[Gerrit] OpenLDAP authentification for Gerrit

* OpenLDAP authentification for was Gerrit added * URL field for Gerrit binaries was for CiCd application added Change-Id: I00ff158fdb52a6cd2bab379e277856bccad44bc8
2016-03-23 15:11:47 +02:00 · 2016-03-23 15:11:47 +02:00 · f1143eb3d7
commit f1143eb3d7
parent 7cedf9aa7c
7 changed files with 79 additions and 20 deletions
--- a/murano-apps/CiCdEnvironment/package/Classes/CiCdEnvironment.yaml
+++ b/murano-apps/CiCdEnvironment/package/Classes/CiCdEnvironment.yaml
@ -25,6 +25,8 @@ Properties:
  assignFloatingIp:
    Contract: $.bool().notNull()
    Default: true
+  gerritUrl:
+    Contract: $.string().notNull()

 Methods:
  .init:
@ -47,7 +49,6 @@ Methods:
          keyname => $.keyname,
          availabilityZone => $.availabilityZone,
          assignFloatingIp => $.assignFloatingIp)
-
      - $this.ldap: new(opaas:OpenLDAP, $._environment,
          name => 'OpenLDAP',
          instance => $ldapInstance,
@ -66,7 +67,11 @@ Methods:
          keyname => $.keyname,
          availabilityZone => $.availabilityZone,
          assignFloatingIp => $.assignFloatingIp)
-      - $this.gerrit: new(opaas:Gerrit, $this, name => 'Gerrit', instance => $gerritInstance)
+      - $this.gerrit: new(opaas:Gerrit, $this,
+          name => 'Gerrit',
+          warUrl => $.gerritUrl,
+          instance => $gerritInstance,
+          ldap => $this.ldap)

      # Jenkins
      - $._environment.reporter.report($this,
--- a/murano-apps/CiCdEnvironment/package/UI/ui.yaml
+++ b/murano-apps/CiCdEnvironment/package/UI/ui.yaml
@ -9,9 +9,16 @@ Application:
  image: $.instanceConfiguration.osImage
  keyname: $.instanceConfiguration.keyPair
  availabilityZone: $.instanceConfiguration.availabilityZone
+  gerritUrl: $.repoConfiguration.gerritUrl
  assignFloatingIp: true

 Forms:
+  - repoConfiguration:
+      fields:
+        - name: gerritUrl
+          type: string
+          required: true
+          description: Specify the address to download Gerrit binaries
  - instanceConfiguration:
      fields:
        - name: title
--- a/murano-apps/Gerrit/package/Classes/Gerrit.yaml
+++ b/murano-apps/Gerrit/package/Classes/Gerrit.yaml
@ -17,6 +17,9 @@ Properties:
    Contract: $.string().notNull()
  warUrl:
    Contract: $.string().notNull()
+  ldap:
+    Contract: $.class(opaas:OpenLDAP)
+
 Methods:
  initialize:
    Body:
@ -28,23 +31,28 @@ Methods:
      - If: $.getAttr(deployed, false)
        Then:
          Return:
+
+      - If: $.ldap != null
+        Then:
+          - $.ldap.deploy()
+
      - $securityGroupIngress:
-          - ToPort: 80
-            FromPort: 80
-            IpProtocol: tcp
-            External: true
-          - ToPort: 443
-            FromPort: 443
-            IpProtocol: tcp
-            External: true
-          - ToPort: 8081
-            FromPort: 8081
-            IpProtocol: tcp
-            External: true
-          - ToPort: 29418
-            FromPort: 29418
-            IpProtocol: tcp
-            External: true
+        - ToPort: 80
+          FromPort: 80
+          IpProtocol: tcp
+          External: true
+        - ToPort: 443
+          FromPort: 443
+          IpProtocol: tcp
+          External: true
+        - ToPort: 8081
+          FromPort: 8081
+          IpProtocol: tcp
+          External: true
+        - ToPort: 29418
+          FromPort: 29418
+          IpProtocol: tcp
+          External: true

      - $._environment.securityGroupManager.addGroupIngress($securityGroupIngress)
      - $._environment.reporter.report($this, 'Creating VM for Gerrit {0}'.format($.instance.openstackId))
@ -65,8 +73,25 @@ Methods:
      - $._environment.reporter.report($this, format('Gerrit is available at {0}:80 or {1}:8081',
          $.instance.floatingIpAddress, $.instance.floatingIpAddress))

+  createLdapConfiguration:
+    Body:
+      - $ldapInstance: $.ldap.instance
+      - If: $ldapInstance.assignFloatingIp
+        Then:
+          - $ldapHost: $ldapInstance.floatingIpAddress
+        Else:
+          - $ldapHost: $ldapInstance.ipAddresses[0]
+
+      - $.instance.setHieraValue('ldap_ip', $ldapHost)
+      - $.instance.setHieraValue('ldap_domain', $.ldap.domain)
+      - $.instance.setHieraValue('ldap_root_user', $.ldap.ldapRootUser)
+      - $.instance.setHieraValue('ldap_root_password', $.ldap.ldapRootPass)
+
  createConfiguration:
    Body:
+      - If: $this.ldap != null
+        Then:
+          - $.createLdapConfiguration()
      - $.instance.setHieraValue( 'gerrit_war_url', $this.warUrl)
      - $.instance.setHieraValue( 'project_config_repo', 'https://review.fuel-infra.org/open-paas/project-config')
      - $.instance.setHieraValue( 'gerrit_github_token', 'f84013d50c69e60e902f748ea75c611695f35ef2')
--- a/murano-apps/Gerrit/package/Resources/scripts/site.pp
+++ b/murano-apps/Gerrit/package/Resources/scripts/site.pp
@ -1,4 +1,9 @@
 node default {
+  $ldap_user     = hiera('ldap_root_user')
+  $ldap_password = hiera('ldap_root_password')
+  $ldap_domain   = hiera('ldap_domain')
+  $ldap_dn = domain2dn(hiera("ldap_domain"))
+  $ldap_ip = hiera('ldap_ip')

  class { 'openstack_project::server':
    iptables_public_tcp_ports => [80, 443, 8081, 29418],
@ -49,6 +54,13 @@ node default {
    github_oauth_token                  => hiera('gerrit_github_token'),
    github_project_username             => hiera('github_project_username', 'username'),
    github_project_password             => hiera('github_project_password'),
+    gerrit_auth_type                    => 'LDAP',
+    ldap_server                         => "ldap://${ldap_ip}",
+    ldap_account_base                   => "OU=users,${ldap_dn}",
+    ldap_username                       => "CN=${ldap_user},${ldap_dn}",
+    ldap_password                       => $ldap_password,
+    ldap_accountfullname                => 'cn',
+    ldap_account_pattern                => '(cn=${username})',
    mysql_host                          => hiera('gerrit_mysql_host', 'localhost'),
    mysql_password                      => hiera('gerrit_db_password'),
    email_private_key                   => hiera('gerrit_email_private_key'),
--- a/murano-apps/Gerrit/package/UI/ui.yaml
+++ b/murano-apps/Gerrit/package/UI/ui.yaml
@ -40,6 +40,11 @@ Forms:
          description: >-
            Enter the war version from Gerrit's site
            http://gerrit-releases.storage.googleapis.com/index.html
+        - name: OpenLDAP
+          type: io.murano.opaas.OpenLDAP
+          required: false
+          description: >-
+            Specify OpenLDAP domain for authentication
  - instanceConfiguration:
      fields:
        - name: title
--- a/murano-apps/Gerrit/package/manifest.yaml
+++ b/murano-apps/Gerrit/package/manifest.yaml
@ -3,13 +3,14 @@ Type: Application
 FullName: io.murano.opaas.Gerrit
 Name: Gerrit-Puppet
 Description: |
- Gerrit provides web based code review and repository management for the Git version control system.
+  Gerrit provides web based code review and repository management for the Git version control system.
 Author: 'Mirantis, Inc'
 Tags: [Server, LDAP]
 Classes:
- io.murano.opaas.Gerrit: Gerrit.yaml
+  io.murano.opaas.Gerrit: Gerrit.yaml
 UI: ui.yaml
 Logo: logo.png
 Require:
+  io.murano.opaas.OpenLDAP:
  io.murano.opaas.puppet.ProjectConfig:
  io.murano.opaas.puppet.Puppet:
--- a/murano-apps/SystemConfig/package/Resources/scripts/deploy.sh
+++ b/murano-apps/SystemConfig/package/Resources/scripts/deploy.sh
@ -14,3 +14,7 @@ cp -r modules/ /etc/puppet/

 git clone https://review.fuel-infra.org/open-paas/project-config
 cp -r project-config/ /etc/
+
+# Should be installed on the each node to use
+# domain2dn function
+puppet module install datacentred-ldap