules/ntp/manifests/init.pp +++ /dev/null @@ -1,15 +0,0 @@ -class ntp { - - package { "ntp": - ensure => installed - } - - service { 'ntpd': - name => 'ntp', - ensure => running, - enable => true, - hasrestart => true, - require => Package['ntp'], - } - -} diff --git a/modules/openstack_project/README b/modules/openstack_project/README deleted file mode 100644 index 5589a02..0000000 --- a/modules/openstack_project/README +++ /dev/null @@ -1 +0,0 @@ -This file stores config files specific to the OpenStack CI project. diff --git a/modules/openstack_project/files/gerrit/GerritSite.css b/modules/openstack_project/files/gerrit/GerritSite.css deleted file mode 100644 index c808632..0000000 --- a/modules/openstack_project/files/gerrit/GerritSite.css +++ /dev/null @@ -1,20 +0,0 @@ -body {color: #000 !important; background: url("static/openstack-page-bkg.jpg") no-repeat scroll 0 0 white !important; position: static} -a,a:visited {color: #264D69 !important; text-decoration: none;} -a:hover {color: #000 !important; text-decoration: underline} - -a.gwt-InlineHyperlink {background: none !important} - -#gerrit_header {display: block !important; position: relative; top: -60px; margin-bottom: -60px; width: 400px; padding-left: 17px} -#gerrit_header h1 {font-family: 'PT Sans', sans-serif; font-weight: normal; letter-spacing: -1px} - -#gerrit_topmenu {background: none; position:relative; top: 0px; left: 400px; margin-right: 400px} - -#gerrit_topmenu tbody tr td table {border: 0} - -#gerrit_topmenu tbody tr td table.gwt-TabBar {color: #353535; border-bottom: 1px solid #C5E2EA;} -#gerrit_topmenu .gwt-Button {padding: 3px 6px} -.gwt-TabBarItem-selected {color: #CF2F19 !important; border-bottom: 3px solid #CF2F19;} -.gwt-TabBarItem {color: #353535; border-right: 0 !important} -.gwt-TabBar .gwt-TabBarItem, .gwt-TabBar .gwt-TabBarRest, .gwt-TabPanelBottom {background: 0 !important;} - -#gerrit_topmenu .gwt-TextBox {width: 250px} diff --git a/modules/openstack_project/files/gerrit/GerritSiteHeader.html b/modules/openstack_project/files/gerrit/GerritSiteHeader.html deleted file mode 100644 index d20aae1..0000000 --- a/modules/openstack_project/files/gerrit/GerritSiteHeader.html +++ /dev/null @@ -1,3 +0,0 @@ -
    -

    Code Review

    -
    diff --git a/modules/openstack_project/files/gerrit/change-merged b/modules/openstack_project/files/gerrit/change-merged deleted file mode 100755 index 7516919..0000000 --- a/modules/openstack_project/files/gerrit/change-merged +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -python /usr/local/gerrit/scripts/update_bug.py change-merged "$@" diff --git a/modules/openstack_project/files/gerrit/echosign-cla.html b/modules/openstack_project/files/gerrit/echosign-cla.html deleted file mode 100644 index 7aae808..0000000 --- a/modules/openstack_project/files/gerrit/echosign-cla.html +++ /dev/null @@ -1,18 +0,0 @@ - - -
    -

    In order to contribute to OpenStack, you need to sign the -Contributor License Agreement.

    - -

    This is not the agreement.

    - -

    -Follow these -instructions to sign the agreement. Once your membership in the -openstack-cla group has been approved, you will be able to submit -changes. -

    - -
    - - diff --git a/modules/openstack_project/files/gerrit/patchset-created b/modules/openstack_project/files/gerrit/patchset-created deleted file mode 100755 index 4a582bd..0000000 --- a/modules/openstack_project/files/gerrit/patchset-created +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -python /usr/local/gerrit/scripts/update_blueprint.py patchset-created "$@" -python /usr/local/gerrit/scripts/update_bug.py patchset-created "$@" -python /usr/local/gerrit/scripts/notify_doc_impact.py patchset-created "$@" diff --git a/modules/openstack_project/files/jenkins/jenkins.default b/modules/openstack_project/files/jenkins/jenkins.default deleted file mode 100644 index 42038c1..0000000 --- a/modules/openstack_project/files/jenkins/jenkins.default +++ /dev/null @@ -1,60 +0,0 @@ -# defaults for jenkins continuous integration server - -# pulled in from the init script; makes things easier. -NAME=jenkins - -# location of java -JAVA=/usr/bin/java - -# arguments to pass to java -#JAVA_ARGS="-Xmx256m" -#JAVA_ARGS="-Djava.net.preferIPv4Stack=true" # make jenkins listen on IPv4 address -JAVA_ARGS="-Xloggc:/var/log/jenkins/gc.log -XX:+PrintGCDetails -Xmx12g" - -PIDFILE=/var/run/jenkins/jenkins.pid - -# user id to be invoked as (otherwise will run as root; not wise!) -JENKINS_USER=jenkins - -# location of the jenkins war file -JENKINS_WAR=/usr/share/jenkins/jenkins.war - -# jenkins home location -JENKINS_HOME=/var/lib/jenkins - -# set this to false if you don't want Hudson to run by itself -# in this set up, you are expected to provide a servlet container -# to host jenkins. -RUN_STANDALONE=true - -# log location. this may be a syslog facility.priority -JENKINS_LOG=/var/log/jenkins/$NAME.log -#HUDSON_LOG=daemon.info - -# OS LIMITS SETUP -# comment this out to observe /etc/security/limits.conf -# this is on by default because http://github.com/jenkinsci/jenkins/commit/2fb288474e980d0e7ff9c4a3b768874835a3e92e -# reported that Ubuntu's PAM configuration doesn't include pam_limits.so, and as a result the # of file -# descriptors are forced to 1024 regardless of /etc/security/limits.conf -MAXOPENFILES=8192 - -# port for HTTP connector (default 8080; disable with -1) -HTTP_PORT=8080 - -# port for AJP connector (disabled by default) -AJP_PORT=-1 - -# servlet context, important if you want to use apache proxying -PREFIX=/jenkins - -# arguments to pass to jenkins. -# --javahome=$JAVA_HOME -# --httpPort=$HTTP_PORT (default 8080; disable with -1) -# --httpsPort=$HTTP_PORT -# --ajp13Port=$AJP_PORT -# --argumentsRealm.passwd.$ADMIN_USER=[password] -# --argumentsRealm.$ADMIN_USER=admin -# --webroot=~/.jenkins/war -# --prefix=$PREFIX - -JENKINS_ARGS="--webroot=/var/cache/jenkins/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT" diff --git a/modules/openstack_project/files/jenkins_job_builder/config/ceilometer.yaml b/modules/openstack_project/files/jenkins_job_builder/config/ceilometer.yaml deleted file mode 100644 index ee5596b..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/ceilometer.yaml +++ /dev/null @@ -1,51 +0,0 @@ -- job: - name: 'gate-ceilometer-python26-essex' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - zuul - - builders: - - gerrit-git-prep - - python26-essex - - # >= precise does not have python2.6 - node: oneiric - - -- job: - name: 'gate-ceilometer-python27-essex' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - zuul - - builders: - - gerrit-git-prep - - python27-essex - - node: oneiric diff --git a/modules/openstack_project/files/jenkins_job_builder/config/devstack-gate.yaml b/modules/openstack_project/files/jenkins_job_builder/config/devstack-gate.yaml deleted file mode 100644 index 225f9f8..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/devstack-gate.yaml +++ /dev/null @@ -1,211 +0,0 @@ -- job: - name: gate-integration-tests-devstack-vm - project-type: freestyle - concurrent: true - node: devstack-precise - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - parameters: - - label: - name: NODE_LABEL - description: Label of node to use for this build - default: devstack-precise - - wrappers: - - timeout: - timeout: 40 - fail: true - - timestamps - - triggers: - - zuul - - builders: - - trigger-builds: - - project: devstack-update-inprogress - predefined-parameters: - DEVSTACK_NODE_NAME=${NODE_NAME} - - shell: | - #!/bin/bash -xe - # - # This job also gates devstack-gate, but in case a previous run fails, - # we need to always make sure that we're starting with the latest copy - # from master, before we start applying changes to it. If a previous run - # leaves a bad copy of the gate script, we may get stuck. - # - if [[ ! -e devstack-gate ]]; then - git clone https://review.openstack.org/p/openstack-ci/devstack-gate - else - cd devstack-gate - git remote update - git reset --hard - git clean -x -f - git checkout master - git reset --hard remotes/origin/master - git clean -x -f - cd .. - fi - - shell: | - #!/bin/bash -xe - export PYTHONUNBUFFERED=true - cp devstack-gate/devstack-vm-gate-wrap.sh ./safe-devstack-vm-gate-wrap.sh - ./safe-devstack-vm-gate-wrap.sh - - publishers: - - archive: - artifacts: logs/* - - trigger-parameterized-builds: - - project: devstack-update-complete - when: complete - predefined-parameters: - DEVSTACK_NODE_NAME=${NODE_NAME} - - -- job: - name: gate-tempest-devstack-vm - project-type: freestyle - concurrent: true - node: devstack-precise - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - parameters: - - label: - name: NODE_LABEL - description: Label of node to use for this build - default: devstack-precise - - wrappers: - - timeout: - timeout: 90 - fail: true - - timestamps - - triggers: - - zuul - - builders: - - trigger-builds: - - project: devstack-update-inprogress - predefined-parameters: - DEVSTACK_NODE_NAME=${NODE_NAME} - - shell: | - #!/bin/bash -xe - # - # This job also gates devstack-gate, but in case a previous run fails, - # we need to always make sure that we're starting with the latest copy - # from master, before we start applying changes to it. If a previous run - # leaves a bad copy of the gate script, we may get stuck. - # - if [[ ! -e devstack-gate ]]; then - git clone https://review.openstack.org/p/openstack-ci/devstack-gate - else - cd devstack-gate - git remote update - git reset --hard - git clean -x -f - git checkout master - git reset --hard remotes/origin/master - git clean -x -f - cd .. - fi - - shell: | - #!/bin/bash -xe - export PYTHONUNBUFFERED=true - export DEVSTACK_GATE_TEMPEST=1 - cp devstack-gate/devstack-vm-gate-wrap.sh ./safe-devstack-vm-gate-wrap.sh - ./safe-devstack-vm-gate-wrap.sh - - publishers: - - archive: - artifacts: logs/* - - trigger-parameterized-builds: - - project: devstack-update-complete - when: complete - predefined-parameters: - DEVSTACK_NODE_NAME=${NODE_NAME} - - -# Called by devstack jobs to alert that they have started so that the -# jenkins slave they are running on can be disabled. -- job: - name: devstack-update-inprogress - project-type: freestyle - concurrent: false - node: master - - logrotate: - daysToKeep: 28 - numToKeep: 100 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - wrappers: - - timeout: - timeout: 10 - fail: true - - timestamps - - builders: - - shell: | - #!/bin/bash -xe - - if [[ ! -e devstack-gate ]]; then - git clone https://review.openstack.org/p/openstack-ci/devstack-gate - else - cd devstack-gate - git remote update - git pull --ff-only origin - cd .. - fi - - shell: | - #!/bin/bash -xe - export PYTHONUNBUFFERED=true - $WORKSPACE/devstack-gate/devstack-vm-inprogress.py $DEVSTACK_NODE_NAME - - -# Called by devstack jobs to alert that they have completed so that the -# jenkins slave may be deleted. -- job: - name: devstack-update-complete - project-type: freestyle - concurrent: false - node: master - - logrotate: - daysToKeep: 28 - numToKeep: 100 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - wrappers: - - timeout: - timeout: 10 - fail: true - - timestamps - - builders: - - shell: | - #!/bin/bash -xe - - if [[ ! -e devstack-gate ]]; then - git clone https://review.openstack.org/p/openstack-ci/devstack-gate - else - cd devstack-gate - git remote update - git pull --ff-only origin - cd .. - fi - - shell: | - #!/bin/bash -xe - export PYTHONUNBUFFERED=true - $WORKSPACE/devstack-gate/devstack-vm-delete.py $DEVSTACK_NODE_NAME diff --git a/modules/openstack_project/files/jenkins_job_builder/config/gerrit.yaml b/modules/openstack_project/files/jenkins_job_builder/config/gerrit.yaml deleted file mode 100644 index cb69026..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/gerrit.yaml +++ /dev/null @@ -1,94 +0,0 @@ -- job: - name: check-gerrit-unittests - project-type: maven - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 40 - fail: true - - triggers: - - zuul - - prebuilders: - - gerrit-git-prep - - gerrit-preclean - - maven: - root-module: - group-id: com.google.gerrit - artifact-id: gerrit-parent - goals: 'clean package -Dgerrit.include-documentation=1 -X' - - postbuilders: - - gerrit-postrun - - publishers: - - war: - site: 'nova.openstack.org' - warfile: 'gerrit-war/target/gerrit*.war' - target: 'tarballs/ci/test/' - - -- job: - name: gate-gerrit-unittests - project-type: maven - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 40 - fail: true - - triggers: - - zuul - - prebuilders: - - gerrit-git-prep - - gerrit-preclean - - maven: - root-module: - group-id: com.google.gerrit - artifact-id: gerrit-parent - goals: 'clean package -Dgerrit.include-documentation=1 -X' - - postbuilders: - - gerrit-postrun - - -- job: - name: gerrit-package - project-type: maven - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 40 - fail: true - - triggers: - - zuul-post - - prebuilders: - - gerrit-git-prep - - gerrit-preclean - - maven: - root-module: - group-id: com.google.gerrit - artifact-id: gerrit-parent - goals: 'clean package -Dgerrit.include-documentation=1 -X' - - postbuilders: - - gerrit-postrun - - publishers: - - war: - site: 'nova.openstack.org' - warfile: 'gerrit-war/target/gerrit*.war' - target: 'tarballs/ci/' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/horizon.yaml b/modules/openstack_project/files/jenkins_job_builder/config/horizon.yaml deleted file mode 100644 index ae229d7..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/horizon.yaml +++ /dev/null @@ -1,23 +0,0 @@ -- job: - name: gate-horizon-selenium - concurrent: true - node: precise - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul - - builders: - - gerrit-git-prep - - selenium diff --git a/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml b/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml deleted file mode 100644 index 94bc222..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/macros.yaml +++ /dev/null @@ -1,116 +0,0 @@ -- builder: - name: gerrit-git-prep - builders: - - shell: "/usr/local/jenkins/slave_scripts/gerrit-git-prep.sh review.openstack.org" - -- builder: - name: coverage - builders: - - shell: "/usr/local/jenkins/slave_scripts/run-cover.sh" - -- builder: - name: docs - builders: - - shell: "/usr/local/jenkins/slave_scripts/run-docs.sh" - -- builder: - name: maven-test - builders: - - shell: "mvn test" - -- builder: - name: maven-package - builders: - - shell: "mvn package" - -- builder: - name: gerrit-package - builders: - - shell: "/usr/local/jenkins/slave_scripts/package-gerrit.sh" - -- builder: - name: gerrit-preclean - builders: - - shell: | - #!/bin/bash -xe - rm -fr ~/.m2 - rm -fr ~/.java - ./tools/version.sh --release - -- builder: - name: gerrit-postrun - builders: - - shell: "./tools/version.sh --reset" - -- builder: - name: pep8 - builders: - - shell: "set -o pipefail ; tox -v -epep8 | tee pep8.txt ; set +o pipefail" - -- builder: - name: pyflakes - builders: - - shell: "tox -v -epyflakes" - -- builder: - name: puppet-syntax - builders: - - shell: | - find . -iname *.pp | xargs puppet parser validate --modulepath=`pwd`/modules - for f in `find . -iname *.erb` ; do - erb -x -T '-' $f | ruby -c - done - -- builder: - name: selenium - builders: - - shell: "/usr/local/jenkins/slave_scripts/run-selenium.sh" - -- builder: - name: python26 - builders: - - shell: "/usr/local/jenkins/slave_scripts/run-tox.sh 26" - - something: - arg: value - -- builder: - name: python27 - builders: - - shell: "/usr/local/jenkins/slave_scripts/run-tox.sh 27" - -- builder: - name: python26-essex - builders: - - shell: "/usr/local/jenkins/slave_scripts/run-tox.sh 26-essex" - -- builder: - name: python27-essex - builders: - - shell: "/usr/local/jenkins/slave_scripts/run-tox.sh 27-essex" - -- builder: - name: tarball - builders: - - shell: "/usr/local/jenkins/slave_scripts/create-tarball.sh {project}" - -# ====================================================================== - -- publisher: - name: tarball - publishers: - - archive: - artifacts: 'dist/*.tar.gz' - - scp: - site: '{site}' - source: 'dist/*.tar.gz' - target: 'tarballs/{project}/' - -- publisher: - name: war - publishers: - - archive: - artifacts: '{warfile}' - - scp: - site: '{site}' - source: '{warfile}' - target: '{target}' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/mraas.yaml b/modules/openstack_project/files/jenkins_job_builder/config/mraas.yaml deleted file mode 100644 index 3f8ad9b..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/mraas.yaml +++ /dev/null @@ -1,77 +0,0 @@ -- job: - name: gate-MRaaS-merge - concurrent: false - node: oneiric - - properties: - - github: - url: https://github.com/stackforge/MRaaS - - throttle: - max-per-node: 0 - max-total: 0 - option: project - enabled: false - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - gerrit: - triggerOnPatchsetUploadedEvent: 'false' - triggerOnChangeMergedEvent: 'false' - triggerOnCommentAddedEvent: 'true' - triggerOnRefUpdatedEvent: 'false' - triggerApprovalCategory: 'APRV' - triggerApprovalValue: 1 - failureMessage: 'This change was unable to be automatically merged with the current state of the repository. Please rebase your change and upload a new patchset.' - projects: - - projectCompareType: 'PLAIN' - projectPattern: 'stackforge/MRaaS' - branchCompareType: 'ANT' - branchPattern: '**' - - builders: - - gerrit-git-prep - - -- job: - name: check-MRaaS-merge - concurrent: false - node: oneiric - - properties: - - github: - url: https://github.com/stackforge/MRaaS - - throttle: - max-per-node: 0 - max-total: 0 - option: project - enabled: false - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - gerrit: - triggerOnPatchsetUploadedEvent: 'true' - triggerOnChangeMergedEvent: 'false' - triggerOnCommentAddedEvent: 'false' - triggerOnRefUpdatedEvent: 'false' - overrideVotes: 'true' - gerritBuildSuccessfulVerifiedValue: 1 - gerritBuildFailedVerifiedValue: -1 - failureMessage: 'This change was unable to be automatically merged with the current state of the repository. Please rebase your change and upload a new patchset.' - projects: - - projectCompareType: 'PLAIN' - projectPattern: 'stackforge/MRaaS' - branchCompareType: 'ANT' - branchPattern: '**' - - builders: - - gerrit-git-prep diff --git a/modules/openstack_project/files/jenkins_job_builder/config/openstack-ci-puppet.yaml b/modules/openstack_project/files/jenkins_job_builder/config/openstack-ci-puppet.yaml deleted file mode 100644 index 4631d6d..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/openstack-ci-puppet.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- job: - name: gate-ci-puppet-syntax - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul - - builders: - - gerrit-git-prep - - puppet-syntax - - pyflakes diff --git a/modules/openstack_project/files/jenkins_job_builder/config/openstack-publish-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/openstack-publish-jobs.yaml deleted file mode 100644 index b53ec97..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/openstack-publish-jobs.yaml +++ /dev/null @@ -1,71 +0,0 @@ -- job-template: - name: '{name}-docs' - project-type: freestyle - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul-post - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - builders: - - gerrit-git-prep - - docs - - publishers: - - ftp: - site: '{doc-publisher-site}' - source: 'doc/build/html/**' - target: 'developer/{name}' - remove-prefix: 'doc/build/html' - excludes: '' - - -- job-template: - name: '{name}-tarball' - project-type: freestyle - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul-post - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - builders: - - gerrit-git-prep - - tarball: - project: '{name}' - - publishers: - - tarball: - project: '{name}' - site: '{tarball-publisher-site}' - - -- job-group: - name: openstack-publish-jobs - jobs: - - '{name}-docs' - - '{name}-tarball' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/projects.yaml b/modules/openstack_project/files/jenkins_job_builder/config/projects.yaml deleted file mode 100644 index a8e9543..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/projects.yaml +++ /dev/null @@ -1,375 +0,0 @@ -- project: - name: ceilometer - github-org: stackforge - node: oneiric - - jobs: - - python-jobs - - -- project: - name: cinder - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - openstack-publish-jobs - - -- project: - name: devstack-gate - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: devstack - github-org: openstack-dev - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: gerrit-verification-status-plugin - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: gerrit - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: gerritbot - github-org: openstack-ci - node: precise - doc-publisher-site: ci.openstack.org - tarball-publisher-site: ci.openstack.org - - jobs: - - gate-{name}-merge - - gate-{name}-pep8 - - gate-{name}-pyflakes - - '{name}-sdist-tarball' - - '{name}-pypi' - - -- project: - name: gerritlib - github-org: openstack-ci - node: precise - doc-publisher-site: ci.openstack.org - tarball-publisher-site: nova.openstack.org - - jobs: - - gate-{name}-merge - - gate-{name}-pep8 - - gate-{name}-pyflakes - - '{name}-pypi' - - -- project: - name: glance - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - openstack-publish-jobs - - -- project: - name: heat - github-org: heat-api - node: oneiric - - jobs: - - python-jobs - - -- project: - name: horizon - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - openstack-publish-jobs - - -- project: - name: jenkins-job-builder - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - gate-{name}-pep8 - - gate-{name}-pyflakes - - -- project: - name: keystone - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - openstack-publish-jobs - - -- project: - name: MRaaS - github-org: stackforge - node: precise - - -- project: - name: nova - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - python-diablo-bitrot-jobs - - python-essex-bitrot-jobs - - openstack-publish-jobs - - -- project: - name: ci-puppet - github-org: openstack - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: openstack-common - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - openstack-publish-jobs - - -- project: - name: pbr - github-org: openstack-dev - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: puppet-apparmor - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: puppet-dashboard - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: puppet-vcsrepo - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: pypi-mirror - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - gate-{name}-pyflakes - - -- project: - name: python-cinderclient - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: python-glanceclient - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: python-keystoneclient - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: python-novaclient - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: python-openstackclient - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: python-quantumclient - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: python-swiftclient - github-org: openstack - node: precise - tarball-publisher-site: swift.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - pypi-jobs - - -- project: - name: quantum - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - openstack-publish-jobs - - -- project: - name: reddwarf - github-org: stackforge - node: oneiric - - jobs: - - python-jobs - - -- project: - name: requirements - github-org: openstack - node: precise - - jobs: - - gate-{name}-merge - - -- project: - name: swift - github-org: openstack - node: precise - tarball-publisher-site: nova.openstack.org - doc-publisher-site: docs.openstack.org - - jobs: - - python-jobs - - openstack-publish-jobs - - -- project: - name: tempest - github-org: openstack-ci - node: precise - - jobs: - - gate-{name}-merge - - gate-{name}-pep8 - - -- project: - name: zuul - github-org: openstack-ci - node: precise - jobs: - - python-jobs - - gate-{name}-pyflakes diff --git a/modules/openstack_project/files/jenkins_job_builder/config/pypi-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/pypi-jobs.yaml deleted file mode 100644 index 9cc5313..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/pypi-jobs.yaml +++ /dev/null @@ -1,68 +0,0 @@ -- job-template: - name: '{name}-sdist-tarball' - project-type: freestyle - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul-post - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - builders: - - gerrit-git-prep - - shell: | - #!/bin/bash -xe - BRANCH=$GERRIT_REFNAME - BRANCH_PATH=`echo $BRANCH | tr / -` - - tox -v -evenv python setup.py sdist - cp dist/* dist/{name}-$BRANCH_PATH.tar.gz - - publishers: - - tarball: - project: '{name}' - site: '{tarball-publisher-site}' - - -- job-template: - name: '{name}-pypi' - project-type: freestyle - concurrent: true - node: pypi - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul-post - - builders: - - gerrit-git-prep - - shell: tox -v -evenv python setup.py sdist upload - - publishers: - - tarball: - project: '{name}' - site: '{tarball-publisher-site}' - - -- job-group: - name: pypi-jobs - jobs: - - '{name}-docs' - - '{name}-sdist-tarball' - - '{name}-pypi' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/python-bitrot-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/python-bitrot-jobs.yaml deleted file mode 100644 index 738f477..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/python-bitrot-jobs.yaml +++ /dev/null @@ -1,114 +0,0 @@ -- job-template: - name: 'periodic-{name}-python26-{branch-name}' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - timed: '@daily' - - builders: - - python26 - - scm: - - git: - url: 'git://github.com/{github-org}/{name}.git' - branches: - - 'origin/{branch}' - - # >= precise does not have python2.6 - node: oneiric - - -- job-template: - name: 'periodic-{name}-python27-{branch-name}' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - timed: '@daily' - - builders: - - python27 - - scm: - - git: - url: 'git://github.com/{github-org}/{name}.git' - branches: - - 'origin/{branch}' - - node: '{node}' - - -- job-template: - name: 'periodic-{name}-docs-{branch-name}' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - timed: '@daily' - - builders: - - docs - - scm: - - git: - url: 'git://github.com/{github-org}/{name}.git' - branches: - - 'origin/{branch}' - - node: '{node}' - - -- job-group: - name: python-diablo-bitrot-jobs - branch: 'stable/diablo' - branch-name: 'stable-diablo' - node: oneiric - jobs: - - 'periodic-{name}-python26-{branch-name}' - - 'periodic-{name}-python27-{branch-name}' - - 'periodic-{name}-docs-{branch-name}' - - -- job-group: - name: python-essex-bitrot-jobs - branch: 'stable/essex' - branch-name: 'stable-essex' - node: precise - jobs: - - 'periodic-{name}-python26-{branch-name}' - - 'periodic-{name}-python27-{branch-name}' - - 'periodic-{name}-docs-{branch-name}' diff --git a/modules/openstack_project/files/jenkins_job_builder/config/python-jobs.yaml b/modules/openstack_project/files/jenkins_job_builder/config/python-jobs.yaml deleted file mode 100644 index f513f96..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/python-jobs.yaml +++ /dev/null @@ -1,204 +0,0 @@ -- job-template: - name: '{name}-coverage' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - zuul-post - - builders: - - gerrit-git-prep - - coverage - - publishers: - - coverage - - node: '{node}' - - -- job-template: - name: 'gate-{name}-pep8' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - zuul - - builders: - - gerrit-git-prep - - pep8 - - publishers: - - pep8 - - node: '{node}' - - -- job-template: - name: 'gate-{name}-python26' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - zuul - - builders: - - gerrit-git-prep - - python26 - - # >= precise does not have python2.6 - node: oneiric - - -- job-template: - name: 'gate-{name}-python27' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - parameters: - - label: - name: NODE_LABEL - description: Label of node to use for this build - default: '{node}' - - triggers: - - zuul - - builders: - - gerrit-git-prep - - python27 - - node: '{node}' - - -- job-template: - name: 'gate-{name}-merge' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - zuul - - builders: - - gerrit-git-prep - - node: '{node}' - - -- job-template: - name: 'gate-{name}-docs' - concurrent: true - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - triggers: - - zuul - - builders: - - gerrit-git-prep - - docs - - node: '{node}' - - -- job-template: - name: 'gate-{name}-pyflakes' - project-type: freestyle - concurrent: true - node: precise - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul - - builders: - - gerrit-git-prep - - pyflakes - - -- job-group: - name: python-jobs - jobs: - - '{name}-coverage' - - 'gate-{name}-merge' - - 'gate-{name}-pep8' - - 'gate-{name}-python26' - - 'gate-{name}-python27' - - 'gate-{name}-docs' - # pyflakes isn't standard diff --git a/modules/openstack_project/files/jenkins_job_builder/config/zuul.yaml b/modules/openstack_project/files/jenkins_job_builder/config/zuul.yaml deleted file mode 100644 index 184b53c..0000000 --- a/modules/openstack_project/files/jenkins_job_builder/config/zuul.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# This is a non-standard docs job because it uses SCP instead of FTP -- job: - name: zuul-docs - project-type: freestyle - concurrent: true - node: precise - - wrappers: - - timeout: - timeout: 30 - fail: true - - timestamps - - triggers: - - zuul-post - - logrotate: - daysToKeep: 28 - numToKeep: -1 - artifactDaysToKeep: -1 - artifactNumToKeep: -1 - - builders: - - gerrit-git-prep - - docs - - publishers: - - scp: - site: '173.203.107.207' - source: 'doc/build/html/**/*' - target: 'ci/zuul' - keep-hierarchy: true diff --git a/modules/openstack_project/files/openstack-page-bkg.jpg b/modules/openstack_project/files/openstack-page-bkg.jpg deleted file mode 100644 index f788c41..0000000 Binary files a/modules/openstack_project/files/openstack-page-bkg.jpg and /dev/null differ diff --git a/modules/openstack_project/files/openstack.png b/modules/openstack_project/files/openstack.png deleted file mode 100644 index 146faec..0000000 Binary files a/modules/openstack_project/files/openstack.png and /dev/null differ diff --git a/modules/openstack_project/files/puppetmaster/hiera.yaml b/modules/openstack_project/files/puppetmaster/hiera.yaml deleted file mode 100644 index 8e930ba..0000000 --- a/modules/openstack_project/files/puppetmaster/hiera.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -:hierarchy: - - %{operatingsystem} - - common -:backends: - - yaml -:yaml: - :datadir: '/etc/puppet/hieradata/%{environment}' diff --git a/modules/openstack_project/files/review-dev.projects.yaml b/modules/openstack_project/files/review-dev.projects.yaml deleted file mode 100644 index fc52cf0..0000000 --- a/modules/openstack_project/files/review-dev.projects.yaml +++ /dev/null @@ -1,3 +0,0 @@ -- project: gtest-org/test - options: - - close-pull diff --git a/modules/openstack_project/files/review.projects.yaml b/modules/openstack_project/files/review.projects.yaml deleted file mode 100644 index 7bd1d3b..0000000 --- a/modules/openstack_project/files/review.projects.yaml +++ /dev/null @@ -1,160 +0,0 @@ -- project: heat-api/heat - options: - - close-pull -- project: openstack-ci/devstack-gate - options: - - close-pull -- project: openstack-ci/gerrit - options: - - close-pull - remote: https://gerrit.googlesource.com/gerrit -- project: openstack-ci/gerrit-verification-status-plugin - options: - - close-pull -- project: openstack-ci/gerritbot - options: - - close-pull -- project: openstack-ci/gerritlib - options: - - close-pull -- project: openstack-ci/git-review - options: - - close-pull -- project: openstack-ci/jenkins-job-builder - options: - - close-pull -- project: openstack-ci/lodgeit - options: - - close-pull -- project: openstack-ci/meetbot - options: - - close-pull -- project: openstack-ci/puppet-apparmor - options: - - close-pull -- project: openstack-ci/puppet-dashboard - options: - - close-pull -- project: openstack-ci/puppet-vcsrepo - options: - - close-pull -- project: openstack-ci/pypi-mirror - options: - - close-pull -- project: openstack-ci/zuul - options: - - close-pull -- project: openstack-dev/devstack - options: - - close-pull -- project: openstack-dev/openstack-nose - options: - - close-pull -- project: openstack-dev/openstack-qa - options: - - close-pull -- project: openstack-dev/pbr - options: - - close-pull -- project: openstack-dev/sandbox - options: - - close-pull -- project: openstack/cinder - options: - - close-pull -- project: openstack/compute-api - options: - - close-pull -- project: openstack/glance - options: - - close-pull -- project: openstack/horizon - options: - - close-pull -- project: openstack/identity-api - options: - - close-pull -- project: openstack/image-api - options: - - close-pull -- project: openstack/keystone - options: - - close-pull -- project: openstack/melange - options: - - close-pull -- project: openstack/netconn-api - options: - - close-pull -- project: openstack/nova - options: - - close-pull -- project: openstack/object-api - options: - - close-pull -- project: openstack/openstack-chef - options: - - close-pull -- project: openstack/openstack-ci - options: - - close-pull -- project: openstack/openstack-ci-puppet - options: - - close-pull -- project: openstack/openstack-common - options: - - close-pull -- project: openstack/openstack-manuals - options: - - close-pull -- project: openstack/openstack-planet - options: - - close-pull -- project: openstack/openstack-puppet - options: - - close-pull -- project: openstack/python-cinderclient - options: - - close-pull -- project: openstack/python-glanceclient - options: - - close-pull -- project: openstack/python-keystoneclient - options: - - close-pull -- project: openstack/python-melangeclient - options: - - close-pull -- project: openstack/python-novaclient - options: - - close-pull -- project: openstack/python-openstackclient - options: - - close-pull -- project: openstack/python-quantumclient - options: - - close-pull -- project: openstack/python-swiftclient - options: - - close-pull -- project: openstack/requirements - options: - - close-pull -- project: openstack/quantum - options: - - close-pull -- project: openstack/swift - options: - - close-pull -- project: openstack/tempest - options: - - close-pull -- project: stackforge/MRaaS - options: - - close-pull -- project: stackforge/ceilometer - options: - - close-pull -- project: stackforge/reddwarf - options: - - close-pull diff --git a/modules/openstack_project/files/zuul/layout.yaml b/modules/openstack_project/files/zuul/layout.yaml deleted file mode 100644 index daccf27..0000000 --- a/modules/openstack_project/files/zuul/layout.yaml +++ /dev/null @@ -1,575 +0,0 @@ -includes: - - python-file: openstack_functions.py - -pipelines: - - name: check - manager: IndependentPipelineManager - trigger: - - event: patchset-created - - event: comment-added - comment_filter: (?i)^\s*recheck\.?\s*$ - success: - verified: 1 - failure: - verified: -1 - - - name: gate - manager: DependentPipelineManager - trigger: - - event: comment-added - approval: - - approved: 1 - - event: comment-added - comment_filter: (?i)^\s*reverify\.?\s*$ - start: - verified: 0 - success: - verified: 2 - submit: true - failure: - verified: -2 - - - name: post - manager: IndependentPipelineManager - trigger: - - event: ref-updated - ref: ^(?!refs/).*$ - - - name: publish - manager: IndependentPipelineManager - trigger: - - event: ref-updated - ref: ^refs/tags/.*$ - - - name: silent - manager: IndependentPipelineManager - trigger: - - event: patchset-created - - -jobs: - - name: ^.*-merge$ - failure-message: This change was unable to be automatically merged with the current state of the repository. Please rebase your change and upload a new patchset. - hold-following-changes: true - - name: gate-tempest-devstack-vm - parameter-function: devstack_params - - name: ^.*-python27$ - parameter-function: python27_params - - -projects: - - name: openstack-ci/zuul - check: - - gate-zuul-merge: - - gate-zuul-docs - - gate-zuul-pep8 - - gate-zuul-pyflakes - - gate-zuul-python26 - - gate-zuul-python27 - gate: - - gate-zuul-merge: - - gate-zuul-docs - - gate-zuul-pep8 - - gate-zuul-pyflakes - - gate-zuul-python26 - - gate-zuul-python27 - post: - - zuul-coverage - - zuul-docs - publish: - - zuul-docs - - - name: openstack-ci/pypi-mirror - check: - - gate-pypi-mirror-merge: - - gate-pypi-mirror-pyflakes - gate: - - gate-pypi-mirror-merge: - - gate-pypi-mirror-pyflakes - - - name: openstack-ci/gerrit - check: - - gate-gerrit-merge: - - check-gerrit-unittests - gate: - - gate-gerrit-merge: - - gate-gerrit-unittests - post: - - gerrit-package - - - name: openstack-ci/gerritbot - check: - - gate-gerritbot-merge: - - gate-gerritbot-pep8 - - gate-gerritbot-pyflakes - gate: - - gate-gerritbot-merge: - - gate-gerritbot-pep8 - - gate-gerritbot-pyflakes - post: - - gerritbot-sdist-tarball - publish: - - gerritbot-pypi - - - name: openstack-ci/gerritlib - check: - - gate-gerritlib-merge: - - gate-gerritlib-pep8 - - gate-gerritlib-pyflakes - gate: - - gate-gerritlib-merge: - - gate-gerritlib-pep8 - - gate-gerritlib-pyflakes - publish: - - gerritlib-pypi - - - name: openstack-ci/gerrit-verification-status-plugin - check: - - gate-gerrit-verification-status-plugin-merge - gate: - - gate-gerrit-verification-status-plugin-merge - - - name: openstack-ci/jenkins-job-builder - check: - - gate-jenkins-job-builder-merge - gate: - - gate-jenkins-job-builder-merge - - - name: openstack/openstack-ci-puppet - check: - - gate-ci-puppet-merge: - - gate-ci-puppet-syntax - gate: - - gate-ci-puppet-merge: - - gate-ci-puppet-syntax - - - name: openstack-ci/puppet-apparmor - check: - - gate-puppet-apparmor-merge - gate: - - gate-puppet-apparmor-merge - - - name: openstack-ci/puppet-dashboard - check: - - gate-puppet-dashboard-merge - gate: - - gate-puppet-dashboard-merge - - - name: openstack-ci/puppet-vcsrepo - check: - - gate-puppet-vcsrepo-merge - gate: - - gate-puppet-vcsrepo-merge - - - name: openstack/cinder - check: - - gate-cinder-merge: - - gate-cinder-docs - - gate-cinder-pep8 - - gate-cinder-python26 - - gate-cinder-python27 - - gate-tempest-devstack-vm - gate: - - gate-cinder-merge: - - gate-cinder-docs - - gate-cinder-pep8 - - gate-cinder-python26 - - gate-cinder-python27 - - gate-tempest-devstack-vm - post: - - cinder-tarball - - cinder-coverage - - cinder-docs - publish: - - cinder-tarball - - cinder-docs - - - name: openstack/glance - check: - - gate-glance-merge: - - gate-glance-pep8 - - gate-glance-python26 - - gate-glance-python27 - - gate-tempest-devstack-vm - gate: - - gate-glance-merge: - - gate-glance-pep8 - - gate-glance-python26 - - gate-glance-python27 - - gate-tempest-devstack-vm - post: - - glance-tarball - - glance-coverage - - glance-docs - publish: - - glance-tarball - - glance-docs - - - name: openstack/horizon - check: - - gate-horizon-merge: - - gate-horizon-docs - - gate-horizon-pep8 - - gate-horizon-python26 - - gate-horizon-python27 - - gate-horizon-selenium - - gate-tempest-devstack-vm - gate: - - gate-horizon-merge: - - gate-horizon-docs - - gate-horizon-pep8 - - gate-horizon-python26 - - gate-horizon-python27 - - gate-horizon-selenium - - gate-tempest-devstack-vm - post: - - horizon-tarball - - horizon-coverage - - horizon-docs - publish: - - horizon-tarball - - horizon-docs - - - name: openstack/keystone - check: - - gate-keystone-merge: - - gate-keystone-docs - - gate-keystone-pep8 - - gate-keystone-python26 - - gate-keystone-python27 - - gate-tempest-devstack-vm - gate: - - gate-keystone-merge: - - gate-keystone-docs - - gate-keystone-pep8 - - gate-keystone-python26 - - gate-keystone-python27 - - gate-tempest-devstack-vm - post: - - keystone-tarball - - keystone-coverage - - keystone-docs - - - name: openstack/nova - check: - - gate-nova-merge: - - gate-nova-docs - - gate-nova-pep8 - - gate-nova-python26 - - gate-nova-python27 - - gate-tempest-devstack-vm - gate: - - gate-nova-merge: - - gate-nova-docs - - gate-nova-pep8 - - gate-nova-python26 - - gate-nova-python27 - - gate-tempest-devstack-vm - post: - - nova-tarball - - nova-coverage - - nova-docs - publish: - - nova-tarball - - nova-docs - - - name: openstack/openstack-common - check: - - gate-openstack-common-merge: - - gate-openstack-common-pep8 - - gate-openstack-common-python26 - - gate-openstack-common-python27 - gate: - - gate-openstack-common-merge: - - gate-openstack-common-pep8 - - gate-openstack-common-python26 - - gate-openstack-common-python27 - - - name: openstack/quantum - check: - - gate-quantum-merge: - - gate-quantum-docs - - gate-quantum-pep8 - - gate-quantum-python26 - - gate-quantum-python27 - gate: - - gate-quantum-merge: - - gate-quantum-docs - - gate-quantum-pep8 - - gate-quantum-python26 - - gate-quantum-python27 - post: - - quantum-tarball - - quantum-coverage - - quantum-docs - publish: - - quantum-tarball - - quantum-docs - - - name: openstack/swift - check: - - gate-swift-merge: - - gate-swift-docs - - gate-swift-pep8 - - gate-swift-python26 - - gate-swift-python27 - gate: - - gate-swift-merge: - - gate-swift-docs - - gate-swift-pep8 - - gate-swift-python26 - - gate-swift-python27 - post: - - swift-tarball - - swift-coverage - - swift-docs - publish: - - swift-tarball - - swift-docs - - - name: openstack/python-cinderclient - check: - - gate-python-cinderclient-merge: - - gate-python-cinderclient-docs - - gate-python-cinderclient-pep8 - - gate-python-cinderclient-python26 - - gate-python-cinderclient-python27 - gate: - - gate-python-cinderclient-merge: - - gate-python-cinderclient-docs - - gate-python-cinderclient-pep8 - - gate-python-cinderclient-python26 - - gate-python-cinderclient-python27 - post: - - python-cinderclient-sdist-tarball - - python-cinderclient-coverage - - python-cinderclient-docs - publish: - - python-cinderclient-pypi - - python-cinderclient-docs - - - name: openstack/python-glanceclient - check: - - gate-python-glanceclient-merge: - - gate-python-glanceclient-docs - - gate-python-glanceclient-pep8 - - gate-python-glanceclient-python26 - - gate-python-glanceclient-python27 - - gate-tempest-devstack-vm - gate: - - gate-python-glanceclient-merge: - - gate-python-glanceclient-docs - - gate-python-glanceclient-pep8 - - gate-python-glanceclient-python26 - - gate-python-glanceclient-python27 - - gate-tempest-devstack-vm - post: - - python-glanceclient-sdist-tarball - - python-glanceclient-coverage - - python-glanceclient-docs - publish: - - python-glanceclient-pypi - - python-glanceclient-docs - - - name: openstack/python-keystoneclient - check: - - gate-python-keystoneclient-merge: - - gate-python-keystoneclient-docs - - gate-python-keystoneclient-pep8 - - gate-python-keystoneclient-python26 - - gate-python-keystoneclient-python27 - - gate-tempest-devstack-vm - gate: - - gate-python-keystoneclient-merge: - - gate-python-keystoneclient-docs - - gate-python-keystoneclient-pep8 - - gate-python-keystoneclient-python26 - - gate-python-keystoneclient-python27 - - gate-tempest-devstack-vm - post: - - python-keystoneclient-sdist-tarball - - python-keystoneclient-coverage - - python-keystoneclient-docs - publish: - - python-keystoneclient-pypi - - python-keystoneclient-docs - - - name: openstack/python-novaclient - check: - - gate-python-novaclient-merge: - - gate-python-novaclient-docs - - gate-python-novaclient-pep8 - - gate-python-novaclient-python26 - - gate-python-novaclient-python27 - - gate-tempest-devstack-vm - gate: - - gate-python-novaclient-merge: - - gate-python-novaclient-docs - - gate-python-novaclient-pep8 - - gate-python-novaclient-python26 - - gate-python-novaclient-python27 - - gate-tempest-devstack-vm - post: - - python-novaclient-sdist-tarball - - python-novaclient-coverage - - python-novaclient-docs - publish: - - python-novaclient-pypi - - python-novaclient-docs - - - name: openstack/python-openstackclient - check: - - gate-python-openstackclient-merge: - - gate-python-openstackclient-docs - - gate-python-openstackclient-pep8 - - gate-python-openstackclient-python26 - - gate-python-openstackclient-python27 - gate: - - gate-python-openstackclient-merge: - - gate-python-openstackclient-docs - - gate-python-openstackclient-pep8 - - gate-python-openstackclient-python26 - - gate-python-openstackclient-python27 - post: - - python-openstackclient-sdist-tarball - - python-openstackclient-coverage - - python-openstackclient-docs - publish: - - python-openstackclient-pypi - - python-openstackclient-docs - - - name: openstack/python-quantumclient - check: - - gate-python-quantumclient-merge: - - gate-python-quantumclient-docs - - gate-python-quantumclient-pep8 - - gate-python-quantumclient-python26 - - gate-python-quantumclient-python27 - - gate-tempest-devstack-vm - gate: - - gate-python-quantumclient-merge: - - gate-python-quantumclient-docs - - gate-python-quantumclient-pep8 - - gate-python-quantumclient-python26 - - gate-python-quantumclient-python27 - - gate-tempest-devstack-vm - post: - - python-quantumclient-sdist-tarball - - python-quantumclient-coverage - - python-quantumclient-docs - publish: - - python-quantumclient-pypi - - python-quantumclient-docs - - - name: openstack/python-swiftclient - check: - - gate-python-swiftclient-merge: - - gate-python-swiftclient-docs - - gate-python-swiftclient-pep8 - - gate-python-swiftclient-python26 - - gate-python-swiftclient-python27 - gate: - - gate-python-swiftclient-merge: - - gate-python-swiftclient-docs - - gate-python-swiftclient-pep8 - - gate-python-swiftclient-python26 - - gate-python-swiftclient-python27 - post: - - python-swiftclient-sdist-tarball - - python-swiftclient-coverage - - python-swiftclient-docs - publish: - - python-swiftclient-pypi - - python-swiftclient-docs - - - name: openstack/requirements - check: - - gate-requirements-merge - gate: - - gate-requirements-merge - - - name: openstack-dev/devstack - check: - - gate-devstack-merge: - - gate-tempest-devstack-vm - gate: - - gate-devstack-merge: - - gate-tempest-devstack-vm - - - name: openstack-ci/devstack-gate - check: - - gate-devstack-gate-merge: - - gate-tempest-devstack-vm - gate: - - gate-devstack-gate-merge: - - gate-tempest-devstack-vm - - - name: openstack-dev/pbr - check: - - gate-pbr-merge: - - gate-pbr-docs - - gate-pbr-pep8 - - gate-pbr-python26 - - gate-pbr-python27 - gate: - - gate-pbr-merge: - - gate-pbr-docs - - gate-pbr-pep8 - - gate-pbr-python26 - - gate-pbr-python27 - post: - - pbr-sdist-tarball - - pbr-coverage - - pbr-docs - publish: - - pbr-pypi - - pbr-docs - - - name: openstack/tempest - check: - - gate-tempest-merge: - - gate-tempest-pep8 - - gate-tempest-devstack-vm - gate: - - gate-tempest-merge: - - gate-tempest-pep8 - - gate-tempest-devstack-vm - - - name: stackforge/ceilometer - check: - - gate-ceilometer-merge: - - gate-ceilometer-pep8 - - gate-ceilometer-python26 - - gate-ceilometer-python27 - - gate-ceilometer-python26-essex - - gate-ceilometer-python27-essex - gate: - - gate-ceilometer-merge: - - gate-ceilometer-pep8 - - gate-ceilometer-python26 - - gate-ceilometer-python27 - - - name: heat-api/heat - check: - - gate-heat-merge: - - gate-heat-pep8 - - gate-heat-python26 - - gate-heat-python27 - gate: - - gate-heat-merge: - - gate-heat-pep8 - - gate-heat-python26 - - gate-heat-python27 - - - name: stackforge/reddwarf - check: - - gate-reddwarf-merge: - - gate-reddwarf-pep8 - - gate-reddwarf-python26 - - gate-reddwarf-python27 - gate: - - gate-reddwarf-merge: - - gate-reddwarf-pep8 - - gate-reddwarf-python26 - - gate-reddwarf-python27 - diff --git a/modules/openstack_project/files/zuul/logging.conf b/modules/openstack_project/files/zuul/logging.conf deleted file mode 100644 index 8b76da2..0000000 --- a/modules/openstack_project/files/zuul/logging.conf +++ /dev/null @@ -1,44 +0,0 @@ -[loggers] -keys=root,zuul,gerrit - -[handlers] -keys=console,debug,normal - -[formatters] -keys=simple - -[logger_root] -level=WARNING -handlers=console - -[logger_zuul] -level=DEBUG -handlers=debug,normal -qualname=zuul - -[logger_gerrit] -level=DEBUG -handlers=debug,normal -qualname=gerrit - -[handler_console] -level=WARNING -class=StreamHandler -formatter=simple -args=(sys.stdout,) - -[handler_debug] -level=DEBUG -class=logging.handlers.TimedRotatingFileHandler -formatter=simple -args=('/var/log/zuul/debug.log', 'midnight', 1, 30,) - -[handler_normal] -level=INFO -class=logging.handlers.TimedRotatingFileHandler -formatter=simple -args=('/var/log/zuul/zuul.log', 'midnight', 1, 30,) - -[formatter_simple] -format=%(asctime)s %(levelname)s %(name)s: %(message)s -datefmt= diff --git a/modules/openstack_project/files/zuul/openstack_functions.py b/modules/openstack_project/files/zuul/openstack_functions.py deleted file mode 100644 index 6692026..0000000 --- a/modules/openstack_project/files/zuul/openstack_functions.py +++ /dev/null @@ -1,7 +0,0 @@ -def devstack_params(change, params): - if change.branch == 'stable/diablo': - params['NODE_LABEL'] = 'devstack-oneiric' - -def python27_params(change, params): - if change.branch == 'stable/diablo': - params['NODE_LABEL'] = 'oneiric' diff --git a/modules/openstack_project/manifests/backup_server.pp b/modules/openstack_project/manifests/backup_server.pp deleted file mode 100644 index 812091c..0000000 --- a/modules/openstack_project/manifests/backup_server.pp +++ /dev/null @@ -1,5 +0,0 @@ -class openstack_project::backup_server { - class { 'openstack_project::template': - iptables_public_tcp_ports => [] - } -} diff --git a/modules/openstack_project/manifests/bare_slave.pp b/modules/openstack_project/manifests/bare_slave.pp deleted file mode 100644 index af87ee0..0000000 --- a/modules/openstack_project/manifests/bare_slave.pp +++ /dev/null @@ -1,12 +0,0 @@ -# bare-bones slaves spun up by jclouds. Specifically need to not set ssh -# login limits, because it screws up jclouds provisioning -class openstack_project::bare_slave($install_users=true) { - class { 'openstack_project::base': - install_users => $install_users - } - - class { 'jenkins_slave': - ssh_key => "", - user => false - } -} diff --git a/modules/openstack_project/manifests/base.pp b/modules/openstack_project/manifests/base.pp deleted file mode 100644 index d6ced96..0000000 --- a/modules/openstack_project/manifests/base.pp +++ /dev/null @@ -1,66 +0,0 @@ -class openstack_project::base($install_users=true) { - include openstack_project::users - include sudoers - - file { '/etc/profile.d/Z98-byobu.sh': - ensure => 'absent' - } - - package { "popularity-contest": - ensure => purged - } - - if ( $lsbdistcodename == "oneiric" ) { - include apt - apt::ppa { 'ppa:git-core/ppa': } - package { "git": - ensure => latest, - require => Apt::Ppa['ppa:git-core/ppa'] - } - } else { - package { "git": - ensure => present, - } - } - - $packages = ["puppet", - "python-setuptools", - "python-virtualenv"] - package { $packages: ensure => "present" } - - if ($install_users) { - - package { ["byobu", "emacs23-nox"]: - ensure => "present" - } - - realize ( - User::Virtual::Localuser["mordred"], - User::Virtual::Localuser["corvus"], - User::Virtual::Localuser["soren"], - User::Virtual::Localuser["linuxjedi"], - User::Virtual::Localuser["devananda"], - User::Virtual::Localuser["clarkb"], - ) - } - - # Download and set up puppet apt repo - exec { "download:puppetlabs-release-${lsbdistcodename}.deb": - command => "/usr/bin/wget http://apt.puppetlabs.com/puppetlabs-release-${lsbdistcodename}.deb -O /root/puppetlabs-release-${lsbdistcodename}.deb", - creates => "/root/puppetlabs-release-${lsbdistcodename}.deb", - } - exec { "dpkg:puppetlabs-release-${lsbdistcodename}.deb": - command => "/usr/bin/dpkg -i /root/puppetlabs-release-${lsbdistcodename}.deb", - onlyif => "/usr/bin/test ! -f /etc/apt/sources.list.d/puppetlabs.list", - require => Exec["download:puppetlabs-release-${lsbdistcodename}.deb"], - } - - file { '/etc/puppet/puppet.conf': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - content => template('openstack_project/puppet.conf.erb'), - replace => 'true', - } -} diff --git a/modules/openstack_project/manifests/community.pp b/modules/openstack_project/manifests/community.pp deleted file mode 100644 index 1df63e4..0000000 --- a/modules/openstack_project/manifests/community.pp +++ /dev/null @@ -1,9 +0,0 @@ -class openstack_project::community { - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 8099, 8080] - } - - realize ( - User::Virtual::Localuser["smaffulli"], - ) -} diff --git a/modules/openstack_project/manifests/dashboard.pp b/modules/openstack_project/manifests/dashboard.pp deleted file mode 100644 index b69abbb..0000000 --- a/modules/openstack_project/manifests/dashboard.pp +++ /dev/null @@ -1,21 +0,0 @@ -class openstack_project::dashboard( - $password, - $mysql_password) { - - class { 'openstack_project::template': - iptables_public_tcp_ports => [80, 443, 3000] - } - - class {'::dashboard': - dashboard_ensure => 'present', - dashboard_user => 'www-data', - dashboard_group => 'www-data', - dashboard_password => $password, - dashboard_db => 'dashboard_prod', - dashboard_charset => 'utf8', - dashboard_site => $fqdn, - dashboard_port => '3000', - mysql_root_pw => $mysql_password, - passenger => true, - } -} diff --git a/modules/openstack_project/manifests/eavesdrop.pp b/modules/openstack_project/manifests/eavesdrop.pp deleted file mode 100644 index 3143bd8..0000000 --- a/modules/openstack_project/manifests/eavesdrop.pp +++ /dev/null @@ -1,16 +0,0 @@ -class openstack_project::eavesdrop($nickpass) { - class { 'openstack_project::server': - - iptables_public_tcp_ports => [80] - } - include meetbot - - meetbot::site { "openstack": - nick => "openstack", - nickpass => $nickpass, - network => "FreeNode", - server => "chat.us.freenode.net:7000", - channels => "#openstack #openstack-dev #openstack-meeting", - use_ssl => "True" - } -} diff --git a/modules/openstack_project/manifests/etherpad.pp b/modules/openstack_project/manifests/etherpad.pp deleted file mode 100644 index f407b22..0000000 --- a/modules/openstack_project/manifests/etherpad.pp +++ /dev/null @@ -1,21 +0,0 @@ -class openstack_project::etherpad( - $etherpad_crt, - $etherpad_key, - $database_password) { - class { 'openstack_project::server': - iptables_public_tcp_ports => [22, 80, 443] - } - - include etherpad_lite - class { 'etherpad_lite::apache': - etherpad_crt => $etherpad_crt, - etherpad_key => $etherpad_key, - } - class { 'etherpad_lite::site': - database_password => $database_password, - } - class { 'etherpad_lite::mysql': - database_password => $database_password, - } - include etherpad_lite::backup -} diff --git a/modules/openstack_project/manifests/gerrit.pp b/modules/openstack_project/manifests/gerrit.pp deleted file mode 100644 index 5e7c986..0000000 --- a/modules/openstack_project/manifests/gerrit.pp +++ /dev/null @@ -1,159 +0,0 @@ -# A wrapper class around the main gerrit class that sets gerrit -# up for launchpad single sign on, bug/blueprint links and user -# import and sync -# TODO: launchpadlib creds for user sync script - -class openstack_project::gerrit ( - $vhost_name=$fqdn, - $canonicalweburl="https://$fqdn/", - $serveradmin='webmaster@openstack.org', - $ssl_cert_file='', - $ssl_key_file='', - $ssl_chain_file='', - $email='', - $database_poollimit='', - $container_heaplimit='', - $core_packedgitopenfiles='', - $core_packedgitlimit='', - $core_packedgitwindowsize='', - $sshd_threads='', - $httpd_acceptorthreads='', - $httpd_minthreads='', - $httpd_maxthreads='', - $httpd_maxwait='', - $war, - $script_user='update', - $script_key_file='/home/gerrit2/.ssh/id_rsa', - $projects_file='UNDEF', - $github_username, - $github_oauth_token, - $mysql_password, - $mysql_root_password, - $email_private_key, - $testmode=false, -) { - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 29418] - } - - class { '::gerrit': - vhost_name => $vhost_name, - canonicalweburl => $canonicalweburl, - # opinions - enable_melody => 'true', - melody_session => 'true', - # passthrough - ssl_cert_file => $ssl_cert_file, - ssl_key_file => $ssl_key_file, - ssl_chain_file => $ssl_chain_file, - email => $email, - openidssourl => "https://login.launchpad.net/+openid", - database_poollimit => $database_poollimit, - container_heaplimit => $container_heaplimit, - core_packedgitopenfiles => $core_packedgitopenfiles, - core_packedgitlimit => $core_packedgitlimit, - core_packedgitwindowsize => $core_packedgitwindowsize, - sshd_threads => $sshd_threads, - httpd_acceptorthreads => $httpd_acceptorthreads, - httpd_minthreads => $httpd_minthreads, - httpd_maxthreads => $httpd_maxthreads, - httpd_maxwait => $httpd_maxwait, - commentlinks => [ { name => 'changeid', - match => '(I[0-9a-f]{8,40})', - link => '#q,$1,n,z' }, - - { name => 'launchpad', - match => '([Bb]ug|[Ll][Pp])[\\s#:]*(\\d+)', - link => 'https://code.launchpad.net/bugs/$2' }, - - { name => 'blueprint', - match => '([Bb]lue[Pp]rint|[Bb][Pp])[\\s#:]*([A-Za-z0-9\\-]+)', - link => 'https://blueprints.launchpad.net/openstack/?searchtext=$2' }, - ], - war => $war, - mysql_password => $mysql_password, - mysql_root_password => $mysql_root_password, - email_private_key => $email_private_key, - projects_file => $projects_file, - replicate_github => true, - testmode => $testmode, - require => Class[openstack_project::server], - } - if ($testmode == false) { - class { 'gerrit::cron': - script_user => $script_user, - script_key_file => $script_key_file, - } - class { 'github': - username => $github_username, - oauth_token => $github_oauth_token, - require => Class['::gerrit'] - } - } - - file { '/home/gerrit2/review_site/static/echosign-cla.html': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => 'puppet:///modules/openstack_project/gerrit/echosign-cla.html', - replace => 'true', - require => Class['::gerrit'], - } - - file { '/home/gerrit2/review_site/static/title.png': - ensure => 'present', - source => "puppet:///modules/openstack_project/openstack.png", - require => Class['::gerrit'], - } - - file { '/home/gerrit2/review_site/static/openstack-page-bkg.jpg': - ensure => 'present', - source => 'puppet:///modules/openstack_project/openstack-page-bkg.jpg', - require => Class['::gerrit'], - } - - file { '/home/gerrit2/review_site/etc/GerritSite.css': - ensure => 'present', - source => 'puppet:///modules/openstack_project/gerrit/GerritSite.css', - require => Class['::gerrit'], - } - - file { '/home/gerrit2/review_site/etc/GerritSiteHeader.html': - ensure => 'present', - source => 'puppet:///modules/openstack_project/gerrit/GerritSiteHeader.html', - require => Class['::gerrit'], - } - - cron { "gerritsyncusers": - ensure => absent, - } - - class { "launchpad_sync": - user => "gerrit2", - script_user => $script_user, - script_key_file => $script_key_file, - site => "openstack", - root_team => "openstack", - } - - file { '/home/gerrit2/review_site/hooks/change-merged': - owner => 'root', - group => 'root', - mode => 555, - ensure => 'present', - source => 'puppet:///modules/openstack_project/gerrit/change-merged', - replace => 'true', - require => Class['::gerrit'] - } - - file { '/home/gerrit2/review_site/hooks/patchset-created': - owner => 'root', - group => 'root', - mode => 555, - ensure => 'present', - source => 'puppet:///modules/openstack_project/gerrit/patchset-created', - replace => 'true', - require => Class['::gerrit'] - } -} diff --git a/modules/openstack_project/manifests/init.pp b/modules/openstack_project/manifests/init.pp deleted file mode 100644 index 5721497..0000000 --- a/modules/openstack_project/manifests/init.pp +++ /dev/null @@ -1,12 +0,0 @@ -class openstack_project { - - $jenkins_ssh_key = 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson' - - $sysadmins = [ - 'corvus@inaugust.com', - 'mordred@inaugust.com', - 'andrew@linuxjedi.co.uk', - 'devananda.vdv@gmail.com', - 'clark.boylan@gmail.com' - ] -} diff --git a/modules/openstack_project/manifests/jenkins.pp b/modules/openstack_project/manifests/jenkins.pp deleted file mode 100644 index 1dbc388..0000000 --- a/modules/openstack_project/manifests/jenkins.pp +++ /dev/null @@ -1,37 +0,0 @@ -class openstack_project::jenkins($jenkins_jobs_password) { - - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 4155] - } - - class { 'jenkins_master': - vhost_name => 'jenkins.openstack.org', - serveradmin => 'webmaster@openstack.org', - logo => 'openstack.png', - ssl_cert_file => '/etc/ssl/certs/jenkins.openstack.org.pem', - ssl_key_file => '/etc/ssl/private/jenkins.openstack.org.key', - ssl_chain_file => '/etc/ssl/certs/intermediate.pem', - } - - class { "jenkins_job_builder": - url => "https://jenkins.openstack.org/", - username => "gerrig", - password => $jenkins_jobs_password, - } - - file { '/etc/jenkins_jobs/config': - owner => 'root', - group => 'root', - mode => 755, - ensure => 'directory', - recurse => true, - source => ['puppet:///modules/openstack_project/jenkins_job_builder/config'], - notify => Exec["jenkins_jobs_update"] - } - - file { "/etc/default/jenkins": - ensure => 'present', - source => 'puppet:///modules/openstack_project/jenkins/jenkins.default' - } - -} diff --git a/modules/openstack_project/manifests/jenkins_dev.pp b/modules/openstack_project/manifests/jenkins_dev.pp deleted file mode 100644 index 5d064e6..0000000 --- a/modules/openstack_project/manifests/jenkins_dev.pp +++ /dev/null @@ -1,18 +0,0 @@ -class openstack_project::jenkins_dev { - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443, 4155] - } - include bup - bup::site { 'rs-ord': - backup_user => 'bup-jenkins-dev', - backup_server => 'ci-backup-rs-ord.openstack.org' - } - class { 'jenkins_master': - vhost_name => 'jenkins-dev.openstack.org', - serveradmin => 'webmaster@openstack.org', - logo => 'openstack.png', - ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', - ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', - ssl_chain_file => '', - } -} diff --git a/modules/openstack_project/manifests/lists.pp b/modules/openstack_project/manifests/lists.pp deleted file mode 100644 index 70dcd69..0000000 --- a/modules/openstack_project/manifests/lists.pp +++ /dev/null @@ -1,21 +0,0 @@ -class openstack_project::lists($listadmins) { - # Using openstack_project::template instead of openstack_project::server - # because the exim config on this machine is almost certainly - # going to be more complicated than normal. - class { 'openstack_project::template': - iptables_public_tcp_ports => [25, 80, 465] - } - - class { 'exim': - sysadmin => $listadmins, - mailman_domains => ['lists.openstack.org'], - } - - class { 'mailman': - vhost_name => 'lists.openstack.org' - } - - realize ( - User::Virtual::Localuser["oubiwann"], - ) -} diff --git a/modules/openstack_project/manifests/paste.pp b/modules/openstack_project/manifests/paste.pp deleted file mode 100644 index 43f7534..0000000 --- a/modules/openstack_project/manifests/paste.pp +++ /dev/null @@ -1,14 +0,0 @@ -class openstack_project::paste { - class { 'openstack_project::server': - iptables_public_tcp_ports => [80] - } - include lodgeit - lodgeit::site { "openstack": - port => "5000", - image => "header-bg2.png" - } - - lodgeit::site { "drizzle": - port => "5001" - } -} diff --git a/modules/openstack_project/manifests/planet.pp b/modules/openstack_project/manifests/planet.pp deleted file mode 100644 index 0ab4219..0000000 --- a/modules/openstack_project/manifests/planet.pp +++ /dev/null @@ -1,10 +0,0 @@ -class openstack_project::planet { - class { 'openstack_project::server': - iptables_public_tcp_ports => [80] - } - include ::planet - - planet::site { "openstack": - git_url => "https://github.com/openstack/openstack-planet.git" - } -} diff --git a/modules/openstack_project/manifests/puppet_cron.pp b/modules/openstack_project/manifests/puppet_cron.pp deleted file mode 100644 index acb8317..0000000 --- a/modules/openstack_project/manifests/puppet_cron.pp +++ /dev/null @@ -1,20 +0,0 @@ -class openstack_project::puppet_cron($ensure=present) { - include logrotate - - class { 'puppetboot': - ensure => $ensure - } - cron { "updatepuppet": - ensure => $ensure, - user => root, - minute => "*/15", - command => 'apt-get update >/dev/null 2>&1 ; sleep $((RANDOM\%600)) && /bin/bash /root/openstack-ci-puppet/run_puppet.sh /root/openstack-ci-puppet', - environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin", - } - logrotate::file { 'updatepuppet': - ensure => $ensure, - log => '/var/log/manifest.log', - options => ['compress', 'delaycompress', 'missingok', 'rotate 7', 'daily', 'notifempty'], - require => Cron['updatepuppet'], - } -} diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp deleted file mode 100644 index ee48ee1..0000000 --- a/modules/openstack_project/manifests/puppetmaster.pp +++ /dev/null @@ -1,21 +0,0 @@ -class openstack_project::puppetmaster { - class { 'openstack_project::server': - iptables_public_tcp_ports => [8140] - } - cron { "updatepuppetmaster": - user => root, - minute => "*/15", - command => 'sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet/production && /usr/bin/git pull -q && /bin/bash install_modules.sh', - environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin", - } - - file { '/etc/puppet/hiera.yaml': - owner => 'root', - group => 'root', - mode => 555, - ensure => 'present', - source => 'puppet:///modules/openstack_project/puppetmaster/hiera.yaml', - replace => 'true', - require => Class['openstack_project::server'] - } -} diff --git a/modules/openstack_project/manifests/pypi.pp b/modules/openstack_project/manifests/pypi.pp deleted file mode 100644 index 4523dc6..0000000 --- a/modules/openstack_project/manifests/pypi.pp +++ /dev/null @@ -1,19 +0,0 @@ -class openstack_project::pypi { - include tmpreaper - include unattended_upgrades - include openstack_project - - # include jenkins slave so that build deps are there for the pip download - class { 'jenkins_slave': - ssh_key => "", - user => false - } - - class { 'openstack_project::server': - iptables_public_tcp_ports => [80] - } - - class { "pypimirror": - projects => $openstack_project::project_list, - } -} diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp deleted file mode 100644 index a03f26d..0000000 --- a/modules/openstack_project/manifests/review.pp +++ /dev/null @@ -1,64 +0,0 @@ -# Current thinking on Gerrit tuning parameters: - -# database.poolLimit: -# This limit must be several units higher than the total number of -# httpd and sshd threads as some request processing code paths may need -# multiple connections. -# database.poolLimit = 1 + max(sshd.threads,sshd.batchThreads) + sshd.streamThreads + sshd.commandStartThreads + httpd.acceptorThreads + httpd.maxThreads -# http://groups.google.com/group/repo-discuss/msg/4c2809310cd27255 -# or "2x sshd.threads" -# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a - -# container.heaplimit: -# core.packedgit* -# http://groups.google.com/group/repo-discuss/msg/269024c966e05d6a - -# sshd.threads: -# http://groups.google.com/group/repo-discuss/browse_thread/thread/b91491c185295a71 - -# httpd.maxWait: -# 12:07 <@spearce> httpd.maxwait defaults to 5 minutes and is how long gerrit -# waits for an idle sshd.thread before aboring the http request -# 12:08 <@spearce> ironically -# 12:08 <@spearce> ProjectQosFilter passes this value as minutes -# 12:08 <@spearce> to a method that accepts milliseconds -# 12:09 <@spearce> so. you get 5 milliseconds before aborting -# thus, set it to 5000minutes until the bug is fixed. -class openstack_project::review( - $github_oauth_token, - $mysql_password, - $mysql_root_password, - $email_private_key, - $gerritbot_password) { - include openstack_project - class { 'openstack_project::gerrit': - ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem', - ssl_key_file => '/etc/ssl/private/review.openstack.org.key', - ssl_chain_file => '/etc/ssl/certs/intermediate.pem', - email => 'review@openstack.org', - database_poollimit => '150', # 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up) - container_heaplimit => '8g', - core_packedgitopenfiles => '4096', - core_packedgitlimit => '400m', - core_packedgitwindowsize => '16k', - sshd_threads => '100', - httpd_maxwait => '5000min', - war => 'http://tarballs.openstack.org/ci/gerrit-2.4.2-11-gb5a28fb.war', - script_user => 'launchpadsync', - script_key_file => '/home/gerrit2/.ssh/launchpadsync_rsa', - projects_file => 'puppet:///openstack_project/review.projects.yaml', - github_username => 'openstack-gerrit', - github_oauth_token => $github_oauth_token, - mysql_password => $mysql_password, - mysql_root_password => $mysql_root_password, - email_private_key => $email_private_key, - } - class { 'gerritbot': - nick => 'openstackgerrit', - password => $gerritbot_password, - server => 'irc.freenode.net', - user => 'gerritbot', - vhost_name => $fqdn - } - include gerrit::remotes -} diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp deleted file mode 100644 index bbf184c..0000000 --- a/modules/openstack_project/manifests/review_dev.pp +++ /dev/null @@ -1,21 +0,0 @@ -class openstack_project::review_dev( - $github_oauth_token, - $mysql_password, - $mysql_root_password, - $email_private_key) { - class { 'openstack_project::gerrit': - vhost_name => 'review-dev.openstack.org', - canonicalweburl => "https://review-dev.openstack.org/", - ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', - ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', - ssl_chain_file => '', - email => "review-dev@openstack.org", - war => 'http://tarballs.openstack.org/ci/gerrit-2.4.2-11-gb5a28fb.war', - projects_file => 'puppet:///openstack_project/review-dev.projects.yaml', - github_username => 'openstack-gerrit-dev', - github_oauth_token => $github_oauth_token, - mysql_password => $mysql_password, - mysql_root_password => $mysql_root_password, - email_private_key => $email_private_key, - } -} diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp deleted file mode 100644 index 3bcd4e0..0000000 --- a/modules/openstack_project/manifests/server.pp +++ /dev/null @@ -1,10 +0,0 @@ -# A server that we expect to run for some time -class openstack_project::server ($iptables_public_tcp_ports = []) { - include openstack_project - class { 'openstack_project::template': - iptables_public_tcp_ports => $iptables_public_tcp_ports - } - class { 'exim': - sysadmin => $openstack_project::sysadmins - } -} diff --git a/modules/openstack_project/manifests/slave.pp b/modules/openstack_project/manifests/slave.pp deleted file mode 100644 index 8191625..0000000 --- a/modules/openstack_project/manifests/slave.pp +++ /dev/null @@ -1,13 +0,0 @@ -class openstack_project::slave { - include openstack_project - include tmpreaper - include unattended_upgrades - class { 'openstack_project::server': - iptables_public_tcp_ports => [] - } - class { 'jenkins_slave': - ssh_key => $openstack_project::jenkins_ssh_key - } -} - - diff --git a/modules/openstack_project/manifests/slave_template.pp b/modules/openstack_project/manifests/slave_template.pp deleted file mode 100644 index ebcdd39..0000000 --- a/modules/openstack_project/manifests/slave_template.pp +++ /dev/null @@ -1,15 +0,0 @@ -class openstack_project::slave_template( - $install_users=true, - $ssh_key=$openstack_project::jenkins_ssh_key - ) { - include openstack_project - class { 'openstack_project::template': - iptables_public_tcp_ports => [], - install_users => $install_users, - } - class { 'jenkins_slave': - ssh_key => $ssh_key, - sudo => true, - bare => true - } -} diff --git a/modules/openstack_project/manifests/static.pp b/modules/openstack_project/manifests/static.pp deleted file mode 100644 index 406b498..0000000 --- a/modules/openstack_project/manifests/static.pp +++ /dev/null @@ -1,47 +0,0 @@ -class openstack_project::static -{ - - class { 'openstack_project::server': - iptables_public_tcp_ports => [22, 80, 443] - } - - include apache - - apache::vhost { 'tarballs.openstack.org': - port => 80, - priority => '50', - docroot => '/srv/static/tarballs', - require => File['/srv/static/tarballs'], - } - - apache::vhost { 'ci.openstack.org': - port => 80, - priority => '50', - docroot => '/srv/static/ci', - require => File['/srv/static/ci'], - } - - apache::vhost { 'logs.openstack.org': - port => 80, - priority => '50', - docroot => '/srv/static/logs', - require => File['/srv/static/logs'], - } - - file { '/srv/static': - ensure => directory - } - - file { '/srv/static/tarballs': - ensure => directory - } - - file { '/srv/static/ci': - ensure => directory - } - - file { '/srv/static/logs': - ensure => directory - } - -} diff --git a/modules/openstack_project/manifests/template.pp b/modules/openstack_project/manifests/template.pp deleted file mode 100644 index aeb3ecc..0000000 --- a/modules/openstack_project/manifests/template.pp +++ /dev/null @@ -1,17 +0,0 @@ -# A template host with no running services -class openstack_project::template ( - $iptables_public_tcp_ports, - $install_users = true - ) { - include ntp - include ssh - include snmpd - include unattended_upgrades - - class { 'iptables': - public_tcp_ports => $iptables_public_tcp_ports, - } - class { 'openstack_project::base': - install_users => $install_users - } -} diff --git a/modules/openstack_project/manifests/users.pp b/modules/openstack_project/manifests/users.pp deleted file mode 100644 index 86defc9..0000000 --- a/modules/openstack_project/manifests/users.pp +++ /dev/null @@ -1,48 +0,0 @@ -class openstack_project::users { - include user::virtual - - @user::virtual::localuser { 'mordred': - realname => 'Monty Taylor', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyxfIpVCvZyM8BIy7r7WOSIG6Scxq4afean1Pc/bej5ZWHXCu1QnhGbI7rW3sWciEhi375ILejfODl2TkBpfdJe/DL205lLkTxAa+FUqcZ5Ymwe+jBgCH5XayzyhRPFFLn07IfA/BDAjGPqFLvq6dCEHVNJIui6oEW7OUf6a3376YF55r9bw/8Ct00F9N7zrISeSSeZXbNR+dEqcsBEKBqvZGcLtM4jzDzNXw1ITPPMGaoEIIszLpkkJcy8u/13GIrbAwNrB2wjl6Mzj+N9nTsB4rFtxRXp31ZbytCH5G9CL/mFard7yi8NLVEJPZJvAifNVhooxGN06uAiTFE8EsuQ== mtaylor@qualinost\n", - } - - @user::virtual::localuser { 'corvus': - realname => 'James E. Blair', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvKYcWK1T7e3PKSFiqb03EYktnoxVASpPoq2rJw2JvhsP0JfS+lKrPzpUQv7L4JCuQMsPNtZ8LnwVEft39k58Kh8XMebSfaqPYAZS5zCNvQUQIhP9myOevBZf4CDeG+gmssqRFcWEwIllfDuIzKBQGVbomR+Y5QuW0HczIbkoOYI6iyf2jB6xg+bmzR2HViofNrSa62CYmHS6dO04Z95J27w6jGWpEOTBjEQvnb9sdBc4EzaBVmxCpa2EilB1u0th7/DvuH0yP4T+X8G8UjW1gZCTOVw06fqlBCST4KjdWw1F/AuOCT7048klbf4H+mCTaEcPzzu3Fkv8ckMWtS/Z9Q== jeblair@operational-necessity\n", - } - - @user::virtual::localuser { 'soren': - realname => 'Soren Hansen', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyAtAccJ8ndh6wzq3vY1izHTdPh3kAKtjBK6P390ClIRBA3CfjKS6KaKSeGs1xZ4WZhOk9oz4d/+Ep7iOXLpUnYYjHm5bLD8o6jKAhKohoABzCyj3ONPNxvxvsvdahSPLONC6H1PlbhvTbn9UwEtZ//migJTATdLQEjXHaNhNJ8UZz9XtCf1Qv4YiYmyRId6h5N+OPNU4OmqlCZyanBXKN5jK1Kubq6SseY++74Y54ZPXVccGmJDTOfNBfM1nR0+f2Mq2iHR0a3PuJcGXFx/P4mIA0Knyh98W6esB9fG7/JVID2bGpJ6c91+AkL9fmwOpfWrk7rr13+iGiH2RTcmd0w== soren@lenny\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsyOiibrrRfTohhS2+lwsIIV66/AS+iZZrv02tVfdUG/XHDECrvgrnW+FdQ+642X/WW5SllxIvDCsc4pxQS0lWgg0wLg6ATRNbwPz9NPTqbYS5bgoMvVWP6e9qOKTWJAo4TKgNrsgGahilwJUOn0KiWe8pLBCrgkAbPNY7uiZHrn5t/GsIgQIXX9Pzdw2wn9oB+q5hAaYODLYlEl+lfDv45/10DQOO6cqsvi0et/S7094eji9MdK8YUmEdBNg+lP8DI2jo4/sQDxM+QCaBlzEeM9wNQEbc53lxtZOWkjz3Td/lglXk6MDwV9Ar6kIZ/x4Tr08Tp37ZtSl2CozBFdvV soren@francisco\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/COCZmvgUVmhF+c/qyu7ZSBBOs/zO5ddYtEjRLFFHwSB87kSgN53G0Wb55LmyHqLwkuOCcP4C73eZeKAxby4ipyu3ig2jTO7BSbvbp/tFna0qNDejnvVJWuad7znhinfHbxDJ6tiPxVjyYvqD91L32yj38Eg/WAVbFOkj1vChFfMlXbfGmspC+7ioiqP91N82JESZLu2PraZtMSYmOb61ZbwZjbp0UG1vmp0MzAHR+TMTCedn0XKKyEeaPnUKhRzruTwBwIMSSPItNNwKz/86BxAaIUXXdB0rHctbP/iuIvTClqPDd4DrgcPSCV9MhFzsdC35yHD83npPC5MHzQqcJJt2+8YzEOwYRWtTwPujsRyPHrktSGSSIyFzEM06onp0qJAwYQ3EvzKjmCll3NrsWeaImwetpJrvWYbNV6K4YzarJBwNnEuB85G0hbrczu3QFu8YhwmPKoiHQaCZfwFAQWYUs+QAhsDsM/CODMP8wrhWt0e0T5A7S3phf5LW/K8= cardno:00050000034B", - } - - @user::virtual::localuser { 'smaffulli': - realname => 'Stefano Maffulli', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/zAvXaOUXCAT6/B4sCMu/38d/PyOIg/tYsYFAMgfDUzuZwkjZWNGrTpp/HFrOAZISER5KmOg48DKPvm91AeZOHfAXHCP6x9/FcogP9rmc48ym1B5XyIc78QVQjgN6JMSlEZsl0GWzFhQsPDjXundflY07TZfSC1IhpG9UgzamEVFcRjmNztnBuvq2uYVGpdI+ghmqFw9kfvSXJvUbj/F7Pco5XyJBx2e+gofe+X/UNee75xgoU/FyE2a6dSSc4uP4oUBvxDNU3gIsUKrSCmV8NuVQvMB8C9gXYR+JqtcvUSS9DdUAA8StP65woVsvuU+lqb+HVAe71JotDfOBd6f stefano@mattone-E6420\n", - } - - @user::virtual::localuser { 'linuxjedi': - realname => 'Andrew Hutchings', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWd+45ODB7c9YbNtIc8iVYioT1sPY7Gob9bm/WiiBA0CWLdaD8TzX1htBMYJeszdvDkThhdwVt4EyJIFuSc7MEQUEfDB/VyYAOJKNOb2Q9uC+INgdigQ03gxL2sTV6loTkHXdOpCQN7CD642IctS94VGDxJhGVSrzoJvMuJJDqDuI7xl37aIRAS7Ehh+B71p4gbLKvwrXDPEZL2FnpmevFQmhnq11/U1wK0864r+FjyNiDekwDSBSqtI5Ic5VoNWuCDW74/mlKrfaylfvr5/tDp9iJYixzH2PP6X+EHU3qfWNrABBJC3RG+KcQzqD8a+r+iE5UTEG2ISqjA0j6LR6b linuxjedi@linuxjedi-laptop\n", - } - - @user::virtual::localuser { 'devananda': - realname => 'Devananda van der Veen', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1sfZvhT3qLnszR77OEDMtdjyG68fq4RkgZuA/DLzaEm3fxG7+8yLQfiK/5hsMvDiqfjcNIBsWa0EM2xau/08wjSWBF1Cf8AWXYic/gczmWG/Ovpu2ZXGgtLG+xJQaUmg2IyV0IkdUKQne4Or3S1h4DnPBq6H2GGffASzZfkChYI15EAl9lxuNGsFN2QLYkAB7exzV3Zmb0UZ5Gh7D8qXngqzALPApAGq+CuQibX48fx0dCEQ5bUcwJOy30c2Ws7TTSxkOhSCJR56j6TA+g8nsKnaNyrmI0MV9gY1XXcgSkppcXoiuDdUU7j8WJIYZw+C0aoQ8QuaIVu8+vJNSbcqtQrGzyY+9sVuqXg26+aJhehY0hDHCZ5KV8EFjyyT0FqnDDShahY7Drk38wBtDuTUkTlV2G/UqlyVOjFwlQ71KE69yxrl5yfycy0UmdMazmmIC0+UCgE2gJ18RP9UWFolCJ7K/DQVk/uGFNeZXRO3KDDRCd6tOlderQv3g0aX6ndA5AYmMplO3erNgmbmSxo8HIws+VSS26/h0NVlUAo1OV8Xa7xbg7RX5sVwli/XDCnlXZOtCcYHy0s9e4/iDrE51RRWoPslE5bm2p+18iHraA4hzXCQFnyaZD6fe6MIrol2lzliz313lLyNbtx+qlthVO8cFi6cAjdDWx555R0SCGQ== Devananda-2012\n", - } - - @user::virtual::localuser { 'oubiwann': - realname => 'Duncan McGreggor', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAttca0Lahzo1rskWcCGwYh71ADmUsn/6RNBd7H7WVsX+QTacq90fpNghFNTen4I7tC1p0IemwHcCOb1noeXkjxl7W5r7l0OhiqMHp/u2ao0F3dINryuNEww2IHRhY6GwwGJ+slv+i4/FviUgqHZVzopUon/9VY0mu1wfu3vTRw0qXsvqr09Jiavt/8gJ0Fa5PsYkf7l0edFk0scTmGp3G4HY/ZvnbChfZMg6L/xcGPtK/GbLYg6PGtLVVnubXMtxD9GZYhwrY0i9Z2egcRI2W7IznM4OGFzYgA9HZqylPoWt4+ghzC5azUlbO2u6+8HigJVblAGHRWcznEf/ZDR3erw== oubiwann@rhosgobel\n", - } - - @user::virtual::localuser { 'clarkb': - realname => 'Clark Boylan', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlH6SNieyGDWNl4b9TM+zUgk+XTXRtqxyYxNh1p5e00u/ZrZPVrc7buPhnTHzEde0ABX0vgnZI2rC5Hf9cYY0aRgLHDuikQ4CQHPucslgZ5linjtWx5AuURp+oaJRCj00UZubJsatUx5vz+D4MGRLYmL+MErftYdI4sBbolATfLVwjrmxsd6KF1BZ0+9eEv2Xrk+yXN1A5RGPKBiuE6viDMZxrOuy7IW8+TQZW1LrsbTCAD1b+J5Nx0z/Hn3Rz71zEibdwM9xgu5vROu3p9kdaxu+Ndg/SvCCWlzoLQSeIAmcfGUlWg9IjEc3sQexX9BmUAsKQtu3aZFgq2V7aqtDN boylancl@boylancl1\n", - } - - @user::virtual::localuser { 'rlane': - realname => 'Ryan Lane', - sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdtI7H+fsgSrjrdG8aGVcrN0GFW3XqLVsLG4n7JW4qH2W//hqgdL7A7cNVQNPoB9I1jAqvnO2Ct6wrVSh84QU89Uufw412M3qNSNeiGgv2c2KdxP2XBrnsLYAaJRbgOWJX7nty1jpO0xwF503ky2W3OMUsCXMAbYmYNSod6gAdzf5Xgo/3+eXRh7NbV1eKPrzwWoMOYh9T0Mvmokon/GXV5PiAA2bIaQvCy4BH/BzWiQwRM7KtiEt5lHahY172aEu+dcWxciuxHqkYqlKhbU+x1fwZJ+MpXSj5KBU+L0yf3iKySob7g6DZDST/Ylcm4MMjpOy8/9Cc6Xgpx77E/Pvd laner@Free-Public-Wifi.local\n", - } -} diff --git a/modules/openstack_project/manifests/wiki.pp b/modules/openstack_project/manifests/wiki.pp deleted file mode 100644 index 23ec09e..0000000 --- a/modules/openstack_project/manifests/wiki.pp +++ /dev/null @@ -1,9 +0,0 @@ -class openstack_project::wiki { - class { 'openstack_project::server': - iptables_public_tcp_ports => [80, 443] - } - - realize ( - User::Virtual::Localuser["rlane"], - ) -} diff --git a/modules/openstack_project/manifests/zuul.pp b/modules/openstack_project/manifests/zuul.pp deleted file mode 100644 index 666bbd4..0000000 --- a/modules/openstack_project/manifests/zuul.pp +++ /dev/null @@ -1,32 +0,0 @@ -class openstack_project::zuul( - $jenkins_server, - $jenkins_user, - $jenkins_apikey, - $gerrit_server, - $gerrit_user - ) { - - class { "::zuul": - jenkins_server => $jenkins_server, - jenkins_user => $jenkins_user, - jenkins_apikey => $jenkins_apikey, - gerrit_server => $gerrit_server, - gerrit_user => $gerrit_user, - } - - file { "/etc/zuul/layout.yaml": - ensure => 'present', - source => 'puppet:///modules/openstack_project/zuul/layout.yaml', - notify => Exec['zuul-reload'], - } - file { "/etc/zuul/openstack_functions.py": - ensure => 'present', - source => 'puppet:///modules/openstack_project/zuul/openstack_functions.py', - notify => Exec['zuul-reload'], - } - file { "/etc/zuul/logging.conf": - ensure => 'present', - source => 'puppet:///modules/openstack_project/zuul/logging.conf', - notify => Exec['zuul-reload'], - } -} diff --git a/modules/openstack_project/templates/puppet.conf.erb b/modules/openstack_project/templates/puppet.conf.erb deleted file mode 100644 index 0fa7606..0000000 --- a/modules/openstack_project/templates/puppet.conf.erb +++ /dev/null @@ -1,24 +0,0 @@ -[main] -logdir=/var/log/puppet -vardir=/var/lib/puppet -ssldir=/var/lib/puppet/ssl -rundir=/var/run/puppet -factpath=$vardir/lib/facter -templatedir=$confdir/templates -server=ci-puppetmaster.openstack.org -certname=<%= fqdn %> -pluginsync=true - -[master] -# These are needed when the puppetmaster is run by passenger -# and can safely be removed if webrick is used. -ssl_client_header = SSL_CLIENT_S_DN -ssl_client_verify_header = SSL_CLIENT_VERIFY -manifestdir=/opt/openstack-ci-puppet/$environment/manifests -modulepath=/opt/openstack-ci-puppet/$environment/modules:/etc/puppet/modules -manifest=$manifestdir/site.pp -reports=store, http -reporturl=http://puppet-dashboard.openstack.org:3000/reports/upload - -[agent] -report=true diff --git a/modules/orchestra/files/99-orchestra.conf b/modules/orchestra/files/99-orchestra.conf deleted file mode 100644 index f35b3b6..0000000 --- a/modules/orchestra/files/99-orchestra.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Enable the udp server for installation logging -$ModLoad imudp -$UDPServerRun 514 - -$ModLoad imtcp # load TCP listener -$InputTCPMaxSessions 500 -$InputTCPServerRun 10514 # start up listener at port 10514 -$MaxMessageSize 32k - -# Message templating -$template DYNsyslog,"/var/log/orchestra/rsyslog/%FROMHOST%/syslog" -$FileCreateMode 0644 - -if \ - $fromhost-ip != '127.0.0.1' \ -then ?DYNsyslog -& ~ -$FileCreateMode 0640 - diff --git a/modules/orchestra/files/dnsmasq.template b/modules/orchestra/files/dnsmasq.template deleted file mode 100644 index 78c3c91..0000000 --- a/modules/orchestra/files/dnsmasq.template +++ /dev/null @@ -1,22 +0,0 @@ -# Cobbler generated configuration file for dnsmasq -# $date -# - -# resolve.conf .. ? -#no-poll -#enable-dbus -read-ethers -addn-hosts = /var/lib/cobbler/cobbler_hosts -#domain= -dhcp-ignore=tag:!known - -dhcp-range=10.14.247.37,10.14.247.45 -dhcp-option=3,10.14.247.33 -dhcp-lease-max=1000 -dhcp-authoritative -dhcp-boot=pxelinux.0 -dhcp-boot=net:normalarch,pxelinux.0 -dhcp-boot=net:ia64,$elilo - -$insert_cobbler_system_definitions - diff --git a/modules/orchestra/files/openstack-test.preseed b/modules/orchestra/files/openstack-test.preseed deleted file mode 100644 index b8d3156..0000000 --- a/modules/orchestra/files/openstack-test.preseed +++ /dev/null @@ -1,146 +0,0 @@ -# Orchestra - Ubuntu Server Installation -# * Minimal install -# * Cloud-init for bare-metal -# * Grab meta-data and user-data from cobbler server in a late command - -# d-i debian-installer/add-kernel-opts string --verbose - -# Locale -d-i debian-installer/locale string en_US.UTF-8 - -# No splash -d-i debian-installer/splash boolean false - -# Keyboard layout -d-i console-setup/ask_detect boolean false -d-i console-setup/layoutcode string us -d-i console-setup/variantcode string - -# Network configuration -d-i netcfg/get_nameservers string -d-i netcfg/get_ipaddress string -d-i netcfg/get_netmask string 255.255.255.0 -d-i netcfg/get_gateway string -d-i netcfg/confirm_static boolean true - -# Local clock (set to UTC and use ntp) -d-i clock-setup/utc boolean true -d-i clock-setup/ntp boolean true -d-i clock-setup/ntp-server string ntp.ubuntu.com - -# Partitioning -d-i partman-auto/method string lvm -d-i partman-lvm/device_remove_lvm boolean true -d-i partman-md/device_remove_md boolean true -d-i partman-lvm/confirm boolean true -d-i partman-auto-lvm/guided_size string 20GB -d-i partman-auto-lvm/new_vg_name string main -d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true -d-i partman-lvm/confirm_nooverwrite boolean true -d-i partman-md/confirm boolean true -d-i partman/default_filesystem string ext4 - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 40 300 300 ext3 \ - $primary{ } \ - $bootable{ } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext3 } \ - mountpoint{ /boot } \ - . \ - 2000 10000 1000000000 ext4 \ - $lvmok{ } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 8000 8000 200% linux-swap \ - $lvmok{ } \ - method{ swap } format{ } \ - . - - -# Use server kernel -d-i base-installer/kernel/image string linux-server - -# User Setup -d-i passwd/root-login boolean false -d-i passwd/make-user boolean true -d-i passwd/user-fullname string ubuntu -d-i passwd/username string ubuntu -d-i passwd/user-password-crypted password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4. -d-i passwd/user-uid string -d-i user-setup/allow-password-weak boolean false -d-i user-setup/encrypt-home boolean false -d-i passwd/user-default-groups string adm cdrom dialout lpadmin plugdev sambashare - -# APT -$SNIPPET('orchestra_proxy') - -# By default the installer requires that repositories be authenticated -# using a known gpg key. This setting can be used to disable that -# authentication. Warning: Insecure, not recommended. -d-i debian-installer/allow_unauthenticated string false - -# Lang -d-i pkgsel/language-packs multiselect en -d-i pkgsel/update-policy select none -d-i pkgsel/updatedb boolean true - -# Boot-loader -d-i grub-installer/skip boolean false -d-i lilo-installer/skip boolean false -d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean true -d-i finish-install/keep-consoles boolean false -d-i finish-install/reboot_in_progress note - -# Eject cdrom -d-i cdrom-detect/eject boolean true - -# Do not halt/poweroff after install -d-i debian-installer/exit/halt boolean false -d-i debian-installer/exit/poweroff boolean false - -d-i pkgsel/include string debconf byobu capistrano cloud-init openssh-server \ - python-software-properties vim \ - apache2 libapache2-mod-wsgi python-dateutil python-anyjson pep8 pylint \ - python-pip screen unzip wget psmisc git-core lsof openssh-server \ - vim-nox locate python-virtualenv python-unittest2 python-eventlet \ - python-routes python-greenlet python-argparse python-sqlalchemy \ - python-wsgiref python-pastedeploy python-xattr python-setuptools \ - python-dev python-lxml python-pastescript python-pastedeploy \ - python-paste sqlite3 python-pysqlite2 python-sqlalchemy python-webob \ - python-greenlet python-routes libldap2-dev libsasl2-dev dnsmasq-base \ - kpartx mysql-server python-mysqldb kvm gawk iptables ebtables sqlite3 \ - sudo kvm libvirt-bin vlan curl rabbitmq-server socat python-mox \ - python-paste python-migrate python-gflags python-greenlet \ - python-libvirt python-libxml2 python-routes python-netaddr \ - python-pastedeploy python-eventlet python-cheetah python-carrot \ - python-tempita python-sqlalchemy python-suds python-lockfile \ - python-m2crypto python-boto python-numpy mysql-common mysql-client-5.1 \ - erlang-base erlang-ssl erlang-nox erlang-inets erlang-mnesia \ - libhtml-template-perl gettext-base libavahi-client3 libxml2-utils \ - libpciaccess0 libparted0debian1 iscsitarget - -mysql-server-5.1 mysql-server/root_password password $SNIPPET('openstack_mysql_password') -mysql-server-5.1 mysql-server/root_password_again password $SNIPPET('openstack_mysql_password') -mysql-server-5.1 mysql-server/start_on_boot boolean true - -# Set cloud-init data source to manual seeding -cloud-init cloud-init/datasources multiselect NoCloud - -# Set rsyslog server -$SNIPPET('orchestra_rsyslog_client_config') - -# JuJu post scripts. Executes late command and disables PXE -d-i preseed/late_command string true && \ - $SNIPPET('openstack_cloud_init') && \ - $SNIPPET('openstack_module_blacklist') && \ - $SNIPPET('orchestra_rsyslog_obtain_keys') && \ - $SNIPPET('orchestra_disable_pxe') && \ - true diff --git a/modules/orchestra/files/openstack_cloud_init b/modules/orchestra/files/openstack_cloud_init deleted file mode 100644 index 4f28c71..0000000 --- a/modules/orchestra/files/openstack_cloud_init +++ /dev/null @@ -1,39 +0,0 @@ -#set http_server=$getVar('$http_server', 'true') -<% -import orchestra.utils.cloudinit -import base64 - -cfg = """#cloud-config -apt_update: false -apt_upgrade: false -disable_root: false -output: {all: '| tee -a /var/log/cloud-init-output.log'} -runcmd: - - echo "cloud init waiting" - - sleep 60 - - sudo apt-get -y install kexec-tools - - sudo sed -i /etc/default/kexec -e s/LOAD_KEXEC=false/LOAD_KEXEC=true/ - - sudo mkdir /var/spool/rsyslog - - sudo chown syslog.syslog /var/spool/rsyslog - - echo "\$ModLoad imuxsock" > /tmp/rsyslog.conf - - echo "\$WorkDirectory /var/spool/rsyslog" >> /tmp/rsyslog.conf - - echo "\$MaxMessageSize 32k" >> /tmp/rsyslog.conf - - echo "\$ActionQueueType LinkedList" >> /tmp/rsyslog.conf - - echo "\$ActionQueueFileName srvrfwd" >> /tmp/rsyslog.conf - - echo "\$ActionResumeRetryCount -1" >> /tmp/rsyslog.conf - - echo "\$ActionQueueSaveOnShutdown on" >> /tmp/rsyslog.conf - - echo "*.* @@%s:10514" >> /tmp/rsyslog.conf - - sudo mv /tmp/rsyslog.conf /etc/rsyslog.d/10-remote.conf - - sudo chown root.root /etc/rsyslog.d/10-remote.conf - - sudo lvrename /dev/main/root orig_root - - sudo lvcreate -L20G -s -n root /dev/main/orig_root - - reboot -ssh_authorized_keys: - - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson -""" % http_server - -user_data = orchestra.utils.cloudinit.get_user_data_late_command(base64.b64encode(cfg)) - -%> \ -$orchestra.utils.cloudinit.get_meta_data_late_command($getVar('$uid', 'true'), $getVar('$hostname', 'true')) \ && \ -$user_data \ diff --git a/modules/orchestra/files/openstack_module_blacklist b/modules/orchestra/files/openstack_module_blacklist deleted file mode 100644 index 458649e..0000000 --- a/modules/orchestra/files/openstack_module_blacklist +++ /dev/null @@ -1,7 +0,0 @@ -<% -import orchestra.utils.cloudinit -script = 'echo "blacklist xgifb" > /etc/modprobe.d/blacklist-xgifb.conf' - -blacklist = orchestra.utils.cloudinit._KSMETA_LATE_COMMAND_TEMPLATE % (orchestra.utils.cloudinit.base64_gzip(script), "blacklist") -%> \ -$blacklist \ \ No newline at end of file diff --git a/modules/orchestra/files/openstack_mysql_password b/modules/orchestra/files/openstack_mysql_password deleted file mode 100644 index d97c5ea..0000000 --- a/modules/orchestra/files/openstack_mysql_password +++ /dev/null @@ -1 +0,0 @@ -secret diff --git a/modules/orchestra/files/openstack_network_sleep b/modules/orchestra/files/openstack_network_sleep deleted file mode 100644 index dcd03f9..0000000 --- a/modules/orchestra/files/openstack_network_sleep +++ /dev/null @@ -1,7 +0,0 @@ -<% -import orchestra.utils.cloudinit -script = 'echo " pre-up sleep 60" >> /etc/network/interfaces' - -networksleep = orchestra.utils.cloudinit._KSMETA_LATE_COMMAND_TEMPLATE % (orchestra.utils.cloudinit.base64_gzip(script), "network-sleep") -%> \ -$networksleep \ \ No newline at end of file diff --git a/modules/orchestra/files/orchestra-jenkins-sudoers b/modules/orchestra/files/orchestra-jenkins-sudoers deleted file mode 100644 index 8874c21..0000000 --- a/modules/orchestra/files/orchestra-jenkins-sudoers +++ /dev/null @@ -1 +0,0 @@ -jenkins ALL = NOPASSWD: /usr/bin/cobbler, /sbin/restart rsyslog, /bin/rm -f /var/log/orchestra/rsyslog/* diff --git a/modules/orchestra/manifests/init.pp b/modules/orchestra/manifests/init.pp deleted file mode 100644 index 68019f4..0000000 --- a/modules/orchestra/manifests/init.pp +++ /dev/null @@ -1,93 +0,0 @@ -class orchestra { - package { ipmitool: ensure => present } - package { ubuntu-orchestra-server: ensure => present } - exec { cobbler-sync: - command => "/usr/bin/cobbler sync", - logoutput => true, - refreshonly => true, - subscribe => [ - File["/etc/cobbler/dnsmasq.template"], - File["/var/lib/cobbler/snippets/openstack_module_blacklist"], - File["/var/lib/cobbler/snippets/openstack_cloud_init"], - File["/var/lib/cobbler/snippets/openstack_network_sleep"], - File["/var/lib/cobbler/snippets/openstack_mysql_password"], - File["/var/lib/cobbler/kickstarts/openstack-test.preseed"], - ], - } - exec { rsyslog-restart: - command => "/sbin/restart rsyslog", - logoutput => true, - refreshonly => true, - subscribe => [ - File["/etc/rsyslog.d/99-orchestra.conf"], - ], - } - file { '/var/lib/cobbler/snippets/openstack_mysql_password': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => 'puppet:///modules/orchestra/openstack_mysql_password', - } - file { "/etc/cobbler/dnsmasq.template": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/orchestra/dnsmasq.template", - replace => 'true', - require => Package["ubuntu-orchestra-server"], - } - file { "/var/lib/cobbler/snippets/openstack_module_blacklist": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/orchestra/openstack_module_blacklist", - replace => 'true', - require => Package["ubuntu-orchestra-server"], - } - file { "/var/lib/cobbler/snippets/openstack_cloud_init": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/orchestra/openstack_cloud_init", - replace => 'true', - require => Package["ubuntu-orchestra-server"], - } - file { "/var/lib/cobbler/snippets/openstack_network_sleep": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/orchestra/openstack_network_sleep", - replace => 'true', - require => Package["ubuntu-orchestra-server"], - } - file { "/var/lib/cobbler/kickstarts/openstack-test.preseed": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/orchestra/openstack-test.preseed", - replace => 'true', - require => Package["ubuntu-orchestra-server"], - } - file { "/etc/sudoers.d/orchestra-jenkins": - owner => 'root', - group => 'root', - mode => 440, - ensure => 'present', - source => "puppet:///modules/orchestra/orchestra-jenkins-sudoers", - replace => 'true', - } - file { "/etc/rsyslog.d/99-orchestra.conf": - owner => 'root', - group => 'root', - mode => 440, - ensure => 'present', - source => "puppet:///modules/orchestra/99-orchestra.conf", - replace => 'true', - } -} diff --git a/modules/pip/manifests/init.pp b/modules/pip/manifests/init.pp deleted file mode 100644 index f10f34e..0000000 --- a/modules/pip/manifests/init.pp +++ /dev/null @@ -1,12 +0,0 @@ -class pip { - - package { "python-all-dev": - ensure => present - } - - package { "python-pip": - ensure => present, - require => Package[python-all-dev] - } - -} diff --git a/modules/planet/manifests/init.pp b/modules/planet/manifests/init.pp deleted file mode 100644 index 9801379..0000000 --- a/modules/planet/manifests/init.pp +++ /dev/null @@ -1,19 +0,0 @@ -class planet { - - package { 'planet-venus': - ensure => present - } - - file { '/srv/planet': - ensure => directory - } - - file { '/var/lib/planet': - ensure => directory - } - - file { '/var/log/planet': - ensure => directory - } - -} diff --git a/modules/planet/manifests/site.pp b/modules/planet/manifests/site.pp deleted file mode 100644 index cf26ce4..0000000 --- a/modules/planet/manifests/site.pp +++ /dev/null @@ -1,26 +0,0 @@ -define planet::site($git_url, $vhost_name="planet.${name}.org") { - - include apache - include remove_nginx - - apache::vhost { $vhost_name: - port => 80, - priority => '50', - docroot => "/srv/planet/${name}", - require => File["/srv/planet"], - } - - vcsrepo { "/var/lib/planet/${name}": - ensure => present, - provider => git, - source => $git_url, - require => File['/var/lib/planet'], - } - - cron { "update_planet_${name}": - user => root, - minute => "*/5", - command => "date >> /var/log/planet/${name}.log && cd /var/lib/planet/${name} && git pull -q --ff-only && planet /var/lib/planet/${name}/planet.ini >> /var/log/planet/${name}.log 2>&1" - } - -} diff --git a/modules/puppetboot/files/puppetboot.conf b/modules/puppetboot/files/puppetboot.conf deleted file mode 100644 index 93e27c5..0000000 --- a/modules/puppetboot/files/puppetboot.conf +++ /dev/null @@ -1,15 +0,0 @@ -author "Monty Taylor " -description "Applying puppet config on boot" - -start on runlevel[2345] - -script - cd /root/openstack-ci-puppet/modules - /usr/bin/git pull --ff-only - echo "Installing modules" >> /var/log/manifest.log - /bin/bash install_modules.sh >> /var/log/manifest.log - echo "Running puppet on boot" >> /var/log/manifest.log - date >> /var/log/manifest.log - /usr/bin/puppet apply --modulepath=/root/openstack-ci-puppet/modules -l /var/log/manifest.log /root/openstack-ci-puppet/manifests/site.pp -end script - diff --git a/modules/puppetboot/manifests/init.pp b/modules/puppetboot/manifests/init.pp deleted file mode 100644 index 0d8bb15..0000000 --- a/modules/puppetboot/manifests/init.pp +++ /dev/null @@ -1,11 +0,0 @@ -class puppetboot($ensure=present) { - file {'/etc/init/puppetboot.conf': - owner => 'root', - group => 'root', - mode => 644, - ensure => $ensure, - source => [ - "puppet:///modules/puppetboot/puppetboot.conf", - ], - } -} diff --git a/modules/pypimirror/files/process_cache.py b/modules/pypimirror/files/process_cache.py deleted file mode 100644 index 2b4c054..0000000 --- a/modules/pypimirror/files/process_cache.py +++ /dev/null @@ -1,90 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 Hewlett-Packard Development Company, L.P. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import os -import urllib -import datetime -import sys -import re -import md5 - -source_cache = sys.argv[1] -destination_mirror = sys.argv[2] - -PACKAGE_VERSION_RE = re.compile(r'(.*)-[0-9]') - -packages = {} -package_count = 0 - -for filename in os.listdir(source_cache): - if filename.endswith('content-type'): - continue - - realname = urllib.unquote(filename) - # The ? accounts for sourceforge downloads - tarball = os.path.basename(realname).split("?")[0] - name_match = PACKAGE_VERSION_RE.search(tarball) - - if name_match is None: - continue - package_name = name_match.group(1) - - version_list = packages.get(package_name,{}) - version_list[tarball] = filename - packages[package_name] = version_list - package_count = package_count + 1 - -full_html = open(os.path.join(destination_mirror, "full.html"), 'w') -simple_html = open(os.path.join(destination_mirror, "index.html"), 'w') - -header = "PyPI Mirror

    PyPI Mirror

    Last update: %s

    \n\n" % datetime.datetime.utcnow().strftime("%c UTC") -full_html.write(header) -simple_html.write(header) - -for package_name, versions in packages.items(): - destination_dir = os.path.join(destination_mirror, package_name) - if not os.path.isdir(destination_dir): - os.makedirs(destination_dir) - safe_dir = urllib.quote(package_name) - simple_html.write("%s
    \n" % (safe_dir, safe_dir)) - with open(os.path.join(destination_dir, "index.html"), 'w') as index: - index.write(""" - %s – PyPI Mirror -\n""" % package_name) - for tarball, filename in versions.items(): - source_path = os.path.join(source_cache, filename) - destination_path = os.path.join(destination_dir, tarball) - with open(destination_path, 'w') as dest: - src = open(source_path, 'r').read() - md5sum = md5.md5(src).hexdigest() - dest.write(src) - - safe_name = urllib.quote(tarball) - - full_html.write("%s
    \n" % (safe_dir, - safe_name, - safe_name)) - index.write("%s\n" % (safe_name, - md5sum, - safe_name)) - index.write("\n") -footer = """

    Generated by process_cache.py; %d -packages mirrored.

    -\n""" % package_count -full_html.write(footer) -full_html.close() -simple_html.write(footer) -simple_html.close() diff --git a/modules/pypimirror/files/pull-repo.sh b/modules/pypimirror/files/pull-repo.sh deleted file mode 100644 index 4687393..0000000 --- a/modules/pypimirror/files/pull-repo.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# This file is managed by puppet. -# https://github.com/openstack/openstack-ci-puppet - -export PIP_DOWNLOAD_CACHE=${PIP_DOWNLOAD_CACHE:-/var/cache/pip} -export PIP_TEMP_DOWNLOAD=${PIP_TEMP_DOWNLOAD:-/var/lib/pip-download} - -project=$1 -pip_command='/usr/local/bin/pip install -M -U -I --exists-action=w --no-install' - -cd ${PIP_TEMP_DOWNLOAD} -short_project=`echo ${project} | cut -f2 -d/` -if [ ! -d ${short_project} ] ; then - git clone git://github.com/${project}.git ${short_project} >/dev/null 2>&1 -fi -cd ${short_project} -$pip_command pip -git fetch origin -for branch in `git branch -a | grep remotes.origin | grep -v origin.HEAD | awk '{print $1}' ` ; do - git reset --hard $branch - git clean -x -f -d -q - echo "*********************" - echo "Fetching pip requires for $project:$branch" - for requires_file in tools/pip-requires tools/test-requires ; do - if [ -f ${requires_file} ] ; then - $pip_command -r $requires_file - fi - done -done diff --git a/modules/pypimirror/files/run_mirror.py b/modules/pypimirror/files/run_mirror.py deleted file mode 100755 index ab21588..0000000 --- a/modules/pypimirror/files/run_mirror.py +++ /dev/null @@ -1,81 +0,0 @@ -#! /usr/bin/env python -# Copyright (C) 2011 OpenStack, LLC. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# run_mirrors reads a project config file called projects.yaml -# It should look like: - -# - project: PROJECT_NAME - -import logging -import os -import subprocess -import shlex -import yaml - -def run_command(cmd, status=False, env={}): - cmd_list = shlex.split(str(cmd)) - newenv = os.environ - newenv.update(env) - p = subprocess.Popen(cmd_list, stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, env=newenv) - (out, nothing) = p.communicate() - if status: - return (p.returncode, out.strip()) - return out.strip() - - -def run_command_status(cmd, env={}): - return run_command(cmd, True, env) - - -logging.basicConfig(level=logging.ERROR) - -PROJECTS_YAML = os.environ.get('PROJECTS_YAML', - '/etc/openstackci/projects.yaml') -PIP_TEMP_DOWNLOAD = os.environ.get('PIP_TEMP_DOWNLOAD', - '/var/lib/pip-download') -GIT_SOURCE = os.environ.get('GIT_SOURCE', 'https://github.com') -pip_command = '/usr/local/bin/pip install -M -U -I --exists-action=w ' \ - '--no-install %s' - -run_command(pip_command % "pip") - -config = yaml.load(open(PROJECTS_YAML)) - -for section in config: - project = section['project'] - - os.chdir(PIP_TEMP_DOWNLOAD) - short_project = project.split('/')[1] - if not os.path.isdir(short_project): - run_command("git clone %s/%s.git %s" % (GIT_SOURCE, project, - short_project)) - os.chdir(short_project) - run_command("git fetch origin") - - for branch in run_command("git branch -a").split("\n"): - branch = branch.strip() - if (not branch.startswith("remotes/origin") - or "origin/HEAD" in branch): - continue - run_command("git reset --hard %s" % branch) - run_command("git clean -x -f -d -q") - print("*********************") - print("Fetching pip requires for %s:%s" % (project, branch)) - for requires_file in ("tools/pip-requires", "tools/test-requires"): - if os.path.exists(requires_file): - stanza = "-r %s" % requires_file - run_command(pip_command % stanza) - diff --git a/modules/pypimirror/manifests/init.pp b/modules/pypimirror/manifests/init.pp deleted file mode 100644 index da0a008..0000000 --- a/modules/pypimirror/manifests/init.pp +++ /dev/null @@ -1,118 +0,0 @@ -class pypimirror ( $vhost_name = $fqdn, - $log_filename = "/var/log/pypimirror.log", - $mirror_file_path = "/var/lib/pypimirror", - $pip_download = "/var/lib/pip-download", - $pip_cache = "/var/cache/pip", - $git_source = "https://github.com", - $projects = [] ) -{ - - include apache - include pip - include remove_nginx - - package { 'python-yaml': - ensure => 'present' - } - - package { 'pip': - ensure => present, - provider => 'pip', - require => Class[pip] - } - - file { '/usr/local/mirror_scripts': - ensure => 'directory', - mode => 755, - owner => 'root', - group => 'root', - } - - file { $pip_download: - ensure => 'directory', - mode => 755, - owner => 'root', - group => 'root', - } - - file { $pip_cache: - ensure => 'directory', - mode => 755, - owner => 'root', - group => 'root', - } - - file { '/etc/openstackci': - ensure => "directory", - owner => "root", - } - - file { '/etc/openstackci/projects.yaml': - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => 'puppet:///openstack_project/review.projects.yaml', - replace => true, - } - - file { '/usr/local/mirror_scripts/run-mirror.sh': - ensure => present, - mode => 755, - owner => 'root', - group => 'root', - content => template('pypimirror/run-mirror.sh.erb'), - require => File['/usr/local/mirror_scripts'], - } - - file { '/usr/local/mirror_scripts/run_mirror.py': - ensure => present, - mode => 755, - owner => 'root', - group => 'root', - source => "puppet:///modules/pypimirror/run_mirror.py", - require => File['/usr/local/mirror_scripts'], - } - - file { '/usr/local/mirror_scripts/pull-repo.sh': - ensure => present, - mode => 755, - owner => 'root', - group => 'root', - source => "puppet:///modules/pypimirror/pull-repo.sh", - require => File['/usr/local/mirror_scripts'], - } - - file { '/usr/local/mirror_scripts/process_cache.py': - ensure => present, - mode => 755, - owner => 'root', - group => 'root', - source => "puppet:///modules/pypimirror/process_cache.py", - require => File['/usr/local/mirror_scripts'], - } - - # Add cron job to update the mirror - - cron { "update_mirror": - user => root, - minute => "0", - command => '/usr/local/mirror_scripts/run-mirror.sh', - require => File["/usr/local/mirror_scripts/run-mirror.sh"], - } - - # Rotate the mirror log file - - include logrotate - logrotate::file {"pypimirror": - log => $log_filename, - options => ["compress", "delaycompress", "missingok", "rotate 7", "daily", "notifempty"], - require => Cron["update_mirror"], - } - - apache::vhost { $vhost_name: - port => 80, - docroot => $mirror_file_path, - priority => 50, - } -} diff --git a/modules/pypimirror/templates/run-mirror.sh.erb b/modules/pypimirror/templates/run-mirror.sh.erb deleted file mode 100644 index 0c2b25b..0000000 --- a/modules/pypimirror/templates/run-mirror.sh.erb +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -# This file is managed by puppet. -# https://github.com/openstack/openstack-ci-puppet - -export PIP_DOWNLOAD_CACHE=<%= pip_cache %> -export PIP_TEMP_DOWNLOAD=<%= pip_download %> -export MIRROR_FILE_PATH=<%= mirror_file_path %> -export LOG_FILENAME=<%= log_filename %> -python /usr/local/mirror_scripts/run_mirror.py <%= git_source %> >>$LOG_FILENAME -python /usr/local/mirror_scripts/process_cache.py ${PIP_DOWNLOAD_CACHE} ${MIRROR_FILE_PATH} diff --git a/modules/remove_nginx/manifests/init.pp b/modules/remove_nginx/manifests/init.pp deleted file mode 100644 index a55ffac..0000000 --- a/modules/remove_nginx/manifests/init.pp +++ /dev/null @@ -1,11 +0,0 @@ -class remove_nginx { - package { 'nginx': - ensure => absent, - } - file { "/etc/nginx/sites-available/default": - ensure => absent, - } - service { 'nginx': - ensure => stopped - } -} diff --git a/modules/snmpd/files/snmpd.conf b/modules/snmpd/files/snmpd.conf deleted file mode 100644 index 8c9ecb4..0000000 --- a/modules/snmpd/files/snmpd.conf +++ /dev/null @@ -1,195 +0,0 @@ -# This file is managed by puppet. - -############################################################################### -# -# EXAMPLE.conf: -# An example configuration file for configuring the Net-SNMP agent ('snmpd') -# See the 'snmpd.conf(5)' man page for details -# -# Some entries are deliberately commented out, and will need to be explicitly activated -# -############################################################################### -# -# AGENT BEHAVIOUR -# - -# Listen for connections from the local system only -#agentAddress udp:127.0.0.1:161 -# Listen for connections on all interfaces (both IPv4 *and* IPv6) -#agentAddress udp:161,udp6:[::1]:161 - - - -############################################################################### -# -# SNMPv3 AUTHENTICATION -# -# Note that these particular settings don't actually belong here. -# They should be copied to the file /var/lib/snmp/snmpd.conf -# and the passwords changed, before being uncommented in that file *only*. -# Then restart the agent - -# createUser authOnlyUser MD5 "remember to change this password" -# createUser authPrivUser SHA "remember to change this one too" DES -# createUser internalUser MD5 "this is only ever used internally, but still change the password" - -# If you also change the usernames (which might be sensible), -# then remember to update the other occurances in this example config file to match. - - - -############################################################################### -# -# ACCESS CONTROL -# - - # system + hrSystem groups only -view systemonly included .1.3.6.1.2.1.1 -view systemonly included .1.3.6.1.2.1.25.1 - - # Full access from the local host -#rocommunity public localhost - # Default access to basic system info -rocommunity public default - - # Full access from an example network - # Adjust this network address to match your local - # settings, change the community string, - # and check the 'agentAddress' setting above -#rocommunity secret 10.0.0.0/16 - - # Full read-only access for SNMPv3 -# rouser authOnlyUser - # Full write access for encrypted requests - # Remember to activate the 'createUser' lines above -#rwuser authPrivUser priv - -# It's no longer typically necessary to use the full 'com2sec/group/access' configuration -# r[ou]user and r[ow]community, together with suitable views, should cover most requirements - - - -############################################################################### -# -# SYSTEM INFORMATION -# - -# Note that setting these values here, results in the corresponding MIB objects being 'read-only' -# See snmpd.conf(5) for more details -sysLocation Sitting on the Dock of the Bay -sysContact Me - # Application + End-to-End layers -sysServices 72 - - -# -# Process Monitoring -# - # At least one 'mountd' process -proc mountd - # No more than 4 'ntalkd' processes - 0 is OK -proc ntalkd 4 - # At least one 'sendmail' process, but no more than 10 -proc sendmail 10 1 - -# Walk the UCD-SNMP-MIB::prTable to see the resulting output -# Note that this table will be empty if there are no "proc" entries in the snmpd.conf file - - -# -# Disk Monitoring -# - # 10MBs required on root disk, 5% free on /var, 10% free on all other disks -disk / 10000 -disk /var 5% -includeAllDisks 10% - -# Walk the UCD-SNMP-MIB::dskTable to see the resulting output -# Note that this table will be empty if there are no "disk" entries in the snmpd.conf file - - -# -# System Load -# - # Unacceptable 1-, 5-, and 15-minute load averages -load 12 10 5 - -# Walk the UCD-SNMP-MIB::laTable to see the resulting output -# Note that this table *will* be populated, even without a "load" entry in the snmpd.conf file - - - -############################################################################### -# -# ACTIVE MONITORING -# - - # send SNMPv1 traps -# trapsink localhost public - # send SNMPv2c traps -#trap2sink localhost public - # send SNMPv2c INFORMs -#informsink localhost public - -# Note that you typically only want *one* of these three lines -# Uncommenting two (or all three) will result in multiple copies of each notification. - - -# -# Event MIB - automatically generate alerts -# - # Remember to activate the 'createUser' lines above -#iquerySecName internalUser -#rouser internalUser - # generate traps on UCD error conditions -#defaultMonitors yes - # generate traps on linkUp/Down -#linkUpDownNotifications yes - - - -############################################################################### -# -# EXTENDING THE AGENT -# - -# -# Arbitrary extension commands -# -# extend test1 /bin/echo Hello, world! -# extend-sh test2 echo Hello, world! ; echo Hi there ; exit 35 -#extend-sh test3 /bin/sh /tmp/shtest - -# Note that this last entry requires the script '/tmp/shtest' to be created first, -# containing the same three shell commands, before the line is uncommented - -# Walk the NET-SNMP-EXTEND-MIB tables (nsExtendConfigTable, nsExtendOutput1Table -# and nsExtendOutput2Table) to see the resulting output - -# Note that the "extend" directive supercedes the previous "exec" and "sh" directives -# However, walking the UCD-SNMP-MIB::extTable should still returns the same output, -# as well as the fuller results in the above tables. - - -# -# "Pass-through" MIB extension command -# -#pass .1.3.6.1.4.1.8072.2.255 /bin/sh PREFIX/local/passtest -#pass .1.3.6.1.4.1.8072.2.255 /usr/bin/perl PREFIX/local/passtest.pl - -# Note that this requires one of the two 'passtest' scripts to be installed first, -# before the appropriate line is uncommented. -# These scripts can be found in the 'local' directory of the source distribution, -# and are not installed automatically. - -# Walk the NET-SNMP-PASS-MIB::netSnmpPassExamples subtree to see the resulting output - - -# -# AgentX Sub-agents -# - # Run as an AgentX master agent -# master agentx - # Listen for network connections (from localhost) - # rather than the default named socket /var/agentx/master -#agentXSocket tcp:localhost:705 diff --git a/modules/snmpd/files/snmpd.init b/modules/snmpd/files/snmpd.init deleted file mode 100755 index 4196538..0000000 --- a/modules/snmpd/files/snmpd.init +++ /dev/null @@ -1,102 +0,0 @@ -#! /bin/sh -e -### BEGIN INIT INFO -# Provides: snmpd snmptrapd -# Required-Start: $network $remote_fs $syslog -# Required-Stop: $network $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: SNMP agents -# Description: NET SNMP (Simple Network Management Protocol) Agents -### END INIT INFO -# -# Author: Jochen Friedrich -# -set -e - -. /lib/lsb/init-functions - -export PATH=/sbin:/usr/sbin:/bin:/usr/bin - -test -x /usr/sbin/snmpd || exit 0 -test -x /usr/sbin/snmptrapd || exit 0 - -# Defaults -export MIBDIRS=/usr/share/mibs/site:/usr/share/snmp/mibs:/usr/share/mibs/iana:/usr/share/mibs/ietf:/usr/share/mibs/netsnmp -SNMPDRUN=yes -SNMPDOPTS='-Lsd -Lf /dev/null -p /var/run/snmpd.pid' -TRAPDRUN=no -TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' - -# Reads config file (will override defaults above) -[ -r /etc/default/snmpd ] && . /etc/default/snmpd - -# Cd to / before starting any daemons. -cd / - -# Create compatibility link to old AgentX socket location -if [ "$SNMPDCOMPAT" = "yes" ] && [ "$1" != status ]; then - ln -sf /var/agentx/master /var/run/agentx -fi - -case "$1" in - start) - log_daemon_msg "Starting network management services:" - if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then - start-stop-daemon --quiet --start --oknodo --exec /usr/sbin/snmpd \ - -- $SNMPDOPTS - log_progress_msg " snmpd" - fi - if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf ]; then - start-stop-daemon --quiet --start --oknodo --exec /usr/sbin/snmptrapd \ - -- $TRAPDOPTS - log_progress_msg " snmptrapd" - fi - ;; - stop) - log_daemon_msg "Stopping network management services:" - start-stop-daemon --quiet --stop --oknodo --exec /usr/sbin/snmpd - log_progress_msg " snmpd" - start-stop-daemon --quiet --stop --oknodo --exec /usr/sbin/snmptrapd - log_progress_msg " snmptrapd" - ;; - restart) - log_daemon_msg "Restarting network management services:" - start-stop-daemon --quiet --stop --oknodo --exec /usr/sbin/snmpd - start-stop-daemon --quiet --stop --oknodo --exec /usr/sbin/snmptrapd - # Allow the daemons time to exit completely. - sleep 2 - if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then - start-stop-daemon --quiet --start --exec /usr/sbin/snmpd -- $SNMPDOPTS - log_progress_msg " snmpd" - fi - if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf ]; then - # Allow snmpd time to start up. - sleep 1 - start-stop-daemon --quiet --start --exec /usr/sbin/snmptrapd -- $TRAPDOPTS - log_progress_msg " snmptrapd" - fi - ;; - reload|force-reload) - log_daemon_msg "Reloading network management services:" - if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then - start-stop-daemon --quiet --stop --signal 1 \ - --pidfile /var/run/snmpd.pid --exec /usr/sbin/snmpd - log_progress_msg " snmpd" - fi - ;; - status) - status=0 - if [ "$SNMPDRUN" = "yes" -a -f /etc/snmp/snmpd.conf ]; then - status_of_proc /usr/sbin/snmpd snmpd || status=$? - fi - if [ "$TRAPDRUN" = "yes" -a -f /etc/snmp/snmptrapd.conf ]; then - status_of_proc /usr/sbin/snmptrapd snmptrapd || status=$? - fi - exit $status - ;; - *) - echo "Usage: /etc/init.d/snmpd {start|stop|restart|reload|force-reload|status}" - exit 1 -esac - -exit 0 diff --git a/modules/snmpd/manifests/init.pp b/modules/snmpd/manifests/init.pp deleted file mode 100644 index 168596a..0000000 --- a/modules/snmpd/manifests/init.pp +++ /dev/null @@ -1,30 +0,0 @@ -class snmpd { - package { snmpd: ensure => present } - service { snmpd: - ensure => running, - hasrestart => true, - require => [File["/etc/snmp/snmpd.conf"], - File["/etc/init.d/snmpd"]] - } - # This file is only needed on machines pre-precise. There is a bug in - # the previous init script versions which causes them to attempt - # snmptrapd even if it's configured not to run, and then to report - # failure. - file { "/etc/init.d/snmpd": - owner => 'root', - group => 'root', - mode => 755, - ensure => 'present', - source => 'puppet:///modules/snmpd/snmpd.init', - replace => 'true', - require => Package[snmpd] - } - file { "/etc/snmp/snmpd.conf": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => 'puppet:///modules/snmpd/snmpd.conf', - replace => 'true', - } -} diff --git a/modules/ssh/files/sshd_config b/modules/ssh/files/sshd_config deleted file mode 100644 index bb7429a..0000000 --- a/modules/ssh/files/sshd_config +++ /dev/null @@ -1,86 +0,0 @@ -# Package generated configuration file -# See the sshd_config(5) manpage for details - -# What ports, IPs and protocols we listen for -Port 22 -# Use these options to restrict which interfaces/protocols sshd will bind to -#ListenAddress :: -#ListenAddress 0.0.0.0 -Protocol 2 -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key -#Privilege Separation is turned on for security -UsePrivilegeSeparation yes - -# Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 - -# Logging -SyslogFacility AUTH -LogLevel INFO - -# Authentication: -LoginGraceTime 120 -PermitRootLogin no -StrictModes yes - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys - -# Don't read the user's ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no -# similar for protocol version 2 -HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes - -# To enable empty passwords, change to yes (NOT RECOMMENDED) -PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Change to no to disable tunnelled clear text passwords -PasswordAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosGetAFSToken no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -X11Forwarding yes -X11DisplayOffset 10 -PrintMotd no -PrintLastLog yes -TCPKeepAlive yes -#UseLogin no - -#MaxStartups 10:30:60 -#Banner /etc/issue.net - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -Subsystem sftp /usr/lib/openssh/sftp-server - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp deleted file mode 100644 index b3f17bd..0000000 --- a/modules/ssh/manifests/init.pp +++ /dev/null @@ -1,19 +0,0 @@ -class ssh { - package { openssh-server: ensure => present } - service { ssh: - ensure => running, - hasrestart => true, - subscribe => File["/etc/ssh/sshd_config"], - } - file { "/etc/ssh/sshd_config": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => [ - "puppet:///modules/ssh/sshd_config.$operatingsystem", - "puppet:///modules/ssh/sshd_config" - ], - replace => 'true', - } -} diff --git a/modules/sudoers/files/sudoers b/modules/sudoers/files/sudoers deleted file mode 100644 index d5f2ccb..0000000 --- a/modules/sudoers/files/sudoers +++ /dev/null @@ -1,25 +0,0 @@ -# /etc/sudoers -# -# This file MUST be edited with the 'visudo' command as root. -# -# See the man page for details on how to write a sudoers file. -# - -Defaults env_reset - -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification -root ALL=(ALL) ALL - -# Allow members of group sudo to execute any command after they have -# provided their password -# (Note that later entries override this, so you might need to move -# it further down) -%sudo ALL=(ALL) NOPASSWD: ALL -# -#includedir /etc/sudoers.d diff --git a/modules/sudoers/manifests/init.pp b/modules/sudoers/manifests/init.pp deleted file mode 100644 index fe927e0..0000000 --- a/modules/sudoers/manifests/init.pp +++ /dev/null @@ -1,17 +0,0 @@ -class sudoers { - group { 'sudo': - ensure => 'present' - } - group { 'admin': - ensure => 'present' - } - - file { '/etc/sudoers': - owner => 'root', - group => 'root', - mode => 440, - ensure => 'present', - source => "puppet:///modules/sudoers/sudoers", - replace => 'true', - } -} diff --git a/modules/tmpreaper/files/tmpreaper-cron.daily b/modules/tmpreaper/files/tmpreaper-cron.daily deleted file mode 100755 index 8790e30..0000000 --- a/modules/tmpreaper/files/tmpreaper-cron.daily +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/sh -PATH=/usr/sbin:/usr/bin:/sbin:/bin - -# in case of `dpkg -r' leaving conffile. -if ! [ -x /usr/sbin/tmpreaper ]; then - exit 0 -fi - -# Remove `/tmp/...' files not accessed in X time (configured in -# /etc/tmpreaper.conf, default 7 days), protecting the .X, .ICE, .iroha and -# .ki2 files; but removing symlinks. For directories not the access time, but -# the modification time is used (--mtime-dir), as reading a directory to check -# the contents will update the access time! -# -# In the default, /tmp/. is used, not the plain /tmp you might expect, as this -# accomodates the situation where /tmp is a symlink to some other place. -# -# Note that the sockets are safe even without the `--protect', unless `--all' -# is given, and the `.X*-lock' files would be safe also, as long as they have -# no write permissions, so this particular protect is mainly illustrative, and -# redundant. For best results, don't try to get fancy with the moustache -# expansions. KISS. Always --test your protect patterns. -# -# Immutable files (such as ext3fs' .journal) are not (cannot be) removed; -# when such a file is encountered when trying to remove it, no error is given -# unless you use the --verbose option in which case a message is given. -# -# In case you're wondering: .iroha is for cannaserver and .ki2 is for kinput2 -# (japanese software, lock files). -# journal.dat is for (older) ext3 filesystems -# quota.user, quota.group is for (duh) quotas. - -# Set config defaults -SHOWWARNING='' - -# get the TMPREAPER_TIME value from /etc/default/rcS - -if grep '^TMPTIME=' /etc/default/rcS >/dev/null 2>&1; then - eval $(grep '^TMPTIME=' /etc/default/rcS) - if [ -n "$TMPTIME" ]; then - # Don't clean files if TMPTIME is negative or 'infinite' - # to mimic the way /lib/init/bootclean.sh works. - case "$TMPTIME" in - -*|infinite|infinity) - # don't use this as default - ;; - *) - if [ "$TMPTIME" -gt 0 ]; then - TMPREAPER_TIME=${TMPTIME}d - else - TMPREAPER_TIME=7d - fi - ;; - esac - fi -fi - -# ! Important ! The "set -f" below prevents the shell from expanding -# file paths, which is vital for the configuration below to work. - -set -f - -# preserve environment setting of TMPREAPER_DELAY to allow manual override when -# running the cron.daily script by hand: -if [ -n "$TMPREAPER_DELAY" ]; then - # check for digits only - case "$TMPREAPER_DELAY" in - [0-9]*) TMPREAPER_DELAY_SAVED="$TMPREAPER_DELAY";; - *) ;; - esac -fi - -if [ -s /etc/tmpreaper.conf ]; then - . /etc/tmpreaper.conf -fi - -# Now restore the saved value of TMPREAPER_DELAY (if any): -if [ -n "$TMPREAPER_DELAY_SAVED" ]; then - TMPREAPER_DELAY="$TMPREAPER_DELAY_SAVED" -else - # set default in case it's not given in tmpreaper.conf: - TMPREAPER_DELAY=${TMPREAPER_DELAY:-256} -fi - -if [ "$SHOWWARNING" = true ]; then - echo "Please read /usr/share/doc/tmpreaper/README.security.gz first;" - echo "edit /etc/tmpreaper.conf to remove this message (look for SHOWWARNING)." - exit 0 -fi - -# Verify that these variables are set, and if not, set them to default values -# This will work even if the required lines are not specified in the included -# file above, but the file itself does exist. -TMPREAPER_TIME=${TMPREAPER_TIME:-7d} -TMPREAPER_PROTECT_EXTRA=${TMPREAPER_PROTECT_EXTRA:-''} -TMPREAPER_DIRS=${TMPREAPER_DIRS:-'/tmp/.'} - -nice -n10 tmpreaper --delay=$TMPREAPER_DELAY --mtime-dir --symlinks $TMPREAPER_TIME \ - $TMPREAPER_ADDITIONALOPTIONS \ - --ctime \ - --protect '/tmp/.X*-{lock,unix,unix/*}' \ - --protect '/tmp/.ICE-{unix,unix/*}' \ - --protect '/tmp/.iroha_{unix,unix/*}' \ - --protect '/tmp/.ki2-{unix,unix/*}' \ - --protect '/tmp/lost+found' \ - --protect '/tmp/journal.dat' \ - --protect '/tmp/quota.{user,group}' \ - `for i in $TMPREAPER_PROTECT_EXTRA; do echo --protect "$i"; done` \ - $TMPREAPER_DIRS diff --git a/modules/tmpreaper/files/tmpreaper.conf b/modules/tmpreaper/files/tmpreaper.conf deleted file mode 100644 index d051a02..0000000 --- a/modules/tmpreaper/files/tmpreaper.conf +++ /dev/null @@ -1,46 +0,0 @@ -# tmpreaper.conf -# - local configuration for tmpreaper's daily run -# -# This is only used if /etc/cron.daily/tmpreaper was also updated, -# i.e. there's a line ". /etc/tmpreaper.conf" in that file. -# The shell code that used to be here (pre version 1.6.7) is now -# in the cron.daily script. - -# Remove the next line if you understand the possible security implications of -# having tmpreaper run automatically; -# see /usr/share/doc/tmpreaper/README.security.gz -# SHOWWARNING=true -# -# TMPREAPER_TIME -# is the max. age of files before they're removed. -# default: -# the TMPTIME value in /etc/default/rcS if it's there, else -# TMPREAPER_TIME=7d (for 7 days) -# I recommend setting the value in /etc/default/rcS, as -# that is used to clean out /tmp whenever the system is booted. -# -# TMPREAPER_PROTECT_EXTRA -# are extra patterns that you may want to protect. -# Example: -# TMPREAPER_PROTECT_EXTRA='/tmp/isdnctrl* /tmp/important*' -# -# TMPREAPER_DIRS -# are the directories to clean up. -# *never* supply / here! That will wipe most of your system! -# Example: -# TMPREAPER_DIRS='/tmp/. /var/tmp/.' -# -# TMPREAPER_DELAY -# defines the maximum (randomized) delay before starting processing. -# See the manpage entry for --delay. Default is 256. -# Example: -# TMPREAPER_DELAY='256' -# -# TMPREAPER_ADDITIONALOPTIONS -# extra options that are passed to tmpreaper, e.g. --all - -TMPREAPER_PROTECT_EXTRA='' -TMPREAPER_DIRS='/tmp/.' -TMPREAPER_DELAY='256' -TMPREAPER_ADDITIONALOPTIONS='' -TMPREAPER_TIME=1d diff --git a/modules/tmpreaper/manifests/init.pp b/modules/tmpreaper/manifests/init.pp deleted file mode 100644 index 3473aa7..0000000 --- a/modules/tmpreaper/manifests/init.pp +++ /dev/null @@ -1,23 +0,0 @@ -class tmpreaper() { - package { 'tmpreaper': - ensure => present, - } - - file { 'tmpreaper-cron.daily': - name => '/etc/cron.daily/tmpreaper', - ensure => 'present', - owner => 'root', - group => 'root', - mode => 755, - source => 'puppet:///modules/tmpreaper/tmpreaper-cron.daily', - } - - file { 'tmpreaper.conf': - name => '/etc/tmpreaper.conf', - ensure => 'present', - owner => 'root', - group => 'root', - mode => 644, - source => 'puppet:///modules/tmpreaper/tmpreaper.conf', - } -} diff --git a/modules/ulimit/manifests/conf.pp b/modules/ulimit/manifests/conf.pp deleted file mode 100644 index 96ef42f..0000000 --- a/modules/ulimit/manifests/conf.pp +++ /dev/null @@ -1,17 +0,0 @@ -define ulimit::conf ( - $limit_domain, - $limit_item, - $limit_value, - $limit_type = 'soft', -) { - - file { "/etc/security/limits.d/99-${limit_domain}-${limit_type}-${limit_item}.conf": - ensure => present, - content => template('ulimit/limits.erb'), - replace => true, - owner => 'root', - mode => 0644, - require => File['/etc/security/limits.d'] - } - -} diff --git a/modules/ulimit/manifests/init.pp b/modules/ulimit/manifests/init.pp deleted file mode 100644 index 54ae9cb..0000000 --- a/modules/ulimit/manifests/init.pp +++ /dev/null @@ -1,13 +0,0 @@ -class ulimit { - - package { ['libpam-modules', 'libpam-modules-bin']: - ensure => present - } - - file { '/etc/security/limits.d': - ensure => directory, - owner => 'root', - mode => 0755 - } - -} diff --git a/modules/ulimit/templates/limits.erb b/modules/ulimit/templates/limits.erb deleted file mode 100644 index db7fabc..0000000 --- a/modules/ulimit/templates/limits.erb +++ /dev/null @@ -1,2 +0,0 @@ -# This file is managed by puppet. Manual changes will be ignored. -<%= limit_domain %> <%= limit_type %> <%= limit_item %> <%= limit_value %> diff --git a/modules/unattended_upgrades/files/10periodic b/modules/unattended_upgrades/files/10periodic deleted file mode 100644 index 83f51c6..0000000 --- a/modules/unattended_upgrades/files/10periodic +++ /dev/null @@ -1,6 +0,0 @@ -APT::Periodic::Enable "1"; -APT::Periodic::Update-Package-Lists "1"; -APT::Periodic::Download-Upgradeable-Packages "1"; -APT::Periodic::AutocleanInterval "5"; -APT::Periodic::Unattended-Upgrade "1"; -APT::Periodic::RandomSleep "1800"; diff --git a/modules/unattended_upgrades/files/50unattended-upgrades b/modules/unattended_upgrades/files/50unattended-upgrades deleted file mode 100644 index 0a09ce0..0000000 --- a/modules/unattended_upgrades/files/50unattended-upgrades +++ /dev/null @@ -1,30 +0,0 @@ -// Automatically upgrade packages from these (origin, archive) pairs -Unattended-Upgrade::Allowed-Origins { - // ${distro_id} and ${distro_codename} will be automatically expanded - "${distro_id} stable"; - "${distro_id} ${distro_codename}-security"; - "${distro_id} ${distro_codename}-updates"; -// "${distro_id} ${distro_codename}-proposed-updates"; -}; - -// List of packages to not update -Unattended-Upgrade::Package-Blacklist { -// "vim"; -// "libc6"; -// "libc6-dev"; -// "libc6-i686"; -}; - -// Send email to this address for problems or packages upgrades -// If empty or unset then no email is sent, make sure that you -// have a working mail setup on your system. The package 'mailx' -// must be installed or anything that provides /usr/bin/mail. -Unattended-Upgrade::Mail "root"; - -// Do automatic removal of new unused dependencies after the upgrade -// (equivalent to apt-get autoremove) -//Unattended-Upgrade::Remove-Unused-Dependencies "false"; - -// Automatically reboot *WITHOUT CONFIRMATION* if a -// the file /var/run/reboot-required is found after the upgrade -//Unattended-Upgrade::Automatic-Reboot "false"; diff --git a/modules/unattended_upgrades/manifests/init.pp b/modules/unattended_upgrades/manifests/init.pp deleted file mode 100644 index 74b6e95..0000000 --- a/modules/unattended_upgrades/manifests/init.pp +++ /dev/null @@ -1,28 +0,0 @@ -class unattended_upgrades($ensure = present) { - package { 'unattended-upgrades': - ensure => $ensure; - } - - package { 'mailutils': - ensure => $ensure; - } - - file { '/etc/apt/apt.conf.d/10periodic': - owner => 'root', - group => 'root', - mode => 444, - ensure => $ensure, - source => "puppet:///modules/unattended_upgrades/10periodic", - replace => 'true', - } - - file { '/etc/apt/apt.conf.d/50unattended-upgrades': - owner => 'root', - group => 'root', - mode => 444, - ensure => $ensure, - source => "puppet:///modules/unattended_upgrades/50unattended-upgrades", - replace => 'true', - } - -} diff --git a/modules/user/manifests/init.pp b/modules/user/manifests/init.pp deleted file mode 100644 index e69de29..0000000 diff --git a/modules/user/manifests/virtual.pp b/modules/user/manifests/virtual.pp deleted file mode 100644 index 27b772e..0000000 --- a/modules/user/manifests/virtual.pp +++ /dev/null @@ -1,38 +0,0 @@ -class user::virtual { - define localuser ($realname,$sshkeys='',$shell="/bin/bash") { - group { $title: - ensure => 'present' - } - - user { $title: - ensure => "present", - comment => $realname, - home => "/home/$title", - shell => $shell, - gid => $title, - groups => ['sudo','admin'], - membership => 'minimum', - managehome => true, # creates the home directory (does not actually manage it) - require => Group[$title], - } - - file { "${title}_sshdir": - name => "/home/$title/.ssh", - owner => $title, - group => $title, - mode => 700, - ensure => 'directory', - require => User[$title], - } - - file { "${title}_keys": - name => "/home/$title/.ssh/authorized_keys", - owner => $title, - group => $title, - mode => 400, - content => $sshkeys, - ensure => 'present', - require => File["${title}_sshdir"], - } - } -} diff --git a/modules/zuul/files/zuul.init b/modules/zuul/files/zuul.init deleted file mode 100755 index 1572d05..0000000 --- a/modules/zuul/files/zuul.init +++ /dev/null @@ -1,154 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: zuul -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Zuul -# Description: Trunk gating system -### END INIT INFO - -# Do NOT "set -e" - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="Zuul" -NAME=zuul -DAEMON=/usr/local/bin/zuul-server -PIDFILE=/var/run/$NAME/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME -USER=jenkins - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - - mkdir -p /var/run/$NAME - chown $USER /var/run/$NAME - start-stop-daemon --start --quiet --pidfile $PIDFILE -c $USER --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE -c $USER --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --signal 9 --pidfile $PIDFILE - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - rm -f /var/run/$NAME/* - return "$RETVAL" -} - -# -# Function that stops the daemon/service -# -do_graceful_stop() -{ - PID=`cat $PIDFILE` - kill -10 $PID - - # wait until really stopped - if [ -n "${PID:-}" ]; then - while kill -0 "${PID:-}" 2> /dev/null; do - if [ $i = '0' ]; then - echo -n " ... waiting " - else - echo -n "." - fi - sleep 1 - done - fi -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name zuul-server - return 0 -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - reload|force-reload) - # - # If do_reload() is not implemented then leave this commented out - # and leave 'force-reload' as an alias for 'restart'. - # - log_daemon_msg "Reloading $DESC" "$NAME" - do_reload - log_end_msg $? - ;; - restart) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_graceful_stop - do_start - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/modules/zuul/manifests/init.pp b/modules/zuul/manifests/init.pp deleted file mode 100644 index bafcf57..0000000 --- a/modules/zuul/manifests/init.pp +++ /dev/null @@ -1,81 +0,0 @@ -class zuul ( - $jenkins_server, - $jenkins_user, - $jenkins_apikey, - $gerrit_server, - $gerrit_user -) { - $packages = ["python-webob", - "python-daemon", - "python-paste"] - - package { $packages: - ensure => "present", - } - - vcsrepo { "/opt/zuul": - ensure => latest, - provider => git, - revision => "master", - source => "https://github.com/openstack-ci/zuul.git", - } - - exec { "install_zuul": - command => "python setup.py install", - cwd => "/opt/zuul", - path => "/bin:/usr/bin", - refreshonly => true, - subscribe => Vcsrepo["/opt/zuul"], - } - - file { "/etc/zuul": - ensure => "directory", - } - -# TODO: We should put in notify either Service['zuul'] or Exec['zuul-reload'] -# at some point, but that still has some problems. - file { "/etc/zuul/zuul.conf": - owner => 'jenkins', - mode => 400, - ensure => 'present', - content => template('zuul/zuul.conf.erb'), - require => File["/etc/zuul"], - } - - file { "/var/log/zuul": - ensure => "directory", - owner => 'jenkins' - } - - file { "/var/run/zuul": - ensure => "directory", - owner => 'jenkins' - } - - file { "/var/lib/zuul": - ensure => "directory", - owner => 'jenkins' - } - - file { "/etc/init.d/zuul/": - owner => 'root', - group => 'root', - mode => 555, - ensure => 'present', - source => 'puppet:///modules/zuul/zuul.init', - } - - exec { "zuul-reload": - command => '/etc/init.d/zuul reload', - require => File['/etc/init.d/zuul'], - refreshonly => true, - } - - service { 'zuul': - name => 'zuul', - enable => true, - hasrestart => true, - require => File['/etc/init.d/zuul'], - } - -} diff --git a/modules/zuul/templates/zuul.conf.erb b/modules/zuul/templates/zuul.conf.erb deleted file mode 100644 index ffe31c3..0000000 --- a/modules/zuul/templates/zuul.conf.erb +++ /dev/null @@ -1,14 +0,0 @@ -[jenkins] -server=<%= jenkins_server %> -user=<%= jenkins_user %> -apikey=<%= jenkins_apikey %> - -[gerrit] -server=<%= gerrit_server %> -user=<%= gerrit_user %> -sshkey=/var/lib/jenkins/.ssh/id_rsa - -[zuul] -layout_config=/etc/zuul/layout.yaml -log_config=/etc/zuul/logging.conf -state_dir=/var/lib/zuul diff --git a/run_puppet.sh b/run_puppet.sh deleted file mode 100644 index 5274a13..0000000 --- a/run_puppet.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -if ! test -z $1 ; then - BASE_DIR=$1 -else - BASE_DIR=`pwd` -fi - -MODULE_DIR=${BASE_DIR}/modules -MODULE_PATH=${MODULE_DIR}:/etc/puppet/modules -MANIFEST_LOG=/var/log/manifest.log - -cd $BASE_DIR -/usr/bin/git pull -q && \ - /bin/bash install_modules.sh && \ - /usr/bin/puppet apply -l $MANIFEST_LOG --modulepath=$MODULE_PATH manifests/site.pp diff --git a/setup.py b/setup.py deleted file mode 100644 index 27ab208..0000000 --- a/setup.py +++ /dev/null @@ -1,26 +0,0 @@ -import datetime -from setuptools import setup - -ci_cmdclass = {} - -try: - from sphinx.setup_command import BuildDoc - - class local_BuildDoc(BuildDoc): - def run(self): - for builder in ['html', 'man']: - self.builder = builder - self.finalize_options() - BuildDoc.run(self) - ci_cmdclass['build_sphinx'] = local_BuildDoc -except Exception: - pass - -setup(name='nova', - version="%d.%02d" % (datetime.datetime.now().year, - datetime.datetime.now().month), - description="OpenStack Continuous Integration Scripts", - author="OpenStack CI Team", - author_email="openstack-ci@lists.launchpad.net", - url="http://launchpad.net/openstack-ci", - cmdclass=ci_cmdclass) diff --git a/modules/jenkins_slave/templates/cgconfig.erb b/templates/cgconfig.erb similarity index 100% rename from modules/jenkins_slave/templates/cgconfig.erb rename to templates/cgconfig.erb diff --git a/templates/jenkins.vhost.erb b/templates/jenkins.vhost.erb new file mode 100644 index 0000000..e2b568c --- /dev/null +++ b/templates/jenkins.vhost.erb @@ -0,0 +1,46 @@ +:80> + ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-error.log + + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-access.log combined + + Redirect / https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/ + + + +:443> + ServerName <%= scope.lookupvar("::jenkins::master::vhost_name") %> + ServerAdmin <%= scope.lookupvar("::jenkins::master::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-error.log + + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("::jenkins::master::vhost_name") %>-ssl-access.log combined + + SSLEngine on + + SSLCertificateFile <%= scope.lookupvar("::jenkins::master::ssl_cert_file") %> + SSLCertificateKeyFile <%= scope.lookupvar("::jenkins::master::ssl_key_file") %> + <% if scope.lookupvar("::jenkins::master::ssl_chain_file") != "" %> + SSLCertificateChainFile <%= scope.lookupvar("::jenkins::master::ssl_chain_file") %> + <% end %> + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + + RewriteEngine on + RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("::jenkins::master::vhost_name") %> + RewriteRule ^.*$ https://<%= scope.lookupvar("::jenkins::master::vhost_name") %>/ + + RewriteRule /zuul/status http://127.0.0.1:8001/status [P] + + ProxyPass / http://127.0.0.1:8080/ retry=0 + ProxyPassReverse / http://127.0.0.1:8080/ + diff --git a/modules/jenkins_job_builder/templates/jenkins_jobs.ini.erb b/templates/jenkins_jobs.ini.erb similarity index 100% rename from modules/jenkins_job_builder/templates/jenkins_jobs.ini.erb rename to templates/jenkins_jobs.ini.erb diff --git a/modules/jenkins_master/templates/openstack.js.erb b/templates/openstack.js.erb similarity index 100% rename from modules/jenkins_master/templates/openstack.js.erb rename to templates/openstack.js.erb diff --git a/test.sh b/test.sh deleted file mode 100644 index 4f4e091..0000000 --- a/test.sh +++ /dev/null @@ -1,16 +0,0 @@ -find . -iname '*.pp' | xargs puppet parser validate --modulepath=`pwd`/modules -for f in `find . -iname *.erb` ; do - erb -x -T '-' $f | ruby -c >/dev/null || echo "Error in $f" -done - -if [ ! -d applytest ] ; then - mkdir applytest -fi - -csplit -sf applytest/puppetapplytest manifests/site.pp '/^$/' {*} -sed -i -e 's/^[^[:space:]]/#&/g' applytest/puppetapplytest* -sed -i -e 's/hiera..listadmins../["admin"]/' applytest/puppetapplytest* -sed -i -e 's/hiera.*/PASSWORD,/' applytest/puppetapplytest* -for f in `find applytest -name 'puppetapplytest*' -print` ; do - puppet apply --modulepath=./modules:/etc/puppet/modules -v --noop --debug $f >/dev/null -done diff --git a/tools/rfc.sh b/tools/rfc.sh deleted file mode 100755 index ca98489..0000000 --- a/tools/rfc.sh +++ /dev/null @@ -1,136 +0,0 @@ -#!/bin/sh -e -# Copyright (c) 2010-2011 Gluster, Inc. -# This initial version of this file was taken from the source tree -# of GlusterFS. It was not directly attributed, but is assumed to be -# Copyright (c) 2010-2011 Gluster, Inc and release GPLv3 -# Subsequent modifications are Copyright (c) 2011 OpenStack, LLC. -# -# GlusterFS is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published -# by the Free Software Foundation; either version 3 of the License, -# or (at your option) any later version. -# -# GlusterFS is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see -# . - - -branch="master"; - -set_hooks_commit_msg() -{ - top_dir=`git rev-parse --show-toplevel` - f="${top_dir}/.git/hooks/commit-msg"; - u="https://review.openstack.org/tools/hooks/commit-msg"; - - if [ -x "$f" ]; then - return; - fi - - curl -o $f $u || wget -O $f $u; - - chmod +x $f; - - GIT_EDITOR=true git commit --amend -} - -add_remote() -{ - username=$1 - project=$2 - - echo "No remote set, testing ssh://$username@review.openstack.org:29418" - if ssh -p29418 -o StrictHostKeyChecking=no $username@review.openstack.org gerrit ls-projects >/dev/null 2>&1 - then - echo "$username@review.openstack.org:29418 worked." - echo "Creating a git remote called gerrit that maps to:" - echo " ssh://$username@review.openstack.org:29418/$project" - git remote add gerrit ssh://$username@review.openstack.org:29418/$project - return 0 - fi - return 1 -} - -check_remote() -{ - if ! git remote | grep gerrit >/dev/null 2>&1 - then - origin_project=`git remote show origin | grep 'Fetch URL' | perl -nle '@fields = split(m|[:/]|); $len = $#fields; print $fields[$len-1], "/", $fields[$len];'` - if add_remote $USERNAME $origin_project - then - return 0 - else - echo "Your local name doesn't work on Gerrit." - echo -n "Enter Gerrit username (same as launchpad): " - read gerrit_user - if add_remote $gerrit_user $origin_project - then - return 0 - else - echo "Can't infer where gerrit is - please set a remote named" - echo "gerrit manually and then try again." - echo - echo "For more information, please see:" - echo "\thttp://wiki.openstack.org/GerritWorkflow" - exit 1 - fi - fi - fi -} - -rebase_changes() -{ - git fetch; - - GIT_EDITOR=true git rebase -i origin/$branch || exit $?; -} - - -assert_diverge() -{ - if ! git diff origin/$branch..HEAD | grep -q . - then - echo "No changes between the current branch and origin/$branch." - exit 1 - fi -} - - -main() -{ - set_hooks_commit_msg; - - check_remote; - - rebase_changes; - - assert_diverge; - - bug=$(git show --format='%s %b' | perl -nle 'if (/\b([Bb]ug|[Ll][Pp])[\s#:]*(\d+)/) {print "$2"; exit}') - - bp=$(git show --format='%s %b' | perl -nle 'if (/\b([Bb]lue[Pp]rint|[Bb][Pp])[\s#:]*([0-9a-zA-Z-_]+)/) {print "$2"; exit}') - - if [ "$DRY_RUN" = 1 ]; then - drier='echo -e Please use the following command to send your commits to review:\n\n' - else - drier= - fi - - local_branch=`git branch | grep -Ei "\* (.*)" | cut -f2 -d' '` - if [ -z "$bug" ]; then - if [ -z "$bp" ]; then - $drier git push gerrit HEAD:refs/for/$branch/$local_branch; - else - $drier git push gerrit HEAD:refs/for/$branch/bp/$bp; - fi - else - $drier git push gerrit HEAD:refs/for/$branch/bug/$bug; - fi -} - -main "$@" diff --git a/tox.ini b/tox.ini deleted file mode 100644 index a898107..0000000 --- a/tox.ini +++ /dev/null @@ -1,10 +0,0 @@ -[tox] -envlist = pyflakes,pep8 - -[testenv:pyflakes] -deps = pyflakes -commands = pyflakes modules setup.py - -[testenv:pep8] -deps = pep8 -commands = pep8 --count --repeat --show-source --exclude=.tox setup.py