diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-21 14:27:08 +0000 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-30 17:28:37 +0000 |
commit | 747adce51197c465b83f08e3edf81afc4510c6b7 (patch) | |
tree | 3913e387c4276c2b8153413fbac34d1782aec61e /baserock_gerrit | |
parent | e81956c83d3100497b83e563420971bed5dacd47 (diff) | |
download | infrastructure-747adce51197c465b83f08e3edf81afc4510c6b7.tar.gz |
Add baserock_gerrit system
These instructions allow deploying a production-ready Gerrit instance.
Integrating the gerrit.baserock.org with git.baserock.org will be done
separately.
Diffstat (limited to 'baserock_gerrit')
-rw-r--r-- | baserock_gerrit/baserock_gerrit.morph | 12 | ||||
-rw-r--r-- | baserock_gerrit/gerrit-system-x86_64.morph | 41 | ||||
-rw-r--r-- | baserock_gerrit/gerrit.config | 23 | ||||
-rw-r--r-- | baserock_gerrit/gerrit.service | 16 | ||||
-rw-r--r-- | baserock_gerrit/instance-config.yml | 86 |
5 files changed, 178 insertions, 0 deletions
diff --git a/baserock_gerrit/baserock_gerrit.morph b/baserock_gerrit/baserock_gerrit.morph new file mode 100644 index 00000000..7712afd7 --- /dev/null +++ b/baserock_gerrit/baserock_gerrit.morph @@ -0,0 +1,12 @@ +name: baserock_gerrit +kind: cluster +systems: + - morph: baserock_gerrit/gerrit-system-x86_64.morph + deploy: + gerrit.baserock.org: + type: openstack + location: https://compute.datacentred.io:5000/v2.0 + OPENSTACK_IMAGENAME: baserock_gerrit + CLOUD_INIT: yes + DISK_SIZE: 3G + KERNEL_ARGS: console=tty0 console=ttyS0 diff --git a/baserock_gerrit/gerrit-system-x86_64.morph b/baserock_gerrit/gerrit-system-x86_64.morph new file mode 100644 index 00000000..eb036cc4 --- /dev/null +++ b/baserock_gerrit/gerrit-system-x86_64.morph @@ -0,0 +1,41 @@ +name: baserock-gerrit-system-x86_64 +kind: system +description: | + System for running Gerrit on Baserock. + + Note this system doesn't contain Gerrit or Java: the Baserock reference + definitions don't have any support for Java yet. Instead, Java and Gerrit + are downloaded from the web and installed on first-boot by the configuration + management scripts. + + So this system is really just a Baserock base system plus Ansible. +arch: x86_64 +strata: +- name: build-essential + morph: strata/build-essential.morph +- name: core + morph: strata/core.morph +- name: foundation + morph: strata/foundation.morph +- name: lvm + morph: strata/foundation.morph +- name: bsp-x86_64-generic + morph: strata/bsp-x86_64-generic.morph +- name: cloudinit-support + morph: strata/cloudinit-support.morph +- name: ansible + morph: strata/ansible.morph +- name: lorry + morph: strata/lorry.morph +- name: lorry-controller + morph: strata/lorry-controller.morph +# FIXME: 'tools' is needed purely because mkfs.ext4 resides there. +# Which doesn't make much sense really. +- name: tools + morph: strata/tools.morph +configuration-extensions: +- set-hostname +- add-config-files +- nfsboot +- install-files +- cloud-init diff --git a/baserock_gerrit/gerrit.config b/baserock_gerrit/gerrit.config new file mode 100644 index 00000000..c2257eaa --- /dev/null +++ b/baserock_gerrit/gerrit.config @@ -0,0 +1,23 @@ +[gerrit] + basePath = git + canonicalWebUrl = http://gerrit.baserock.org/ +[database] + type = mysql + hostname = 192.168.222.30 + database = gerrit + username = gerrit +[index] + type = LUCENE +[auth] + type = OPENID + trustedOpenID = http://openid.baserock.org/ +[sendemail] + smtpServer = localhost +[sshd] + listenAddress = *:29418 +[httpd] + listenUrl = http://*:8080/ +[cache] + directory = cache +[user] + email = "gerrit@baserock.org" diff --git a/baserock_gerrit/gerrit.service b/baserock_gerrit/gerrit.service new file mode 100644 index 00000000..478693c3 --- /dev/null +++ b/baserock_gerrit/gerrit.service @@ -0,0 +1,16 @@ +[Unit] +Description=Gerrit Code Review Server +After=network.target + +[Service] +User=gerrit +Group=gerrit +Type=simple +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=gerrit +ExecStart={{ run_gerrit }} daemon --site-path /srv/gerrit --console-log +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff --git a/baserock_gerrit/instance-config.yml b/baserock_gerrit/instance-config.yml new file mode 100644 index 00000000..77de7722 --- /dev/null +++ b/baserock_gerrit/instance-config.yml @@ -0,0 +1,86 @@ +# Instance-specific configuration for the baserock.org Gerrit system. +# +# You must have the Java SE Runtime Environment binary available in the +# baserock_gerrit directory when you run this script. +# +# Download it from here: +# <http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html> +# +- hosts: gerrit.baserock.org + gather_facts: False + vars: + GERRIT_VERSION: 2.9.4 + + # Download from http://www.oracle.com/technetwork/java/javase/downloads/server-jre8-downloads-2133154.html + JRE_FILE: server-jre-8u31-linux-x64.tar.gz + # This path should correspond to where the JRE ends up if you extract the + # downloaded tarball in /opt. + JRE_DIR: /opt/jdk1.8.0_31 + + # Download from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html + JCE_FILE: jce_policy-8.zip + + run_gerrit: "{{ JRE_DIR }}/bin/java -jar /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war" + vars_files: + - ../database/baserock_gerrit.database_password.yml + tasks: + + - name: add gerrit user + user: name=gerrit shell=/bin/false + + - name: unpack the Java Runtime Environment + unarchive: src=/root/{{ JRE_FILE }} dest=/opt owner=root group=root creates={{ JRE_DIR }} + + # The Java Cryptography Extensions are needed in order to enable all SSH + # ciphers, due to US export restrictions. + - name: unpack the Java Cryptography Extensions + unarchive: src={{ JCE_FILE }} dest=/opt owner=root group=root creates=/opt/UnlimitedJCEPolicyJDK8/ + + - name: install the Java Cryptography Extensions + file: src=/opt/UnlimitedJCEPolicyJDK8/{{ item }} dest={{ JRE_DIR }}/jre/lib/security/{{ item }} state=link force=yes + with_items: + - local_policy.jar + - US_export_policy.jar + + - name: create /opt/gerrit + file: path=/opt/gerrit state=directory + + - name: download Gerrit + get_url: + url: https://gerrit-releases.storage.googleapis.com/gerrit-{{ GERRIT_VERSION }}.war + dest: /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war + + - include: ../tasks/create-data-volume.yml lv_name=gerrit lv_size=25g mountpoint=/srv/gerrit + + - name: ensure 'gerrit' user owns /srv/gerrit + file: path=/srv/gerrit owner=gerrit group=gerrit state=directory + + - name: initialise Gerrit application directory + command: "{{ run_gerrit }} init -d /srv/gerrit creates=/srv/gerrit/etc/gerrit.config" + + - name: download extra Java libraries + get_url: + url: "{{ item }}" + dest: /srv/gerrit/lib + with_items: + # MySQL Java Connector + - http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar + + # Bouncy Castle Crypto APIs for Java. The interactive `gerrit init` + # command recommends installing these libraries, and who am I to argue? + - http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar + - http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar + + - name: install gerrit.config + template: src=gerrit.config dest=/srv/gerrit/etc/gerrit.config + + - name: set database password + command: git config -f /srv/gerrit/etc/secure.config database.password "{{ baserock_gerrit_password }}" + sudo: yes + sudo_user: gerrit + + - name: install gerrit.service + template: src=gerrit.service dest=/etc/systemd/system/gerrit.service + + - name: start Gerrit service + service: name=gerrit enabled=yes state=started |