Puppet Class: profile::zuul::merger

Defined in:

modules/profile/manifests/zuul/merger.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

• enable (Boolean) (defaults to: lookup('profile::zuul::merger::enable'))
• conf_merger (Hash) (defaults to: lookup('profile::zuul::merger::conf'))
• firewall_hosts (Optional[Array[Stdlib::Host]]) (defaults to: lookup('profile::zuul::merger::firewall_hosts'))
• firewall_src_sets (Optional[Array[String]]) (defaults to: lookup('profile::zuul::merger::firewall_src_sets'))

# File 'modules/profile/manifests/zuul/merger.pp', line 2

class profile::zuul::merger(
    Boolean $enable                               = lookup('profile::zuul::merger::enable'),
    Hash $conf_merger                             = lookup('profile::zuul::merger::conf'),
    Optional[Array[Stdlib::Host]] $firewall_hosts = lookup('profile::zuul::merger::firewall_hosts'),
    Optional[Array[String]] $firewall_src_sets    = lookup('profile::zuul::merger::firewall_src_sets'),
) {
    include profile::ci

    if $enable {
        $monitoring_active = 'present'
        $service_enable    = true
    } else {
        $monitoring_active = 'absent'
        $service_enable    = 'mask'
    }

    class { 'zuul::monitoring::merger':
        ensure => $monitoring_active,
    }

    class { '::zuul::merger':
        # Merger settings
        gearman_server      => $conf_merger['gearman_server'],
        gerrit_server       => $conf_merger['gerrit_server'],
        gerrit_user         => $conf_merger['gerrit_user'],
        gerrit_ssh_key_file => $conf_merger['gerrit_ssh_key_file'],
        git_dir             => $conf_merger['git_dir'],
        git_email           => $conf_merger['git_email'],
        git_name            => $conf_merger['git_name'],
        zuul_url            => $conf_merger['zuul_url'],
        service_enable      => $service_enable,
        service_ensure      => stdlib::ensure($enable, 'service'),
    }

    # Serves Zuul git repositories
    user { 'gitdaemon':
        system => true,
        gid    => 'nogroup',
        home   => '/nonexistent',  # like "nobody"
    }

    class { '::git::daemon':
        description     => 'Git daemon for Zuul merger',
        base_path       => $conf_merger['git_dir'],
        directories     => [$conf_merger['git_dir']],
        user            => 'gitdaemon',
        group           => 'nogroup',
        max_connections => 96,
        environment     => {
            'HOME' => '/var/lib/gitdaemon',
        },
        require         => User['gitdaemon'],
    }

    # We run a git-daemon process to expose the zuul-merger git repositories.
    # The slaves fetch changes from it over the git:// protocol.
    # It is only meant to be used from slaves, so only accept internal
    # connections.
    if $firewall_hosts {
        firewall::service { 'git_daemon_internal_hosts':
            proto  => 'tcp',
            port   => 9418,
            srange => $firewall_hosts,
        }
    }

    if $firewall_src_sets {
        firewall::service { 'git_daemon_internal_sets':
            proto    => 'tcp',
            port     => 9418,
            src_sets => $firewall_src_sets,
        }
    }
}