Puppet Class: profile::gerrit::server

Defined in:
modules/profile/manifests/gerrit/server.pp

Overview

modules/profile/manifests/gerrit/server.pp

filtertags: labs-project-git

Parameters:

  • ipv4 (Stdlib::Ipv4) (defaults to: lookup('gerrit::service::ipv4'))
  • host (Stdlib::Fqdn) (defaults to: lookup('gerrit::server::host'))
  • replica_hosts (Array[Stdlib::Fqdn]) (defaults to: lookup('gerrit::server::replica_hosts'))
  • backups_enabled (Boolean) (defaults to: lookup('gerrit::server::backups_enabled'))
  • backup_set (String) (defaults to: lookup('gerrit::server::backup_set'))
  • gerrit_servers (Array[Stdlib::Fqdn]) (defaults to: lookup('gerrit::servers'))
  • config (String) (defaults to: lookup('gerrit::server::config'))
  • use_acmechief (Boolean) (defaults to: lookup('gerrit::server::use_acmechief'))
  • ldap_config (Hash) (defaults to: lookup('ldap', Hash, hash, {}))
  • ipv6 (Optional[Stdlib::Ipv6]) (defaults to: lookup('gerrit::service::ipv6'))
  • java_version (Integer[8, 11]) (defaults to: lookup('gerrit::server::java_version'))
  • is_replica (Boolean) (defaults to: lookup('gerrit::server::is_replica'))
  • scap_user (Optional[String]) (defaults to: lookup('gerrit::server::scap_user'))
  • scap_key_name (Optional[String]) (defaults to: lookup('gerrit::server::scap_key_name'))
  • db_user (Optional[String]) (defaults to: lookup('gerrit::server::db_user'))
  • db_pass (Optional[String]) (defaults to: lookup('gerrit::server::db_pass'))
  • enable_monitoring (Boolean) (defaults to: lookup('gerrit::server::enable_monitoring', { default_value => true }))


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# File 'modules/profile/manifests/gerrit/server.pp', line 4

class profile::gerrit::server(
    Stdlib::Ipv4 $ipv4 = lookup('gerrit::service::ipv4'),
    Stdlib::Fqdn $host = lookup('gerrit::server::host'),
    Array[Stdlib::Fqdn] $replica_hosts = lookup('gerrit::server::replica_hosts'),
    Boolean $backups_enabled = lookup('gerrit::server::backups_enabled'),
    String $backup_set = lookup('gerrit::server::backup_set'),
    Array[Stdlib::Fqdn] $gerrit_servers = lookup('gerrit::servers'),
    String $config = lookup('gerrit::server::config'),
    Boolean $use_acmechief = lookup('gerrit::server::use_acmechief'),
    Hash $ldap_config = lookup('ldap', Hash, hash, {}),
    Optional[Stdlib::Ipv6] $ipv6 = lookup('gerrit::service::ipv6'),
    Integer[8, 11] $java_version = lookup('gerrit::server::java_version'),
    Boolean $is_replica = lookup('gerrit::server::is_replica'),
    Optional[String] $scap_user = lookup('gerrit::server::scap_user'),
    Optional[String] $scap_key_name = lookup('gerrit::server::scap_key_name'),
    Optional[String] $db_user = lookup('gerrit::server::db_user'),
    Optional[String] $db_pass = lookup('gerrit::server::db_pass'),
    Boolean $enable_monitoring = lookup('gerrit::server::enable_monitoring', { default_value => true }),
) {

    interface::alias { 'gerrit server':
        ipv4 => $ipv4,
        ipv6 => $ipv6,
    }

    if !$is_replica and $enable_monitoring {
        monitoring::service { 'gerrit_ssh':
            description   => 'SSH access',
            check_command => "check_ssh_port_ip!29418!${ipv4}",
            contact_group => 'admins,gerrit',
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Gerrit',
        }
    }

    # ssh from users to gerrit
    ferm::service { 'gerrit_ssh_users':
        proto => 'tcp',
        port  => '29418',
    }

    # ssh between gerrit servers for cluster support
    $gerrit_servers_ferm=join($gerrit_servers, ' ')
    ferm::service { 'gerrit_ssh_cluster':
        port   => '22',
        proto  => 'tcp',
        srange => "(@resolve((${gerrit_servers_ferm})) @resolve((${gerrit_servers_ferm}), AAAA))",
    }

    ferm::service { 'gerrit_http':
        proto => 'tcp',
        port  => 'http',
    }

    ferm::service { 'gerrit_https':
        proto => 'tcp',
        port  => 'https',
    }

    if $backups_enabled and $backup_set != undef {
        backup::set { $backup_set:
            jobdefaults => "Hourly-${profile::backup::host::day}-${profile::backup::host::pool}"
        }
    }

    if $use_acmechief {
        class { '::sslcert::dhparam': }
        acme_chief::cert { 'gerrit':
            puppet_svc => 'apache2',
        }
    } else {
        if $is_replica {
            $tls_host = $replica_hosts[0]
        } else {
            $tls_host = $host
        }
        letsencrypt::cert::integrated { 'gerrit':
            subjects   => $tls_host,
            puppet_svc => 'apache2',
            system_svc => 'apache2',
        }
    }

    class { '::gerrit':
        host              => $host,
        ipv4              => $ipv4,
        ipv6              => $ipv6,
        replica           => $is_replica,
        replica_hosts     => $replica_hosts,
        config            => $config,
        use_acmechief     => $use_acmechief,
        ldap_config       => $ldap_config,
        java_version      => $java_version,
        scap_user         => $scap_user,
        scap_key_name     => $scap_key_name,
        db_user           => $db_user,
        db_pass           => $db_pass,
        enable_monitoring => $enable_monitoring
    }

    class { '::gerrit::replication_key':
        require => Class['gerrit'],
    }

    # Ship gerrit logs to ELK, everything should be in the JSON file now.
    # Just the sshd_log has a custom format.
    rsyslog::input::file { 'gerrit-json':
        path => '/var/log/gerrit/gerrit.json',
    }

    # Apache reverse proxies to jetty
    rsyslog::input::file { 'gerrit-apache2-error':
        path => '/var/log/apache2/*error*.log',
    }
    rsyslog::input::file { 'gerrit-apache2-access':
        path => '/var/log/apache2/*access*.log',
    }
}