Working service
diff --git a/README.rst b/README.rst
index 35cc392..a7f9cc3 100644
--- a/README.rst
+++ b/README.rst
@@ -1,23 +1,28 @@
-==================================
-gerrit
-==================================
+======
+Gerrit
+======
-Service gerrit description
+Gerrit provides web based code review and repository management for the Git version control system.
Sample pillars
==============
-Single gerrit service
+Sipmple gerrit service
.. code-block:: yaml
gerrit:
server:
enabled: true
- version: icehouse
+ source:
+ engine: http
+ address: https://gerrit-ci.gerritforge.com/job/Gerrit-stable-2.13/20/artifact/buck-out/gen/gerrit.war
+ hash: 2e17064b8742c4622815593ec496c571
Read more
=========
-* links
+* https://www.gerritcodereview.com/
+* https://github.com/openstack-infra/puppet-gerrit/
+* https://gerrit-ci.gerritforge.com/
diff --git a/gerrit/files/actions.config b/gerrit/files/actions.config
new file mode 100644
index 0000000..ba10e5e
--- /dev/null
+++ b/gerrit/files/actions.config
@@ -0,0 +1,17 @@
+{%- from "gerrit/map.jinja" import server with context %}
+# This file is managed by salt.
+
+{%- for rule_name, rule in server.get('rule', {}).iteritems() %}
+
+[rule "{{ rule_name }}"]
+ action = {{ rule.action }}
+ {%- if rule.event_type is defined %}
+ event-type = {{ rule.event_type }}
+ {%- endif %}
+ {%- if rule.labels is defined %}
+ {%- for label in rule.labels %}
+ {{ label.name }} = {{ label.approvals }}
+ {%- endfor %}
+ {%- endif %}
+
+{%- endfor %}
\ No newline at end of file
diff --git a/gerrit/files/gerrit.conf b/gerrit/files/gerrit.conf
deleted file mode 100644
index 44e3449..0000000
--- a/gerrit/files/gerrit.conf
+++ /dev/null
@@ -1 +0,0 @@
-# Service config file
\ No newline at end of file
diff --git a/gerrit/files/gerrit.config b/gerrit/files/gerrit.config
new file mode 100644
index 0000000..4379b13
--- /dev/null
+++ b/gerrit/files/gerrit.config
@@ -0,0 +1,221 @@
+{%- from "gerrit/map.jinja" import server with context %}
+# This file is managed by salt.
+
+[gerrit]
+ basePath = git
+ canonicalWebUrl = {{ server.canonical_web_url }}
+ {%- if server.git_http_url is defined %}
+ gitHttpUrl = {{ server.git_http_url }}
+ {%- endif %}
+ {%- if server.canonical_git_url is defined %}
+ canonicalGitUrl = {{ server.canonical_git_url }}
+ {%- endif %}
+
+[database]
+ type = {{ server.database.engine }}
+ hostname = {{ server.database.host }}
+ database = {{ server.database.name }}
+ username = {{ server.database.user }}
+ connectionpool = true
+
+[auth]
+ {%- if server.get('contributor_agreement', False) %}
+ contributorAgreements = true
+ {%- endif %}
+ type = {{ server.auth.engine }}
+ cookieSecure = true
+ enableRunAs = true
+ {%- if server.auth.engine == 'OPENID_SSO' %}
+ openIdSsoUrl = {{ server.auth.openid_sso_url }}
+ {%- endif %}
+
+[sendemail]
+ smtpServer = {{ server.mail.host }}
+ from = {{ server.mail.from }}
+ includeDiff = {{ server.mail.include_diff }}
+
+[container]
+ user = gerrit2
+ {% if server.java_home is defined %}
+ javaHome = {{ server.java_home }}
+ {% endif %}
+ {% if server.container_javaoptions is defined %}
+ vaOptions = {{ server.container_javaoptions }}
+ {% endif %}
+ {% if server.container_heaplimit is defined %}
+ heapLimit = {{ server.container_heaplimit }}
+ {% endif %}
+
+[sshd]
+ listenAddress = {{ server.bind.address }}
+ {% if server.sshd_threads is defined %}
+ threads = {{ server.sshd_threads }}
+ {% endif %}
+ {% if server.sshd_idle_timeout is defined %}
+ idleTimeout = {{ server.sshd_idle_timeout }}
+ {% endif %}
+ {% if server.sshd_max_connections_per_user is defined %}
+ maxConnectionsPerUser = {{ server.sshd_max_connections_per_user }}
+ {% endif %}
+ {% if server.sshd_batch_threads is defined %}
+ batchThreads = {{ server.sshd_batch_threads }}
+ {% endif %}
+
+[httpd]
+ listenUrl = proxy-https://*:8081/
+ {% if server.httpd_maxwait is defined %}
+ maxWait = {{ server.httpd_maxwait }}
+ {% endif %}
+ {% if server.httpd_acceptorthreads is defined %}
+ acceptorThreads = {{ server.httpd_acceptorthreads }}
+ {% endif %}
+ {% if server.httpd_minthreads is defined %}
+ minThreads = {{ server.httpd_minthreads }}
+ {% endif %}
+ {% if server.httpd_maxthreads is defined %}
+ maxThreads = {{ server.httpd_maxthreads }}
+ {% endif %}
+ {% if server.httpd_maxqueued is defined %}
+ maxQueued = {{ server.httpd_maxqueued }}
+ {% endif %}
+
+[cache]
+ directory = cache
+
+[cache "web_sessions"]
+ maxAge = 7days
+
+{% if server.cache_diff_timeout is defined %}
+
+[cache "diff"]
+ timeout = {{ server.cache_diff_timeout }}
+
+{% endif %}
+
+{% if server.cache_diff_intraline_timeout is defined %}
+
+[cache "diff_intraline"]
+ timeout = {{ server.cache_diff_intraline_timeout }}
+
+{% endif %}
+
+[user]
+ email = {{ server.email }}
+
+[change]
+ allowDrafts = {{ server.get('allow_drafts', True) }}
+
+[receive]
+ {% if server.receive_max_object_size_limit is defined %}
+ maxObjectSizeLimit = {{ server.receive_max_object_size_limit }}
+ {% endif %}
+
+{%- for commentlink_name, commentlink in server.get('commentlink', {}).iteritems() %}
+
+[commentlink "{{ commentlink_name }}"]
+ match = "{{ commentlink['match'] }}"
+ {% if commentlink['link'] is defined %}
+ link = "{{ commentlink['link'] }}"
+ {% endif %}
+ {% if commentlink['html'] is defined %}
+ html = "{{ commentlink['html'] }}"
+ {% endif %}
+
+{% endfor %}
+
+{%- for plugin_name, plugin in server.get('plugin', {}).iteritems() %}
+
+[{{ plugin_name }}]
+ url = {{ plugin.url }}
+
+{% endfor %}
+
+[theme]
+ backgroundColor = ffffff
+ topMenuColor = ffffff
+ textColor = 264d69
+ trimColor = eef3f5
+ selectionColor = d1e6ea
+ changeTableOutdatedColor = f5cccc
+ tableOddRowColor = ffffff
+ tableEvenRowColor = f5f5ff
+
+{% if server.melody is defined %}
+
+[melody]
+ monitoring = {{ server.melody.monitoring }}
+ session = {{ server.melody.session }}
+
+[plugin "javamelody"]
+ allowTopMenu = {{ server.enable_javamelody_top_menu }}
+
+{% endif %}
+
+{% if server.ui is defined %}
+
+[gitweb]
+ {% if server.ui.engine == 'gitweb' %}
+ revision = "?p=${project}.git;a=commitdiff;h=${commit}"
+ {% else %}
+ type = cgit
+ {% endif %}
+ {% if server.ui.repo_url is defined %}
+ url = "{{ server.ui.web_repo_url }}"
+ urlEncode = {{ server.ui.web_repo_url_encode }}
+ {% endif %}
+
+{% endif %}
+
+{% if server.contactstore is defined %}
+
+[contactstore]
+ appsec = {{ server.contactstore.appsec }}
+ url = {{ server.contactstore.url }}
+
+{% endif %}
+
+{% if server.secondary_index is defined %}
+
+[index]
+ type = {{ server.secondary_index.type }}
+ {% if server.index_threads > 1 %}
+ threads = {{ server.index_threads }}
+ {% endif %}
+
+{% endif %}
+
+[groups]
+ newGroupsVisibleToAll = {{ server.get('new_groups_visible_to_all', False) }}
+
+[mimetype "image/*"]
+ safe = true
+
+[mimetype "text/x-yaml"]
+ safe = true
+
+[mimetype "text/xml"]
+ safe = true
+
+[mimetype "application/xml"]
+ safe = true
+
+[mimetype "text/x-rst"]
+ safe = true
+
+[mimetype "text/plain"]
+ safe = true
+
+[mimetype "text/x-puppet"]
+ safe = true
+
+[mimetype "text/x-ini"]
+ safe = true
+
+[mimetype "text/x-properties"]
+ safe = true
+
+[mimetype "text/x-markdown"]
+ safe = true
+
+[mimetype "text/css"]
+ safe = true
diff --git a/gerrit/files/gerrit.systemd b/gerrit/files/gerrit.systemd
new file mode 100644
index 0000000..4849fbc
--- /dev/null
+++ b/gerrit/files/gerrit.systemd
@@ -0,0 +1,23 @@
+[Unit]
+Description=Web based code review and project management for Git based projects
+After=syslog.target network.target remote-fs.target
+
+[Service]
+Type=simple
+User=gerrit2
+EnvironmentFile=/etc/default/gerritcodereview
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=gerrit
+ExecStart=@/usr/bin/java gerrit -DGerritCodeReview=1 $JAVA_OPTIONS -jar $GERRIT_WAR daemon -d $GERRIT_SITE --console-log
+#MemoryLimit=768M
+OOMScoreAdjust=-1000
+LimitCPU=infinity
+LimitFSIZE=infinity
+LimitDATA=infinity
+LimitCORE=0
+LimitAS=infinity
+LimitLOCKS=infinity
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/gerrit/files/gerritcodereview b/gerrit/files/gerritcodereview
new file mode 100644
index 0000000..9053a3c
--- /dev/null
+++ b/gerrit/files/gerritcodereview
@@ -0,0 +1,4 @@
+{%- from "gerrit/map.jinja" import server with context %}
+GERRIT_SITE={{ server.dir.site }}
+GERRIT_WAR={{ server.dir.site }}/bin/gerrit.war
+JAVA_OPTIONS=""
diff --git a/gerrit/files/project.config b/gerrit/files/project.config
new file mode 100644
index 0000000..bfefb22
--- /dev/null
+++ b/gerrit/files/project.config
@@ -0,0 +1,63 @@
+[project]
+ description = Access inherited by all other projects.
+[receive]
+ requireContributorAgreement = false
+ requireSignedOffBy = false
+ requireChangeId = true
+[submit]
+ mergeContent = true
+[capability]
+ administrateServer = group Administrators
+ priority = batch group Non-Interactive Users
+ streamEvents = group Non-Interactive Users
+[access "refs/*"]
+ read = group Administrators
+ read = group Anonymous Users
+[access "refs/for/refs/*"]
+ push = group Registered Users
+ pushMerge = group Registered Users
+[access "refs/heads/*"]
+ create = group Administrators
+ create = group Project Owners
+ forgeAuthor = group Registered Users
+ forgeCommitter = group Administrators
+ forgeCommitter = group Project Owners
+ push = group Administrators
+ push = group Project Owners
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ label-Code-Review = -1..+1 group Registered Users
+ label-Verified = -1..+1 group Non-Interactive Users
+ submit = group Administrators
+ submit = group Project Owners
+ editTopicName = +force group Administrators
+ editTopicName = +force group Project Owners
+[access "refs/meta/config"]
+ exclusiveGroupPermissions = read
+ read = group Administrators
+ read = group Project Owners
+ push = group Administrators
+ push = group Project Owners
+ label-Code-Review = -2..+2 group Administrators
+ label-Code-Review = -2..+2 group Project Owners
+ submit = group Administrators
+ submit = group Project Owners
+[access "refs/tags/*"]
+ pushTag = group Administrators
+ pushTag = group Project Owners
+ pushSignedTag = group Administrators
+ pushSignedTag = group Project Owners
+[label "Code-Review"]
+ function = MaxWithBlock
+ copyMinScore = true
+ value = -2 This shall not be merged
+ value = -1 I would prefer this is not merged as is
+ value = 0 No score
+ value = +1 Looks good to me, but someone else must approve
+ value = +2 Looks good to me, approved
+[label "Verified"]
+ function = MaxWithBlock
+ copyMinScore = true
+ value = -1 Fails
+ value = 0 No score
+ value = +1 Verified
\ No newline at end of file
diff --git a/gerrit/files/remotes.config b/gerrit/files/remotes.config
new file mode 100644
index 0000000..5d0e04f
--- /dev/null
+++ b/gerrit/files/remotes.config
@@ -0,0 +1,2 @@
+{%- from "gerrit/map.jinja" import server with context %}
+# This file is managed by salt.
diff --git a/gerrit/files/replicaton.config b/gerrit/files/replicaton.config
new file mode 100644
index 0000000..5d0e04f
--- /dev/null
+++ b/gerrit/files/replicaton.config
@@ -0,0 +1,2 @@
+{%- from "gerrit/map.jinja" import server with context %}
+# This file is managed by salt.
diff --git a/gerrit/files/secure.config b/gerrit/files/secure.config
new file mode 100644
index 0000000..930b2f0
--- /dev/null
+++ b/gerrit/files/secure.config
@@ -0,0 +1,16 @@
+{%- from "gerrit/map.jinja" import server with context %}
+# This file is managed by salt.
+
+[database]
+ password = {{ server.database.password }}
+
+[auth]
+ registerEmailPrivateKey = {{ server.email_private_key }}
+ restTokenPrivateKey = {{ server.token_private_key }}
+
+{%- for plugin_name, plugin in server.get('plugin', {}).iteritems() %}
+
+[{{ plugin_name }}]
+ password = {{ plugin.password }}
+
+{%- endfor %}
diff --git a/gerrit/map.jinja b/gerrit/map.jinja
index 20ba4d6..4c1db62 100644
--- a/gerrit/map.jinja
+++ b/gerrit/map.jinja
@@ -1,29 +1,14 @@
-{%- set source_engine = salt['pillar.get']('gerrit:server:source:engine') %}
-
{%- load_yaml as base_defaults %}
-{%- if source_engine == 'git' %}
Debian:
pkgs:
- - python-psycopg2
+ - unzip
+ - gitweb
dir:
- base: /srv/gerrit/venv
- home: /var/lib/gerrit
- workspace: /srv/gerrit/workspace
-RedHat:
- pkgs:
- - python-psycopg2
- dir:
- base: /srv/gerrit/venv
- home: /var/lib/gerrit
- workspace: /srv/gerrit/workspace
-{%- else %}
-Debian:
- pkgs:
- - gerrit
- dir:
- base: /usr/lib/gerrit
-{%- endif %}
+ home: "/srv/gerrit2"
+ site: "/srv/gerrit2/review_site"
+ service: gerrit
+ reindex_threads: 1
{%- endload %}
-{%- set server = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('gerrit:server')) %}
\ No newline at end of file
+{%- set server = salt['grains.filter_by'](base_defaults, merge=salt['pillar.get']('gerrit:server')) %}
diff --git a/gerrit/server.sls b/gerrit/server.sls
deleted file mode 100644
index 9ae5a81..0000000
--- a/gerrit/server.sls
+++ /dev/null
@@ -1,4 +0,0 @@
-{%- from "gerrit/map.jinja" import server with context %}
-{%- if server.enabled %}
-
-{%- endif %}
diff --git a/gerrit/server/init.sls b/gerrit/server/init.sls
new file mode 100644
index 0000000..91b188c
--- /dev/null
+++ b/gerrit/server/init.sls
@@ -0,0 +1,3 @@
+include:
+- gerrit.server.service
+- gerrit.server.plugin
diff --git a/gerrit/server/plugin.sls b/gerrit/server/plugin.sls
new file mode 100644
index 0000000..5669a3c
--- /dev/null
+++ b/gerrit/server/plugin.sls
@@ -0,0 +1,29 @@
+{%- from "gerrit/map.jinja" import server with context %}
+{%- if server.enabled %}
+
+include:
+- gerrit.server.service
+
+gerrit_plugin_dirs:
+ file.directory:
+ - names:
+ - {{ server.dir.home }}/gerrit-plugins
+ - {{ server.dir.home }}/review_site/plugins
+ - makedirs: true
+ - user: gerrit2
+ - group: gerrit2
+ - require:
+ - file: gerrit_home
+
+{% for plugin_name, plugin in server.get('plugin', {}).iteritems() %}
+
+{{ server.dir.home }}/review_site/plugins/{{ plugin_name }}.jar
+ file.managed:
+ - source: {{ plugin.address }}
+ - user: gerrit2
+ - require:
+ - file: gerrit_plugin_dirs
+
+{%- endfor %}
+
+{%- endif %}
diff --git a/gerrit/server/service.sls b/gerrit/server/service.sls
new file mode 100644
index 0000000..763aefa
--- /dev/null
+++ b/gerrit/server/service.sls
@@ -0,0 +1,150 @@
+{%- from "gerrit/map.jinja" import server with context %}
+{%- if server.enabled %}
+
+gerrit_packages:
+ pkg.installed:
+ - names: {{ server.pkgs }}
+
+gerrit_user:
+ user.present:
+ - name: gerrit2
+# - system: True
+ - home: {{ server.dir.home }}
+
+gerrit_home:
+ file.directory:
+ - names:
+ - {{ server.dir.home }}/.ssh
+ - {{ server.dir.home }}/gerrit-wars
+ - {{ server.dir.site }}/bin
+ - {{ server.dir.site }}/etc/its
+ - {{ server.dir.site }}/hooks
+ - {{ server.dir.site }}/lib
+ - {{ server.dir.site }}/static
+ - /var/log/gerrit
+ - makedirs: true
+ - user: gerrit2
+ - group: gerrit2
+ - require:
+ - user: gerrit_user
+ - pkg: gerrit_packages
+
+{{ server.dir.site }}/etc/gerrit.config:
+ file.managed:
+ - source: salt://gerrit/files/gerrit.config
+ - user: gerrit2
+ - group: gerrit2
+ - template: jinja
+ - require:
+ - file: gerrit_home
+
+{{ server.dir.site }}/etc/secure.config:
+ file.managed:
+ - source: salt://gerrit/files/secure.config
+ - user: gerrit2
+ - group: gerrit2
+ - template: jinja
+ - require:
+ - file: gerrit_home
+
+{{ server.dir.site }}/etc/its/actions.config:
+ file.managed:
+ - source: salt://gerrit/files/actions.config
+ - user: gerrit2
+ - group: gerrit2
+ - template: jinja
+ - require:
+ - file: gerrit_home
+
+{%- if server.get('replication', False) %}
+
+{{ server.dir.site }}/etc/replication.config:
+ file.managed:
+ - source: salt://gerrit/files/replication.config
+ - user: gerrit2
+ - group: gerrit2
+ - template: jinja
+ - require:
+ - file: gerrit_home
+
+{% endif %}
+
+{{ server.dir.site }}/etc/ssh_welcome_rsa_key:
+ file.managed:
+ - contents_pillar: gerrit:server:ssh_welcome_rsa_key
+ - user: gerrit2
+ - group: gerrit2
+ - mode: 600
+ - require:
+ - file: gerrit_home
+
+{{ server.dir.site }}/etc/ssh_welcome_rsa_key.pub:
+ file.managed:
+ - contents_pillar: gerrit:server:ssh_welcome_rsa_key_pub
+ - user: gerrit2
+ - group: gerrit2
+ - mode: 644
+ - require:
+ - file: gerrit_home
+
+{% if server.source.engine == "http" %}
+
+{{ server.dir.site }}/bin/gerrit.war:
+ file.managed:
+ - source: {{ server.source.address }}
+ - source_hash: {{ server.source.hash }}
+ - user: gerrit2
+ - group: gerrit2
+ - require:
+ - file: gerrit_home
+ - require_in:
+ - cmd: gerrit_server_initial_init
+
+{%- endif %}
+
+gerrit_server_initial_init:
+ cmd.run:
+ - name: /usr/bin/java -jar {{ server.dir.site }}/bin/gerrit.war init -d {{ server.dir.site }} --batch --no-auto-start
+ - unless: /usr/bin/test -f /etc/init.d/gerrit
+ - require:
+ - file: {{ server.dir.site }}/etc/gerrit.config
+ - file: {{ server.dir.site }}/etc/secure.config
+
+gerrit_server_initial_index:
+ cmd.run:
+ - name: /usr/bin/java -jar {{ server.dir.site }}/bin/gerrit.war reindex -d {{ server.dir.site }} --threads {{ server.reindex_threads }}
+ - watch:
+ - cmd: gerrit_server_initial_init
+
+/etc/default/gerritcodereview:
+ file.managed:
+ - source: salt://gerrit/files/gerritcodereview
+ - user: gerrit2
+ - group: gerrit2
+ - template: jinja
+ - require:
+ - file: gerrit_home
+
+/lib/systemd/system/gerrit.service:
+ file.managed:
+ - source: salt://gerrit/files/gerrit.systemd
+ - user: gerrit2
+ - group: gerrit2
+ - template: jinja
+ - require:
+ - file: gerrit_home
+
+gerrit_server_service_symlink:
+ file.symlink:
+ - name: /etc/init.d/{{ server.service }}
+ - target: {{ server.dir.site }}/bin/gerrit.sh
+
+gerrit_server_service:
+ service.running:
+ - name: {{ server.service }}
+ - enable: true
+ - require:
+ - file: gerrit_server_service_symlink
+ - cmd: gerrit_server_initial_index
+
+{%- endif %}
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index 8da8a38..4811f70 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -8,3 +8,7 @@
enabled: true
bind:
address: 0.0.0.0
+ mail:
+ host: localhost
+ from: gerrit
+ include_diff: true
\ No newline at end of file