diff options
author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-03-11 11:35:49 +0000 |
---|---|---|
committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-03-13 15:14:29 +0000 |
commit | 3bf92ba17b00f6b50e423415cdc9a6b807f74c5c (patch) | |
tree | 40b915d0180f1a6c5539eb6a9ebc4ec31380f71d /baserock_gerrit | |
parent | a3d7604896898a0d1e2728eed9bbad344838551c (diff) | |
download | infrastructure-3bf92ba17b00f6b50e423415cdc9a6b807f74c5c.tar.gz |
gerrit: Add mirroring configuration
This pulls from git.baserock.org with lorry-controller, and pushes
'master' back to git.baserock.org using gerrit-replication.
Diffstat (limited to 'baserock_gerrit')
-rw-r--r-- | baserock_gerrit/All-Projects/project.config | 26 | ||||
-rw-r--r-- | baserock_gerrit/gerrit-access-config.yml | 4 | ||||
-rw-r--r-- | baserock_gerrit/gerrit.config | 6 | ||||
-rw-r--r-- | baserock_gerrit/instance-config.yml | 12 | ||||
-rw-r--r-- | baserock_gerrit/instance-mirroring-config.yml | 49 | ||||
-rw-r--r-- | baserock_gerrit/lorry-controller.conf | 29 | ||||
-rw-r--r-- | baserock_gerrit/lorry-controller/minion.conf | 6 | ||||
-rw-r--r-- | baserock_gerrit/lorry-controller/webapp.conf | 13 | ||||
-rw-r--r-- | baserock_gerrit/lorry.conf | 8 | ||||
-rw-r--r-- | baserock_gerrit/replication.config | 27 |
10 files changed, 165 insertions, 15 deletions
diff --git a/baserock_gerrit/All-Projects/project.config b/baserock_gerrit/All-Projects/project.config index 6fc2d815..dfec0e61 100644 --- a/baserock_gerrit/All-Projects/project.config +++ b/baserock_gerrit/All-Projects/project.config @@ -60,18 +60,20 @@ push = +force group Mirroring Tools [access "refs/tags/*"] - pushTag = group Release Team - pushSignedTag = group Release Team - - pushTag = group Administrators - pushSignedTag = group Administrators - pushTag = group Project Owners - pushSignedTag = group Project Owners - - create = group Mirroring Tools - push = +force group Mirroring Tools - pushTag = +force group Mirroring Tools - pushSignedTag = +force group Mirroring Tools + pushTag = group Release Team + pushSignedTag = group Release Team + + pushTag = group Administrators + pushSignedTag = group Administrators + pushTag = group Project Owners + pushSignedTag = group Project Owners + + create = group Mirroring Tools + forgeAuthor = group Mirroring Tools + forgeCommitter = group Mirroring Tools + push = +force group Mirroring Tools + pushTag = +force group Mirroring Tools + pushSignedTag = +force group Mirroring Tools # Changing project configuration is allowed for Administrators only. (In theory diff --git a/baserock_gerrit/gerrit-access-config.yml b/baserock_gerrit/gerrit-access-config.yml index 513a993e..f524c477 100644 --- a/baserock_gerrit/gerrit-access-config.yml +++ b/baserock_gerrit/gerrit-access-config.yml @@ -97,7 +97,9 @@ groups: - Mirroring Tools - Non-Interactive Users - #ssh_key: xx + # FIXME: ansible-gerrit module should be able to handle a filename + # here, instead of needing this hack to read the contents. + ssh_key: "{{ lookup('file', '../keys/lorry-gerrit.key.pub') }}" - gerrit_account: username: mason diff --git a/baserock_gerrit/gerrit.config b/baserock_gerrit/gerrit.config index c2257eaa..249fde8e 100644 --- a/baserock_gerrit/gerrit.config +++ b/baserock_gerrit/gerrit.config @@ -21,3 +21,9 @@ directory = cache [user] email = "gerrit@baserock.org" + +# It seems like a bad idea to enable remote administration of plugins, but +# there is absolutely no information available on how to do 'local' +# administration of Gerrit plugins, so we can't really avoid it. +[plugins] + allowRemoteAdmin = true diff --git a/baserock_gerrit/instance-config.yml b/baserock_gerrit/instance-config.yml index 0a06413c..f9317278 100644 --- a/baserock_gerrit/instance-config.yml +++ b/baserock_gerrit/instance-config.yml @@ -24,9 +24,12 @@ vars_files: - ../database/baserock_gerrit.database_password.yml tasks: - - name: add gerrit user - user: name=gerrit shell=/bin/false + user: + name: gerrit + shell: /bin/false + generate_ssh_key: yes + ssh_key_comment: gerrit@baserock.org - name: unpack the Java Runtime Environment unarchive: src={{ JRE_FILE }} dest=/opt owner=root group=root creates={{ JRE_DIR }} @@ -58,6 +61,11 @@ - name: initialise Gerrit application directory command: "{{ run_gerrit }} init -d /srv/gerrit creates=/srv/gerrit/etc/gerrit.config" + - name: extract gerrit-replication plugin + shell: unzip /opt/gerrit/gerrit-{{ GERRIT_VERSION}}.war WEB-INF/plugins/replication.jar -p > /srv/gerrit/plugins/replication.jar + args: + creates: /srv/gerrit/plugins/replication.jar + - name: download extra Java libraries get_url: url: "{{ item }}" diff --git a/baserock_gerrit/instance-mirroring-config.yml b/baserock_gerrit/instance-mirroring-config.yml new file mode 100644 index 00000000..6864f7c7 --- /dev/null +++ b/baserock_gerrit/instance-mirroring-config.yml @@ -0,0 +1,49 @@ +- hosts: gerrit.baserock.org + gather_facts: no + sudo: yes + tasks: + - name: Lorry user + user: name=lorry comment="Lorry mirroring service" + + # Ansible can generate a new SSH key for Lorry when we add the user, + # but it seems tricky to then extract this and add it to the 'lorry' Gerrit + # user. + - name: SSH private key for Lorry user + copy: src=../keys/lorry-gerrit.key dest=~/.ssh/id_rsa mode=600 + sudo_user: lorry + + - name: SSH public key for Lorry user + copy: src=../keys/lorry-gerrit.key.pub dest=~/.ssh/id_rsa.pub mode=644 + sudo_user: lorry + + - name: directory in /etc for Lorry Controller system configuration + file: dest=/etc/lorry-controller state=directory + + - name: Lorry tool configuration + copy: src=lorry.conf dest=/etc/lorry.conf + + - name: Lorry Controller system configuration + copy: + src=lorry-controller/{{ item }} + dest=/etc/lorry-controller/{{ item }} + with_items: + - minion.conf + - webapp.conf + + - name: enable and restart core lorry controller services. + service: name={{ item }} enabled=yes state=started + with_items: + - lighttpd-lorry-controller-webapp.service + - lorry-controller-minion@1.service + + - name: enable lorry-controller scheduled activity timers + service: name={{ item }} enabled=yes + with_items: + - lorry-controller-ls-troves.timer + - lorry-controller-readconf.timer + - lorry-controller-remove-ghost-jobs.timer + - lorry-controller-remove-old-jobs.timer + - lorry-controller-status.timer + + - name: gerrit-replication configuration + copy: src=replication.config dest=/srv/gerrit/etc diff --git a/baserock_gerrit/lorry-controller.conf b/baserock_gerrit/lorry-controller.conf new file mode 100644 index 00000000..002a0a7c --- /dev/null +++ b/baserock_gerrit/lorry-controller.conf @@ -0,0 +1,29 @@ +[ + { + "type": "trove", + + "trovehost": "git.baserock.org", + "protocol": "http", + + "prefixmap": { + "baserock": "baserock", + "delta": "delta" + }, + + "ignore": [ + "baserock/baserock/documentation", + "baserock/baserock/jenkins-config", + "baserock/baserock/lorries", + "baserock/baserock/morph-cache-server", + "baserock/baserock/morphs", + "baserock/baserock/remo", + "baserock/local-config/*", + "baserock/site/*", + "baserock/tests/*", + "delta/*" + ], + + "ls-interval": "4H", + "interval": "10M" + } +] diff --git a/baserock_gerrit/lorry-controller/minion.conf b/baserock_gerrit/lorry-controller/minion.conf new file mode 100644 index 00000000..99abdba8 --- /dev/null +++ b/baserock_gerrit/lorry-controller/minion.conf @@ -0,0 +1,6 @@ +[config] +log = syslog +log-level = debug +webapp-host = localhost +webapp-port = 12765 +webapp-timeout = 3600 diff --git a/baserock_gerrit/lorry-controller/webapp.conf b/baserock_gerrit/lorry-controller/webapp.conf new file mode 100644 index 00000000..dde0d0f6 --- /dev/null +++ b/baserock_gerrit/lorry-controller/webapp.conf @@ -0,0 +1,13 @@ +[config] +log = /home/lorry/webapp.log +log-max = 100M +log-keep = 0 +log-level = debug +statedb = /home/lorry/webapp.db +configuration-directory = /home/lorry/confgit +status-html = /home/lorry/lc-status.html +wsgi = yes +debug-port = 12765 +templates = /usr/share/lorry-controller/templates +confgit-url = http://localhost:8080/local-config/lorries +git-server-type = gerrit diff --git a/baserock_gerrit/lorry.conf b/baserock_gerrit/lorry.conf new file mode 100644 index 00000000..03c1177b --- /dev/null +++ b/baserock_gerrit/lorry.conf @@ -0,0 +1,8 @@ +[config] +mirror-base-url-push = ssh://lorry@localhost:29418/ +bundle = never +tarball = never +working-area = /home/lorry/working-area +verbose = yes +log = /dev/stdout +log-level = debug diff --git a/baserock_gerrit/replication.config b/baserock_gerrit/replication.config new file mode 100644 index 00000000..fab59c14 --- /dev/null +++ b/baserock_gerrit/replication.config @@ -0,0 +1,27 @@ +# Configuration for gerrit-replication plugin. +# +# This handles pushing changes from gerrit.baserock.org to git.baserock.org. + +[remote "trove"] + url = ssh://git@git.baserock.org/${name}.git + + # Disable force-pushing and only sync 'master' and tags. + # + # This will probably prove annoying and we'll need to mirror more branches in + # future. But right now there are hundreds of personal branches and I want to + # avoid potential push errors for branches we don't care about. + push = refs/heads/master:refs/heads/master + push = refs/tags/*:refs/tags/* + + createMissingRepositories = false + replicatePermissions = false + + # What to sync: this is a regexp that must match the whole project name. + projects = ^baserock/.*$ + + # If true, gerrit-replication will remove remote branches that are absent in + # the trove. This is a bit dangerous, but necessary if we are to make gerrit + # the 'master'. Note that if you set 'authGroup', branches that are not + # visible to the configured authorisation group will also be removed. So do + # not set 'authGroup' to anything. + mirror = false |