x/ci-cd-pipeline-app-murano
Code Issues Proposed changes

Merge "[Gerrit] Opestack-infra puppets based version"

Browse Source
This commit is contained in:
Renat Akhmerov 2016-03-17 12:57:47 +04:00 committed by Gerrit Code Review
commit e0d254c099
17 changed files with 306 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
murano-apps/Gerrit/Classes/Gerrit.yaml Normal file
View File

@ -0,0 +1,107 @@
Namespaces:
=: io.murano.opaas
std: io.murano
res: io.murano.resources
sys: io.murano.system
opaas: io.murano.opaas
puppet: io.murano.opaas.puppet
Name: Gerrit
Extends: std:Application
Properties:
instance:
Contract: $.class(puppet:PuppetInstance).notNull()
name:
Contract: $.string().notNull()
Methods:
initialize:
Body:
- $._environment: $.find(std:Environment).require()
deploy:
Body:
- $.super($.deploy())
- If: $.getAttr(deployed, false)
Then:
Return:
- $securityGroupIngress:
- ToPort: 80
FromPort: 80
IpProtocol: tcp
External: true
- ToPort: 8081
FromPort: 8081
IpProtocol: tcp
External: true
- ToPort: 443
FromPort: 443
IpProtocol: tcp
External: true
- $._environment.securityGroupManager.addGroupIngress($securityGroupIngress)
- $._environment.reporter.report($this, 'Creating VM for Gerrit {0}'.format($.instance.openstackId))
- $.instance.deploy()
- $._environment.reporter.report($this, 'Gerrit VM Created {0}'.format($.instance.openstackId))
- $._environment.reporter.report($this, 'Deploying Gerrit')
- $this.systemConfig: new(puppet:ProjectConfig)
- $this.systemConfig.installOnTheNode($this.instance)
- $.createConfiguration()
- $resources: new(sys:Resources)
- $template: $resources.yaml('DeployGerrit.template')
- $.instance.agent.call($template, $resources)
- $.setAttr(deployed, true)
- $._environment.reporter.report($this, format('Gerrit is available at {0}:80 or {1}:8081',
$.instance.floatingIpAddress, $.instance.floatingIpAddress))
createConfiguration:
Body:
- $.instance.setHieraValue( 'project_config_repo', 'https://github.com/mirademo/project-config.git')
- $.instance.setHieraValue( 'gerrit_github_token', 'f84013d50c69e60e902f748ea75c611695f35ef2')
- $.instance.setHieraValue( 'github_project_username', 'mirademo')
- $.instance.setHieraValue( 'github_project_password', 'github_project_password')
- $.instance.setHieraValue( 'gerrit_mysql_host', 'localhost')
- $.instance.setHieraValue( 'gerrit_email_private_key', 'gerrit_email_private_key')
- $.instance.setHieraValue( 'gerrit_rest_token_private_key', 'gerrit_rest_token_private_key45620')
- $.instance.setHieraValue( 'gerritbot_password', 'P@ssw0rd')
- $.instance.setHieraValue( 'gerritbot_ssh_rsa_key_contents', 'gerritbot_ssh_rsa_key_contents')
- $.instance.setHieraValue( 'gerritbot_ssh_rsa_pubkey_contents', 'gerritbot_ssh_rsa_pubkey_contents')
# - $.instance.setHieraValue( 'gerrit_ssl_cert_file_contents', 'gerrit_ssl_cert_file_contents')
# - $.instance.setHieraValue( 'gerrit_ssl_key_file_contents', 'gerrit_ssl_key_file_contents')
# - $.instance.setHieraValue( 'gerrit_ssl_chain_file_contents', 'gerrit_ssl_chain_file_contents')
- $.instance.setHieraValue( 'gerrit_ssh_dsa_key_contents', 'gerrit_ssh_dsa_key_contents')
- $.instance.setHieraValue( 'gerrit_ssh_dsa_pubkey_contents', 'gerrit_ssh_dsa_pubkey_contents')
- $.instance.setHieraValue( 'gerrit_ssh_rsa_key_contents', 'gerrit_ssh_rsa_key_contents')
- $.instance.setHieraValue( 'gerrit_ssh_rsa_pubkey_contents', 'gerrit_ssh_rsa_pubkey_contents')
- $.instance.setHieraValue( 'gerrit_ssh_project_rsa_key_contents', 'gerrit_ssh_project_rsa_key_contents')
- $.instance.setHieraValue( 'gerrit_ssh_project_rsa_pubkey_contents', 'gerrit_project_ssh_rsa_pubkey_contents')
- $.instance.setHieraValue( 'welcome_message_gerrit_ssh_private_key', 'welcome_message_gerrit_ssh_private_key')
- $.instance.setHieraValue( 'welcome_message_gerrit_ssh_public_key', 'welcome_message_gerrit_ssh_public_key')
- $.instance.setHieraValue( 'ssh_replication_rsa_key_contents', '')
- $.instance.setHieraValue( 'gerrit_replication_ssh_rsa_pubkey_contents', '')
- $.instance.setHieraValue( 'gerrit_lp_consumer_key', 'gerrit_lp_consumer_key')
- $.instance.setHieraValue( 'gerrit_lp_access_token', 'gerrit_lp_access_token')
- $.instance.setHieraValue( 'gerrit_lp_access_secret', 'gerrit_lp_access_secret')
- $.instance.setHieraValue( 'gerrit_notify_impact_file', '/etc/project-config/gerrit/notify_impact.yaml')
- $.instance.setHieraValue( 'gerrit_contactstore_appsec', 'gerrit_contactstore_appsec')
- $.instance.setHieraValue( 'gerrit_contactstore_pubkey', 'gerrit_contactstore_pubkey')
- $.instance.setHieraValue( 'gerrit_acls_dir', '/etc/project-config/gerrit/acls')
- $.instance.setHieraValue( 'gerrit_db_user', 'gerrit2')
- $.instance.setHieraValue( 'gerrit_db_password', '12345')
- $.instance.setHieraValue( 'gerrit_db_root_password', 'P@ssw0rd')
- $.instance.setHieraValue( 'swift_store_user', 'swift_store_user')
- $.instance.setHieraValue( 'swift_store_key', 'swift_store_key')
- $.instance.setHieraValue( 'jeepyb_project_file', '/etc/project-config/gerrit/projects.yaml')
- $.instance.setHieraValue( 'project_config_config_dir', '/etc/project-config/')
destroy:
Body:
- $.reportDestroyed()
- $.setAttr(deployed, false)

12
murano-apps/Gerrit/package/Resources/DeployGerrit.template → murano-apps/Gerrit/Resources/DeployGerrit.template
View File

@ -1,20 +1,20 @@
FormatVersion: 2.0.0
FormatVersion: 2.1.0
Version: 1.0.0
Name: Deploy Gerrit
Parameters:
warUrl: $warUrl
Body: |
return deploy('{0}'.format(args.warUrl)).stdout
return deploy().stdout
Scripts:
deploy:
Type: Application
Version: 1.0.0
EntryPoint: deployGerrit.sh
Files: []
EntryPoint: deploy_gerrit.sh
Files: ['site.pp', 'database.pp', 'gen_ssl_cert.sh', 'gen_rsa_key.sh']
Options:
captureStdout: true
captureStderr: true
verifyExitcode: false
verifyExitcode: true

13
murano-apps/Gerrit/Resources/scripts/database.pp Normal file
View File

@ -0,0 +1,13 @@
node default {
class { '::mysql::server':
root_password => hiera('gerrit_db_root_password'),
remove_default_accounts => true,
}
mysql::db { 'reviewdb':
user => hiera('gerrit_db_user'),
password => hiera('gerrit_db_password'),
host => 'localhost',
grant => ['SELECT', 'UPDATE', 'CREATE', 'INSERT'],
}
}

17
murano-apps/Gerrit/Resources/scripts/deploy_gerrit.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
logger Deploy Gerrit
logger Generate ssl certificates
/bin/bash ./gen_ssl_cert.sh
logger Generate rsa keys
/bin/bash ./gen_rsa_key.sh
logger Database puppet
puppet apply database.pp
logger Gerrit puppet
puppet apply site.pp
exit

39
murano-apps/Gerrit/Resources/scripts/gen_rsa_key.sh Normal file
View File

@ -0,0 +1,39 @@
#!/bin/bash
logger Generate SSL certificate for Gerrit
datafile='/etc/puppet/hieradata/murano.yaml'
#
# gerrit rsa key
#
ssh-keygen -t rsa -N "" -f gerrit-rsa.key -q
content=`cat gerrit-rsa.key`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssh_rsa_key_contents', value=>'$content', }"
content=`cat gerrit-rsa.key.pub`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssh_rsa_pubkey_contents', value=>'$content', }"
#
# gerrit dsa key
#
ssh-keygen -t rsa -N "" -f gerrit-dsa.key -q
content=`cat gerrit-dsa.key`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssh_dsa_key_contents', value=>'$content', }"
content=`cat gerrit-dsa.key.pub`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssh_dsa_pubkey_contents', value=>'$content', }"
#
# project key
#
ssh-keygen -t rsa -N "" -f project-rsa.key -q
content=`cat project-rsa.key`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssh_project_rsa_key_contents', value=>'$content', }"
content=`cat project-rsa.key.pub`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssh_project_rsa_pubkey_contents', value=>'$content', }"
exit

26
murano-apps/Gerrit/Resources/scripts/gen_ssl_cert.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/bash
logger Generate SSL certificate for Gerrit
datafile='/etc/puppet/hieradata/murano.yaml'
fqdn=`hostname`
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=$fqdn" \
-keyout server.key -out server.cert
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
content=`cat server.key`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssl_key_file_contents', value=>'$content', }"
content=`cat server.cert`
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssl_cert_file_contents', value=>'$content', }"
content=''
puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'gerrit_ssl_chain_file_contents', value=>'$content', }"
# create
getent group ssl-cert || addgroup --system 'ssl-cert'
exit

83
murano-apps/Gerrit/Resources/scripts/site.pp Normal file
View File

@ -0,0 +1,83 @@
node default {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 8081, 29418],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::gerrit':
ssl_cert_file => "/etc/ssl/certs/${::fqdn}.pem",
ssl_key_file => "/etc/ssl/private/${::fqdn}.key",
ssl_chain_file => '',
ssl_chain_file_contents => '',
ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'),
ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'),
ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'),
ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'),
ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
ssh_project_rsa_key_contents => hiera('gerrit_ssh_project_rsa_key_contents'),
ssh_project_rsa_pubkey_contents => hiera('gerrit_ssh_project_rsa_pubkey_contents'),
ssh_replication_rsa_key_contents => hiera('ssh_replication_rsa_key_contents'),
ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'),
ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key'),
ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key'),
email => 'review@openstack.org',
# 1 + 100 + 9 + 2 + 2 + 25 => 139(rounded up)
database_poollimit => '150',
container_heaplimit => '12g',
core_packedgitopenfiles => '4096',
core_packedgitlimit => '400m',
core_packedgitwindowsize => '16k',
sshd_threads => '100',
index_threads => 4,
httpd_maxqueued => '200',
httpd_maxwait => '5000min',
war =>
'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.11.4.11.a14450f.war',
contactstore => false,
contactstore_appsec => '',
contactstore_pubkey => '',
contactstore_url =>
'http://direct.openstack.org/verify/member/',
acls_dir => hiera('gerrit_acls_dir'),
notify_impact_file => hiera('gerrit_notify_impact_file'),
projects_file => hiera('jeepyb_project_file'),
projects_config => hiera('jeepyb_project_file'),
github_username => 'openstack-gerrit',
github_oauth_token => hiera('gerrit_github_token'),
github_project_username => hiera('github_project_username', 'username'),
github_project_password => hiera('github_project_password'),
mysql_host => hiera('gerrit_mysql_host', 'localhost'),
mysql_password => hiera('gerrit_db_password'),
email_private_key => hiera('gerrit_email_private_key'),
token_private_key => hiera('gerrit_rest_token_private_key'),
swift_username => hiera('swift_store_user', 'username'),
swift_password => hiera('swift_store_key'),
replication_force_update => true,
replication => [
],
require => [
Class['project_config'],
],
}
gerrit::plugin { 'javamelody':
version => '3fefa35',
}
class { 'gerrit::remotes':
ensure => absent,
}
# exec { "/usr/xpg4/bin/id >/tmp/puppet-id-test 2>&1",
# user => "puppet",
#
# }
if ! defined(Class['project_config']) {
class { 'project_config':
url => hiera('project_config_repo'),
}
}
}

11
murano-apps/Gerrit/package/UI/ui.yaml → murano-apps/Gerrit/UI/ui.yaml
View File

@ -2,13 +2,13 @@ Version: 2
Application:
?:
type: io.murano.apps.Gerrit
type: io.murano.opaas.Gerrit
name: $.appConfiguration.name
warUrl: $.appConfiguration.warUrl
ldap: $.appConfiguration.OpenLDAP
instance:
?:
type: io.murano.resources.LinuxMuranoInstance
type: io.murano.opaas.puppet.PuppetInstance
name: generateHostname($.instanceConfiguration.unitNamingPattern, 1)
flavor: $.instanceConfiguration.flavor
image: $.instanceConfiguration.osImage
@ -22,7 +22,7 @@ Forms:
- name: name
type: string
label: Application Name
initial: Gerrit
initial: GerritPuppet
description: >-
Enter a desired name for the application. Just A-Z, a-z, 0-9, dash and
underline are allowed
@ -40,11 +40,6 @@ Forms:
description: >-
Enter the war version from Gerrit's site
http://gerrit-releases.storage.googleapis.com/index.html
- name: OpenLDAP
type: io.murano.apps.OpenLDAP
required: false
description: >-
Specify OpenLDAP domain for authentication.
- instanceConfiguration:
fields:
- name: title

0
murano-apps/Gerrit/package/logo.png → murano-apps/Gerrit/logo.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 17 KiB

After

Width:  |  Height:  |  Size: 17 KiB

12
murano-apps/Gerrit/manifest.yaml Normal file
View File

@ -0,0 +1,12 @@
Format: 1.0
Type: Application
FullName: io.murano.opaas.Gerrit
Name: Gerrit-Puppet
Description: |
Gerrit provides web based code review and repository management for the Git version control system.
Author: 'Mirantis, Inc'
Tags: [Server, LDAP]
Classes:
io.murano.opaas.Gerrit: Gerrit.yaml
UI: ui.yaml
Logo: logo.png

99
murano-apps/Gerrit/package/Classes/Gerrit.yaml
View File

@ -1,99 +0,0 @@
Namespaces:
=: io.murano.apps
std: io.murano
res: io.murano.resources
sys: io.murano.system
Name: Gerrit
Extends: std:Application
Properties:
name:
Contract: $.string().notNull()
warUrl:
Contract: $.string().notNull()
ldap:
Contract: $.class(OpenLDAP)
instance:
Contract: $.class(res:Instance).notNull()
Methods:
initialize:
Body:
- $._environment: $.find(std:Environment).require()
deploy:
Body:
- If: not $.getAttr(deployed, false)
Then:
- $securityGroupIngress:
- ToPort: 8080
FromPort: 8080
IpProtocol: tcp
External: true
- ToPort: 29418
FromPort: 29418
IpProtocol: tcp
External: true
- $._environment.securityGroupManager.addGroupIngress($securityGroupIngress)
- $._environment.reporter.report($this, 'Creating VM for Gerrit')
- $.instance.deploy()
- $resources: new(sys:Resources)
- $template: $resources.yaml('DeployGerrit.template').bind(dict(
warUrl => $.warUrl
))
- $._environment.reporter.report($this, 'Deploying Gerrit')
- $.instance.agent.call($template, $resources)
- If: $.ldap != null
Then:
- $._environment.reporter.report($this, 'Gerrit waits OpenLDAP to be deployed...')
- $.ldap.deploy()
- $.connectLDAP()
- $._environment.reporter.report($this, 'Gerrit is deployed!')
- $.setAttr(deployed, true)
connectLDAP:
Body:
- $._environment.reporter.report($this, 'Connecting Gerrit to OpenLDAP server')
- $ldapInstance: $.ldap.instance
- If: $ldapInstance.assignFloatingIp
Then:
- $ldapHost: $ldapInstance.floatingIpAddress
Else:
- $ldapHost: $ldapInstance.ipAddresses[0]
- $host: "localhost"
- If: $.instance.assignFloatingIp
Then:
- $host: $.instance.floatingIpAddress
Else:
- $host: $.instance.ipAddresses[0]
- $resources: new(sys:Resources)
- $template: $resources.yaml('ConnectLDAP.template').bind(dict(
openLDAPip => $ldapHost,
host => $host,
domain => $.ldap.domain
))
- $.instance.agent.call($template, $resources)
- $._environment.reporter.report($this, format('Gerrit is available at {0}:8080', $host))
putKey:
Arguments:
- sshKey:
Contract: $.string().notNull()
Body:
- $._environment.reporter.report($this, 'Put SSH key to Gerrit server')
- $resources: new(sys:Resources)
- $template: $resources.yaml('PutKey.template').bind(dict(
sshKey => $sshKey
))
- $.instance.agent.call($template, $resources)
destroy:
Body:
- $.reportDestroyed()
- $.setAttr(deployed, false)

22
murano-apps/Gerrit/package/Resources/ConnectLDAP.template
View File

@ -1,22 +0,0 @@
FormatVersion: 2.0.0
Version: 1.0.0
Name: Connect LDAP
Parameters:
openLDAPip: $openLDAPip
host: $host
domain: $domain
Body: |
return configure('{0} {1} {2}'.format(args.openLDAPip, args.host, args.domain)).stdout
Scripts:
configure:
Type: Application
Version: 1.0.0
EntryPoint: connectLDAP.sh
Files: []
Options:
captureStdout: true
captureStderr: true
verifyExitcode: false

19
murano-apps/Gerrit/package/Resources/PutKey.template
View File

@ -1,19 +0,0 @@
FormatVersion: 2.0.0
Version: 1.0.0
Name: Put sshKey
Parameters:
sshKey: $sshKey
Body: |
return configure('{0}'.format(args.sshKey)).stdout
Scripts:
configure:
Type: Application
Version: 1.0.0
EntryPoint: putKey.sh
Files: []
Options:
captureStdout: true
captureStderr: true

25
murano-apps/Gerrit/package/Resources/scripts/connectLDAP.sh
View File

@ -1,25 +0,0 @@
#!/bin/bash
OPENLDAP_IP="$1"
HOST="$2"
DOMAIN="$3"
# parse tld
NAME="`echo "$DOMAIN" | cut -d. -f1`"
TLD="`echo "$DOMAIN" | cut -d. -f2`"
# setup gerrit to authenticate from OpenLDAP
sed -e "s/type = OPENID/type = ldap/" -i /home/gerrit/gerrit_testsite/etc/gerrit.config
sed -e "s,canonicalWebUrl.*,canonicalWebUrl = http://${HOST}:8080," -i /home/gerrit/gerrit_testsite/etc/gerrit.config
cat << EOF >> /home/gerrit/gerrit_testsite/etc/gerrit.config
[ldap]
server = ldap://${OPENLDAP_IP}
accountBase = OU=users,DC=${NAME},DC=${TLD}
username = CN=admin,DC=${NAME},DC=${TLD}
password = openstack
accountFullName = cn
EOF
# restart gerrit
sudo -u gerrit /home/gerrit/gerrit_testsite/bin/gerrit.sh restart

22
murano-apps/Gerrit/package/Resources/scripts/deployGerrit.sh
View File

@ -1,22 +0,0 @@
#!/bin/bash
WAR="$1"
# Update the packages and install git and java
apt-get update
apt-get install -y git openjdk-7-jdk git-review
# Create a user, gerrit2, to run gerrit
useradd -d/home/gerrit gerrit
mkdir /home/gerrit
chown -R gerrit:gerrit /home/gerrit
# Allow firewall holes for Gerrit
iptables -I INPUT 1 -p tcp -m tcp --dport 8080 -j ACCEPT -m comment --comment "by murano, Gerrit server access on HTTP on port 8080"
iptables -I INPUT 1 -p tcp -m tcp --dport 29418 -j ACCEPT -m comment --comment "by murano, server Apache server access via sshd on port 29418"
# Download latest stable code, install and remove war file.
cd /tmp
wget ${WAR}
filename=$(basename ${WAR})
sudo -u gerrit java -jar /tmp/$filename init --batch -d /home/gerrit/gerrit_testsite
rm /tmp/$filename

9
murano-apps/Gerrit/package/Resources/scripts/putKey.sh
View File

@ -1,9 +0,0 @@
#!/bin/bash
SSHKEY="$1 $2"
mkdir /home/gerrit/.ssh
echo $SSHKEY > /home/gerrit/.ssh/authorized_keys
echo $SSHKEY > /home/gerrit/.ssh/jenkins-id_rsa.pub
chmod 700 /home/gerrit/.ssh
chmod 600 /home/gerrit/.ssh/authorized_keys /home/gerrit/.ssh/jenkins-id_rsa.pub
chown -R gerrit:gerrit /home/gerrit/.ssh

13
murano-apps/Gerrit/package/manifest.yaml
View File

@ -1,13 +0,0 @@
Format: 1.0
Type: Application
FullName: io.murano.apps.Gerrit
Name: Gerrit
Description: |
Gerrit is a web based code review system, facilitating online code reviews
for projects using the Git version control system.
Author: 'Mirantis, Inc'
Tags: [Server, Java, Gerrit, CI]
Classes:
io.murano.apps.Gerrit: Gerrit.yaml
UI: ui.yaml
Logo: logo.png