diff --git a/manifests/site.pp b/manifests/site.pp
index ea6abc056b..bb9682e902 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -29,6 +29,8 @@ node 'review.openstack.org' {
ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'),
ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents'),
ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents'),
+ ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key'),
+ ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key'),
lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'),
lp_sync_token => hiera('gerrit_lp_access_token'),
lp_sync_secret => hiera('gerrit_lp_access_secret'),
diff --git a/modules/openstack_project/manifests/gerrit.pp b/modules/openstack_project/manifests/gerrit.pp
index 7da82b7352..749000ef1a 100644
--- a/modules/openstack_project/manifests/gerrit.pp
+++ b/modules/openstack_project/manifests/gerrit.pp
@@ -22,6 +22,8 @@ class openstack_project::gerrit (
$ssh_rsa_pubkey_contents = '', # If left empty puppet will not create file.
$ssh_project_rsa_key_contents = '', # If left empty will not create file.
$ssh_project_rsa_pubkey_contents = '', # If left empty will not create file.
+ $ssh_welcome_rsa_key_contents='', # If left empty will not create file.
+ $ssh_welcome_rsa_pubkey_contents='', # If left empty will not create file.
$email = '',
$database_poollimit = '',
$container_heaplimit = '',
@@ -292,6 +294,28 @@ class openstack_project::gerrit (
require => Class['::gerrit'],
}
+ if $ssh_welcome_rsa_key_contents != '' {
+ file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0600',
+ content => $ssh_welcome_rsa_key_contents,
+ replace => true,
+ require => File['/home/gerrit2/review_site/etc']
+ }
+ }
+
+ if $ssh_welcome_rsa_pubkey_contents != '' {
+ file { '/home/gerrit2/review_site/etc/ssh_welcome_rsa_key.pub':
+ owner => 'gerrit2',
+ group => 'gerrit2',
+ mode => '0644',
+ content => $ssh_welcome_rsa_pubkey_contents,
+ replace => true,
+ require => File['/home/gerrit2/review_site/etc']
+ }
+ }
+
if ($projects_file != 'UNDEF') {
if ($replicate_local) {
file { $local_git_dir:
diff --git a/modules/openstack_project/manifests/review.pp b/modules/openstack_project/manifests/review.pp
index bc23347e19..b41ea18ff2 100644
--- a/modules/openstack_project/manifests/review.pp
+++ b/modules/openstack_project/manifests/review.pp
@@ -55,6 +55,9 @@ class openstack_project::review (
# manage-projects's user ssh key.
$ssh_project_rsa_key_contents='',
$ssh_project_rsa_pubkey_contents='',
+ # welcome-message's user ssh key.
+ $ssh_welcome_rsa_key_contents='',
+ $ssh_welcome_rsa_pubkey_contents='',
# To be renamed - they're now just launchpad creds, not lp_sync
$lp_sync_consumer_key='',
$lp_sync_token='',
@@ -92,6 +95,8 @@ class openstack_project::review (
ssh_rsa_pubkey_contents => $ssh_rsa_pubkey_contents,
ssh_project_rsa_key_contents => $ssh_project_rsa_key_contents,
ssh_project_rsa_pubkey_contents => $ssh_project_rsa_pubkey_contents,
+ ssh_welcome_rsa_key_contents => $ssh_welcome_rsa_key_contents,
+ ssh_welcome_rsa_pubkey_contents => $ssh_welcome_rsa_pubkey_contents,
email => 'review@openstack.org',
# 1 + 100 + 9 + 2 + 2 + 25 = 139(rounded up)
database_poollimit => '150',
diff --git a/modules/openstack_project/templates/gerrit_patchset-created.erb b/modules/openstack_project/templates/gerrit_patchset-created.erb
index 5d59203307..efdf9de159 100755
--- a/modules/openstack_project/templates/gerrit_patchset-created.erb
+++ b/modules/openstack_project/templates/gerrit_patchset-created.erb
@@ -9,5 +9,8 @@ timeout -k 2m 10m /usr/local/bin/trivial-rebase \
--whitespace \
--private-key-path=<%= ssh_host_key %> \
--role-user=<%= trivial_rebase_role_id %> "$@"
+<% if $ssh_welcome_rsa_key_contents != "" -%>
timeout -k 2m 10m /usr/local/bin/welcome-message patchset-created --dryrun \
- welcome-message@review.openstack.org <%= welcome-message_gerrit_ssh_private_key %> "$@"
+ welcome-message@review.openstack.org \
+ /home/gerrit2/review_site/etc/ssh_welcome_rsa_key "$@"
+<% end -%>