Add baserock_gerrit system

These instructions allow deploying a production-ready Gerrit instance.
Integrating the gerrit.baserock.org with git.baserock.org will be done
separately.

5 files changed, 178 insertions, 0 deletions

diff --git a/baserock_gerrit/baserock_gerrit.morph b/baserock_gerrit/baserock_gerrit.morph
new file mode 100644
index 00000000..7712afd7
--- /dev/null
+++ b/baserock_gerrit/baserock_gerrit.morph
@@ -0,0 +1,12 @@
+name: baserock_gerrit
+kind: cluster
+systems:
+  - morph: baserock_gerrit/gerrit-system-x86_64.morph
+    deploy:
+      gerrit.baserock.org:
+        type: openstack
+        location: https://compute.datacentred.io:5000/v2.0
+        OPENSTACK_IMAGENAME: baserock_gerrit
+        CLOUD_INIT: yes
+        DISK_SIZE: 3G
+        KERNEL_ARGS: console=tty0 console=ttyS0
diff --git a/baserock_gerrit/gerrit-system-x86_64.morph b/baserock_gerrit/gerrit-system-x86_64.morph
new file mode 100644
index 00000000..eb036cc4
--- /dev/null
+++ b/baserock_gerrit/gerrit-system-x86_64.morph
@@ -0,0 +1,41 @@
+name: baserock-gerrit-system-x86_64
+kind: system
+description: |
+  System for running Gerrit on Baserock.
+
+  Note this system doesn't contain Gerrit or Java: the Baserock reference
+  definitions don't have any support for Java yet. Instead, Java and Gerrit
+  are downloaded from the web and installed on first-boot by the configuration
+  management scripts.
+
+  So this system is really just a Baserock base system plus Ansible.
+arch: x86_64
+strata:
+- name: build-essential
+  morph: strata/build-essential.morph
+- name: core
+  morph: strata/core.morph
+- name: foundation
+  morph: strata/foundation.morph
+- name: lvm
+  morph: strata/foundation.morph
+- name: bsp-x86_64-generic
+  morph: strata/bsp-x86_64-generic.morph
+- name: cloudinit-support
+  morph: strata/cloudinit-support.morph
+- name: ansible
+  morph: strata/ansible.morph
+- name: lorry
+  morph: strata/lorry.morph
+- name: lorry-controller
+  morph: strata/lorry-controller.morph
+# FIXME: 'tools' is needed purely because mkfs.ext4 resides there.
+# Which doesn't make much sense really.
+- name: tools
+  morph: strata/tools.morph
+configuration-extensions:
+- set-hostname
+- add-config-files
+- nfsboot
+- install-files
+- cloud-init
diff --git a/baserock_gerrit/gerrit.config b/baserock_gerrit/gerrit.config
new file mode 100644
index 00000000..c2257eaa
--- /dev/null
+++ b/baserock_gerrit/gerrit.config
@@ -0,0 +1,23 @@
+[gerrit]
+	basePath = git
+	canonicalWebUrl = http://gerrit.baserock.org/
+[database]
+	type = mysql
+	hostname = 192.168.222.30
+	database = gerrit
+	username = gerrit
+[index]
+	type = LUCENE
+[auth]
+	type = OPENID
+	trustedOpenID = http://openid.baserock.org/
+[sendemail]
+	smtpServer = localhost
+[sshd]
+	listenAddress = *:29418
+[httpd]
+	listenUrl = http://*:8080/
+[cache]
+	directory = cache
+[user]
+	email = "gerrit@baserock.org"
diff --git a/baserock_gerrit/gerrit.service b/baserock_gerrit/gerrit.service
new file mode 100644
index 00000000..478693c3
--- /dev/null
+++ b/baserock_gerrit/gerrit.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Gerrit Code Review Server
+After=network.target
+
+[Service]
+User=gerrit
+Group=gerrit
+Type=simple
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=gerrit
+ExecStart={{ run_gerrit }} daemon --site-path /srv/gerrit --console-log
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/baserock_gerrit/instance-config.yml b/baserock_gerrit/instance-config.yml
new file mode 100644
index 00000000..77de7722
--- /dev/null
+++ b/baserock_gerrit/instance-config.yml
@@ -0,0 +1,86 @@
+# Instance-specific configuration for the baserock.org Gerrit system.
+#
+# You must have the Java SE Runtime Environment binary available in the
+# baserock_gerrit directory when you run this script.
+#
+# Download it from here:
+# <http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html>
+#
+- hosts: gerrit.baserock.org
+  gather_facts: False
+  vars:
+    GERRIT_VERSION: 2.9.4
+
+    # Download from http://www.oracle.com/technetwork/java/javase/downloads/server-jre8-downloads-2133154.html
+    JRE_FILE: server-jre-8u31-linux-x64.tar.gz
+    # This path should correspond to where the JRE ends up if you extract the
+    # downloaded tarball in /opt.
+    JRE_DIR: /opt/jdk1.8.0_31
+
+    # Download from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
+    JCE_FILE: jce_policy-8.zip
+
+    run_gerrit: "{{ JRE_DIR }}/bin/java -jar /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war"
+  vars_files:
+    - ../database/baserock_gerrit.database_password.yml
+  tasks:
+
+    - name: add gerrit user
+      user: name=gerrit shell=/bin/false
+
+    - name: unpack the Java Runtime Environment
+      unarchive: src=/root/{{ JRE_FILE }} dest=/opt owner=root group=root creates={{ JRE_DIR }}
+
+    # The Java Cryptography Extensions are needed in order to enable all SSH
+    # ciphers, due to US export restrictions.
+    - name: unpack the Java Cryptography Extensions
+      unarchive: src={{ JCE_FILE }} dest=/opt owner=root group=root creates=/opt/UnlimitedJCEPolicyJDK8/
+
+    - name: install the Java Cryptography Extensions
+      file: src=/opt/UnlimitedJCEPolicyJDK8/{{ item }} dest={{ JRE_DIR }}/jre/lib/security/{{ item }} state=link force=yes
+      with_items:
+        - local_policy.jar
+        - US_export_policy.jar
+
+    - name: create /opt/gerrit
+      file: path=/opt/gerrit state=directory
+
+    - name: download Gerrit
+      get_url:
+        url: https://gerrit-releases.storage.googleapis.com/gerrit-{{ GERRIT_VERSION }}.war
+        dest: /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war
+
+    - include: ../tasks/create-data-volume.yml lv_name=gerrit lv_size=25g mountpoint=/srv/gerrit
+
+    - name: ensure 'gerrit' user owns /srv/gerrit
+      file: path=/srv/gerrit owner=gerrit group=gerrit state=directory
+
+    - name: initialise Gerrit application directory
+      command: "{{ run_gerrit }} init -d /srv/gerrit creates=/srv/gerrit/etc/gerrit.config"
+
+    - name: download extra Java libraries
+      get_url:
+        url: "{{ item }}"
+        dest: /srv/gerrit/lib
+      with_items:
+        # MySQL Java Connector
+        - http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar
+
+        # Bouncy Castle Crypto APIs for Java. The interactive `gerrit init`
+        # command recommends installing these libraries, and who am I to argue?
+        - http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
+        - http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
+
+    - name: install gerrit.config
+      template: src=gerrit.config dest=/srv/gerrit/etc/gerrit.config
+
+    - name: set database password
+      command: git config -f /srv/gerrit/etc/secure.config database.password "{{ baserock_gerrit_password }}"
+      sudo: yes
+      sudo_user: gerrit
+
+    - name: install gerrit.service
+      template: src=gerrit.service dest=/etc/systemd/system/gerrit.service
+
+    - name: start Gerrit service
+      service: name=gerrit enabled=yes state=started