diff options
Diffstat (limited to 'baserock_gerrit')
20 files changed, 0 insertions, 773 deletions
diff --git a/baserock_gerrit/All-Projects/groups b/baserock_gerrit/All-Projects/groups deleted file mode 100644 index da2baa74..00000000 --- a/baserock_gerrit/All-Projects/groups +++ /dev/null @@ -1,16 +0,0 @@ -# UUID Group Name -# -global:Anonymous-Users Anonymous Users -global:Project-Owners Project Owners -global:Registered-Users Registered Users - -# This file is filled in with the other group IDs by the -# gerrit-access-config.yml Ansible playbook. -b660c33b68509db9dbd9578ae00035da90c0d5eb Administrators -8e467a11f116bb716a65ac85e28bf09ebfeb0d63 Non-Interactive Users -898d9c4232b8fcac6a3b128f7264c5d4c8b1eead Developers -b8fc45c681b94669fe3fa965c48d5221a515a3a6 Mergers -8c788c828285c3dd0a8c1cc152de6735085def9f Mirroring Tools -a7a9cc6639bd943e47da0d20b39267a08b43cd91 Release Team -d643abb0ad6e9d5ac33093af5cd3a3d4e484d95d Reviewers -cea6c19a08e11b74e63a567e050bec2c6eeb14dc Testers diff --git a/baserock_gerrit/All-Projects/project.config b/baserock_gerrit/All-Projects/project.config deleted file mode 100644 index f3069904..00000000 --- a/baserock_gerrit/All-Projects/project.config +++ /dev/null @@ -1,125 +0,0 @@ -# Top-level access controls for projects on Baserock Gerrit. - -# These can be overridden by a project's own project.config file. They are also -# overridden by the config of a project's parent repo, if it is set to something -# other than the default parent project 'All-Projects'. - -# Useful references: -# -# https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/access-control.html -# https://git.openstack.org/cgit/openstack-infra/system-config/tree/doc/source/gerrit.rst - -# To deploy changes to this file, you need to manually commit it and push it to -# the 'refs/meta/config' ref of the All-Projects repo in Gerrit. - -[project] - description = Access inherited by all other projects. - -[receive] - requireContributorAgreement = false - requireSignedOffBy = false - requireChangeId = true - -[submit] - mergeContent = true - action = rebase if necessary - -[capability] - administrateServer = group Administrators - priority = batch group Non-Interactive Users - streamEvents = group Non-Interactive Users - - createProject = group Mirroring Tools - -# Everyone can read everything. -[access "refs/*"] - read = group Administrators - read = group Anonymous Users - - -# Developers can propose changes. All 'Registered Users' are 'Developers'. -[access "refs/for/refs/*"] - push = group Developers - pushMerge = group Developers - - -[access "refs/heads/*"] - forgeAuthor = group Developers - rebase = group Developers - label-Code-Review = -2..+2 group Mergers - submit = group Mergers - label-Code-Review = -1..+1 group Reviewers -# label-Verified = -1..+1 group Testers - - create = group Administrators - forgeAuthor = group Administrators - forgeCommitter = group Administrators - push = group Administrators - create = group Project Owners - forgeAuthor = group Project Owners - forgeCommitter = group Project Owners - push = group Project Owners - create = group Mergers - forgeAuthor = group Mergers - push = +force group Mergers - - create = group Mirroring Tools - forgeAuthor = group Mirroring Tools - forgeCommitter = group Mirroring Tools - push = +force group Mirroring Tools - - -# Nobody should be able to force push to 'master'. In particular, if Lorry -# can force-push master then it will do, in the course of mirroring from -# git.baserock.org, and this may undo merges that Gerrit just did and really -# confuse things. -[access "refs/heads/master"] - exclusiveGroupPermissions = push - push = block +force group Mergers - push = block +force group Mirroring Tools - - -[access "refs/tags/*"] - pushTag = group Release Team - pushSignedTag = group Release Team - - pushTag = group Administrators - pushSignedTag = group Administrators - pushTag = group Project Owners - pushSignedTag = group Project Owners - - create = group Mirroring Tools - forgeAuthor = group Mirroring Tools - forgeCommitter = group Mirroring Tools - push = +force group Mirroring Tools - pushTag = +force group Mirroring Tools - pushSignedTag = +force group Mirroring Tools - - -# Changing project configuration is allowed for Administrators only. (In theory -# anyone who owns a project can change its permissions, but right now all -# projects should be owned by the Administrators group). -[access "refs/meta/config"] - exclusiveGroupPermissions = read - - read = group Administrators - push = group Administrators - read = group Project Owners - push = group Project Owners - -[label "Code-Review"] - function = MaxWithBlock - copyMinScore = true - value = -2 Do not merge - value = -1 This patch needs further work before it can be merged - value = 0 No score - value = +1 Looks good to me, but someone else must approve - value = +2 Looks good to me, approved - -# Disabled for now, because there is no automated test tool hooked up to our -# Gerrit yet. -#[label "Verified"] -# function = MaxWithBlock -# value = -1 Failed -# value = 0 No score -# value = +1 Verified diff --git a/baserock_gerrit/backup-snapshot.conf b/baserock_gerrit/backup-snapshot.conf deleted file mode 100644 index e8e2f3fc..00000000 --- a/baserock_gerrit/backup-snapshot.conf +++ /dev/null @@ -1,5 +0,0 @@ -services: - - lorry-controller-minion@1.service - - gerrit.service - -volume: /dev/vg0/gerrit diff --git a/baserock_gerrit/baserock_gerrit.morph b/baserock_gerrit/baserock_gerrit.morph deleted file mode 100644 index f7907963..00000000 --- a/baserock_gerrit/baserock_gerrit.morph +++ /dev/null @@ -1,27 +0,0 @@ -name: baserock_gerrit -kind: cluster - -description: | - Deployment .morph for baserock.org Gerrit system. - - Configuration of the system is handled separately, with a series of - Ansible playbooks that should be run after an instance of the system - is up and running. See the README for instructions. - -systems: -- morph: systems/gerrit-system-x86_64.morph - deploy: - gerrit.baserock.org: - type: extensions/openstack - location: https://compute.datacentred.io:5000/v2.0 - - # You can use this method to deploy upgrades over SSH, after the - # machine is deployed. - upgrade-type: extensions/ssh-rsync - upgrade-location: root@192.168.222.69 - - OPENSTACK_IMAGENAME: baserock_gerrit - CLOUD_INIT: true - DISK_SIZE: 3G - HOSTNAME: gerrit - KERNEL_ARGS: console=tty0 console=ttyS0 diff --git a/baserock_gerrit/branding/GerritSite.css b/baserock_gerrit/branding/GerritSite.css deleted file mode 100644 index 6a17f43d..00000000 --- a/baserock_gerrit/branding/GerritSite.css +++ /dev/null @@ -1,15 +0,0 @@ -body {color: #000 !important; background: url("static/openstack-page-bkg.jpg") no-repeat scroll 0 0 white !important; position: static} -#gerrit_header {display: block !important; position: relative; top: -60px; margin-bottom: -60px; width: 200px; padding-left: 17px} -#gerrit_header h1 {font-family: 'PT Sans', sans-serif; font-weight: normal; letter-spacing: -1px} - -#gerrit_topmenu {background: none; position:relative; top: 0px; left: 220px; margin-right: 220px} - -#gerrit_topmenu tbody tr td table {border: 0} - -#gerrit_topmenu tbody tr td table.gwt-TabBar {color: #353535; border-bottom: 1px solid #C5E2EA;} -#gerrit_topmenu .gwt-Button {padding: 3px 6px} -.gwt-TabBarItem-selected {color: #CF2F19 !important; border-bottom: 3px solid #CF2F19;} -.gwt-TabBarItem {color: #353535; border-right: 0 !important} -.gwt-TabBar .gwt-TabBarItem, .gwt-TabBar .gwt-TabBarRest, .gwt-TabPanelBottom {background: 0 !important;} - -#gerrit_topmenu .gwt-TextBox {width: 250px} diff --git a/baserock_gerrit/branding/GerritSiteHeader.html b/baserock_gerrit/branding/GerritSiteHeader.html deleted file mode 100644 index 5ad8d902..00000000 --- a/baserock_gerrit/branding/GerritSiteHeader.html +++ /dev/null @@ -1 +0,0 @@ -<h2 class="typo3-logo"> <a href="/"><img src="/static/baserock-logo.png" width="200" /></a> </h2> diff --git a/baserock_gerrit/branding/baserock-logo.png b/baserock_gerrit/branding/baserock-logo.png Binary files differdeleted file mode 100644 index 65811263..00000000 --- a/baserock_gerrit/branding/baserock-logo.png +++ /dev/null diff --git a/baserock_gerrit/branding/openstack-page-bkg.jpg b/baserock_gerrit/branding/openstack-page-bkg.jpg Binary files differdeleted file mode 100644 index f788c41c..00000000 --- a/baserock_gerrit/branding/openstack-page-bkg.jpg +++ /dev/null diff --git a/baserock_gerrit/gerrit-access-config.yml b/baserock_gerrit/gerrit-access-config.yml deleted file mode 100644 index cb8c4fea..00000000 --- a/baserock_gerrit/gerrit-access-config.yml +++ /dev/null @@ -1,159 +0,0 @@ -# Baserock Gerrit access controls, and predefined users, groups and projects. -# -# This Ansible playbook requires the ansible-gerrit modules: -# -# https://www.github.com/ssssam/ansible-gerrit -# -# These modules depend on pygerrit: -# -# https://www.github.com/sonyxperiadev/pygerrit/ -# -# If you want to change the configuration, just edit this script and rerun it, -# as described in the README. -# -# This script currently doesn't handle committing changes to the access control -# rules for the 'All-Projects' project. To set up or modify the access control -# rules, you'll need to manually commit project.config (in the All-Projects -# subdirectory) to the 'refs/meta/config' ref of the All-Projects repo in -# Gerrit. The 'groups' file will need to list all the groups referenced in -# project.config. This script will add the UUIDs of all groups listed below -# to the All-Projects/groups file, so you don't have to create it manually. ---- -- hosts: localhost - tasks: - # System groups: - # - Anonymous Users - # - Change Owner - # - Project Owners - # - Registered Users - - # Prefined groups: - # - Administrators - # - Non-Interactive Users - - - gerrit_group: - name: Administrators - register: administrators_group - - - gerrit_group: - name: Non-Interactive Users - register: non_interactive_users_group - - # The 'owner' of a group defines who can modify that group. Users - # who are in the 'owner' group for a group 'Groupies' can add and remove - # people (and other groups) from 'Groupies' and can change the name, - # description and owner of 'Groupies.' Since we don't want the - # names, descriptions or owners of these predefined groups being - # changed, they are all left owned by the Administrators group. - - - gerrit_group: - name: Developers - description: Registered users who choose to submit changes for consideration. - owner: Administrators - included_groups: - - Registered Users - register: developers_group - - # Right now all Mergers are in the Release Team by default. - - gerrit_group: - name: Release Team - description: Developers who can tag releases - owner: Administrators - included_groups: - - Mergers - register: release_team_group - - - gerrit_group: - name: Mergers - description: Developers who can trigger the actual merging of a change. - owner: Administrators - register: mergers_group - - - gerrit_group: - name: Mirroring Tools - description: Programs that pull changes from external repositories into Gerrit's Git server - owner: Administrators - register: mirroring_tools_group - - - gerrit_group: - name: Reviewers - description: Registered users who choose to give +1 / -1 reviews to proposed changes. - owner: Administrators - included_groups: - - Registered Users - register: reviewers_group - - - gerrit_group: - name: Testers - description: Testers that can give +1 / -1 Verified to proposed changes. - owner: Administrators - register: testers_group - - # Non-interactive accounts. - - - gerrit_account: - username: firehose - fullname: Firehose integration bot - email: firehose@baserock.org - groups: - - Non-Interactive Users - - Developers - #ssh_key: xx - - - gerrit_account: - username: lorry - fullname: Lorry mirroring service - email: lorry@baserock.org - groups: - - Mirroring Tools - - Non-Interactive Users - # FIXME: ansible-gerrit module should be able to handle a filename - # here, instead of needing this hack to read the contents. - ssh_key: "{{ lookup('file', '../keys/lorry-gerrit.key.pub') }}" - - - gerrit_account: - username: mason - fullname: Mason automated tester - email: mason@baserock.org - groups: - - Non-Interactive Users - - Testers - #ssh_key: xx - - # It'd make more sense to do this in the mirroring-config.yml file, but - # then the admin would need to supply their Gerrit credentials to that - # playbook too (which is more tricky, because it doesn't run on - # 'localhost'). - - name: repo to hold Lorry Controller mirroring configuration - gerrit_project: - name: local-config/lorries - description: Configuration for Lorry for mirroring from Trove - - - name: create 'groups' mapping required by Gerrit - lineinfile: - create: yes - dest: All-Projects/groups - line: "{{ item.group_info.id }}\t{{ item.group_info.name }}" - with_items: - - "{{ administrators_group }}" - - "{{ non_interactive_users_group }}" - - "{{ developers_group }}" - - "{{ mergers_group }}" - - "{{ mirroring_tools_group }}" - - "{{ release_team_group }}" - - "{{ reviewers_group }}" - - "{{ testers_group }}" - - - name: push access configuration for all repos - git_commit_and_push: - repo: "{{ ansible_env.GERRIT_ADMIN_REPO }}" - ref: refs/meta/config - files: - - ./All-Projects/groups - - ./All-Projects/project.config - strip_path_components: 1 - commit_message: | - Update global project access control rules. - - This commit was made by an Ansible playbook living in - git://git.baserock.org/baserock/baserock/infrastructure. diff --git a/baserock_gerrit/gerrit.config b/baserock_gerrit/gerrit.config deleted file mode 100644 index e162f052..00000000 --- a/baserock_gerrit/gerrit.config +++ /dev/null @@ -1,54 +0,0 @@ -# This is the main Gerrit configuration. If you make changes to this -# file, rerun `ansible-playbook -i hosts baserock_gerrit/instance-config.yml` -# to deploy them to production. - -[gerrit] - basePath = git - canonicalWebUrl = https://gerrit.baserock.org/ -[database] - type = mysql - hostname = 192.168.222.30 - database = gerrit - username = gerrit -[index] - type = LUCENE -[auth] - type = OPENID_SSO - allowedOpenID = https://openid.baserock.org/ - trustedOpenID = https://openid.baserock.org/ - # XRDS is a mechanism for saying 'here are the services I provide'. Gerrit - # expects the URL provided here to describe the OpenID provider service - # using XRDS. - openIdSsoUrl = https://openid.baserock.org/openid/xrds/ -[sendemail] - smtpServer = 192.168.222.145 - # Send mails as '${user} (Code Review) <gerrit.baserock.org>' - # The gerrit@baserock.org email comes from the user.email setting - # below - from = MIXED -[user] - name = Baserock Gerrit - email = gerrit@baserock.org -[sshd] - listenAddress = *:29418 -[httpd] - listenUrl = proxy-https://*:8080/ -[cache] - directory = cache -[cache "web_sessions"] - # Remember user logins for a year (default is 12 hours, which gets a - # bit annoying). - maxAge = 1 y -[user] - email = "gerrit@baserock.org" - -# It seems like a bad idea to enable remote administration of plugins, but -# there is absolutely no information available on how to do 'local' -# administration of Gerrit plugins, so we can't really avoid it. -[plugins] - allowRemoteAdmin = true -[container] - user = gerrit - javaHome = {{ JRE_DIR }}/jre -[receive] - enableSignedPush = false diff --git a/baserock_gerrit/gerrit.service b/baserock_gerrit/gerrit.service deleted file mode 100644 index 478693c3..00000000 --- a/baserock_gerrit/gerrit.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Gerrit Code Review Server -After=network.target - -[Service] -User=gerrit -Group=gerrit -Type=simple -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=gerrit -ExecStart={{ run_gerrit }} daemon --site-path /srv/gerrit --console-log -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/baserock_gerrit/instance-backup-config.yml b/baserock_gerrit/instance-backup-config.yml deleted file mode 100644 index cc647285..00000000 --- a/baserock_gerrit/instance-backup-config.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Instance backup configuration for the baserock.org Gerrit system. ---- -- hosts: gerrit - gather_facts: false - vars: - FRONTEND_IP: 192.168.222.143 - tasks: - - name: backup-snapshot script - copy: src=../backup-snapshot dest=/usr/bin/backup-snapshot mode=755 - - - name: backup-snapshot config - copy: src=backup-snapshot.conf dest=/etc/backup-snapshot.conf - - # Would be good to limit this to 'backup' user. - - name: passwordless sudo - lineinfile: dest=/etc/sudoers state=present line='%wheel ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' - - # We need to give the backup automation 'root' access, because it needs to - # manage system services, LVM volumes, and mounts, and because it needs to - # be able to read private data. The risk of having the backup key - # compromised is mitigated by only allowing it to execute the - # 'backup-snapshot' script, and limiting the hosts it can be used from. - - name: access for backup SSH key - authorized_key: - user: root - key: "{{ lookup('file', '../keys/backup.key.pub') }}" - # Quotes are important in this options, the OpenSSH server will reject - # the entry if the 'from' or 'command' values are not quoted. - key_options: 'from="{{FRONTEND_IP}}",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,command="/usr/bin/backup-snapshot"' diff --git a/baserock_gerrit/instance-ca-certificate-config.yml b/baserock_gerrit/instance-ca-certificate-config.yml deleted file mode 100644 index 60ab9e8f..00000000 --- a/baserock_gerrit/instance-ca-certificate-config.yml +++ /dev/null @@ -1,30 +0,0 @@ -# The CA chain needed for the baserock.org certificate we use is present in -# the system, but it's not present in the set of trusted root certificates -# bundled with Java. -# -# We need Gerrit to trust the baserock.org certificate so that it will trust -# https://openid.baserock.org/. -# -# This playbook is a hack at present: the second time you run it, the command -# will fail because the certificate is already present. There is a proposed -# Ansible module that can do this in a nicer way: -# <https://github.com/ansible/ansible-modules-extras/pull/286/commits>. ---- -- hosts: gerrit - gather_facts: False - vars: - JRE_DIR: /opt/jdk1.8.0_40 - tasks: - - name: baserock.org SSL certificate with chain of trust - copy: - src: ../certs/frontend.pem - dest: /home/gerrit - - - name: install SSL certificate into Java certificate keystore - java_cert: - cert_alias: baserock-frontent-cert - cert_path: /home/gerrit/frontend.pem - keystore_path: "{{ JRE_DIR }}/jre/lib/security/cacerts" - executable: "{{ JRE_DIR }}/jre/bin/keytool" - keystore_pass: changeit - state: present diff --git a/baserock_gerrit/instance-config.yml b/baserock_gerrit/instance-config.yml deleted file mode 100644 index 30bdf7ae..00000000 --- a/baserock_gerrit/instance-config.yml +++ /dev/null @@ -1,133 +0,0 @@ -# Instance-specific configuration for the baserock.org Gerrit system. -# -# You must have the Java SE Runtime Environment binary available in the -# baserock_gerrit directory when you run this script. -# -# Download it from here: -# <http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html> -# -- hosts: gerrit - gather_facts: False - vars: - GERRIT_VERSION: 2.13.1 - - # Download from http://www.oracle.com/technetwork/java/javase/downloads/server-jre8-downloads-2133154.html - JRE_FILE: server-jre-8u40-linux-x64.tar.gz - # This path should correspond to where the JRE ends up if you extract the - # downloaded tarball in /opt. - JRE_DIR: /opt/jdk1.8.0_40 - - # Download from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html - JCE_FILE: jce_policy-8.zip - - run_gerrit: "{{ JRE_DIR }}/bin/java -jar /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war" - vars_files: - - ../baserock_database/baserock_gerrit.database_password.yml - tasks: - - name: add gerrit user - user: - name: gerrit - shell: /bin/false - generate_ssh_key: yes - ssh_key_comment: gerrit@baserock.org - - - name: unpack the Java Runtime Environment - unarchive: src={{ JRE_FILE }} dest=/opt owner=root group=root creates={{ JRE_DIR }} - - # The Java Cryptography Extensions are needed in order to enable all SSH - # ciphers, due to US export restrictions. - - name: unpack the Java Cryptography Extensions - unarchive: src={{ JCE_FILE }} dest=/opt owner=root group=root creates=/opt/UnlimitedJCEPolicyJDK8/ - - - name: install the Java Cryptography Extensions - file: src=/opt/UnlimitedJCEPolicyJDK8/{{ item }} dest={{ JRE_DIR }}/jre/lib/security/{{ item }} state=link force=yes - with_items: - - local_policy.jar - - US_export_policy.jar - - - name: create /opt/gerrit - file: path=/opt/gerrit state=directory - - - name: download Gerrit - get_url: - url: https://gerrit-releases.storage.googleapis.com/gerrit-{{ GERRIT_VERSION }}.war - dest: /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war - - - include: ../tasks/create-data-volume.yml lv_name=gerrit lv_size=25g mountpoint=/srv/gerrit - - - name: ensure 'gerrit' user owns /srv/gerrit - file: path=/srv/gerrit owner=gerrit group=gerrit state=directory - - - name: initialise Gerrit application directory - command: "{{ run_gerrit }} init -d /srv/gerrit creates=/srv/gerrit/etc/gerrit.config" - sudo: yes - sudo_user: gerrit - - - name: extract and install some plugins for gerrit - shell: unzip /opt/gerrit/gerrit-{{ GERRIT_VERSION}}.war WEB-INF/plugins/{{ item }}.jar -p > /srv/gerrit/plugins/{{ item }}.jar - args: - creates: /srv/gerrit/plugins/{{ item }}.jar - with_items: - - replication - - download-commands - sudo: yes - sudo_user: gerrit - - # WARNING Non core plugins are not compiled inside gerrit.war file, we need to - # download them from somwhere else (https://gerrit-ci.gerritforge.com/ or - # http://builds.quelltextlich.at/gerrit/nightly/index.html). - # - # We install them from there, but some of the plugins don't have an stable branch for - # a given gerrit version. Check before runnig this script that this task - # is pointing to the right version (API compatible) of the plugin - - name: install non-core plugins for gerrit - shell: wget https://gerrit-ci.gerritforge.com/job/plugin-{{ item }}-master/lastBuild/artifact/buck-out/gen/plugins/{{ item }}/{{ item }}.jar -O /srv/gerrit/plugins/{{ item }}.jar - args: - creates: /srv/gerrit/plugins/{{ item }}.jar - with_items: - - avatars-gravatar - sudo: yes - sudo_user: gerrit - - - name: download extra Java libraries - get_url: - url: "{{ item }}" - dest: /srv/gerrit/lib - with_items: - # MySQL Java Connector - - http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar - - # Bouncy Castle Crypto APIs for Java. The interactive `gerrit init` - # command recommends installing these libraries, and who am I to argue? - - http://repo2.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar - - http://repo2.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar - - - name: install gerrit.config - template: src=gerrit.config dest=/srv/gerrit/etc/gerrit.config - - - name: install images for branding - copy: src=branding/{{ item }} dest=/srv/gerrit/static/{{ item }} - with_items: - - baserock-logo.png - - openstack-page-bkg.jpg - sudo: yes - sudo_user: gerrit - - - name: install HTML and CSS for branding - copy: src=branding/{{ item }} dest=/srv/gerrit/etc/{{ item }} - with_items: - - GerritSiteHeader.html - - GerritSite.css - sudo: yes - sudo_user: gerrit - - - name: set database password - command: git config -f /srv/gerrit/etc/secure.config database.password "{{ baserock_gerrit_password }}" - sudo: yes - sudo_user: gerrit - - - name: install gerrit.service - template: src=gerrit.service dest=/etc/systemd/system/gerrit.service - - - name: start Gerrit service - service: name=gerrit enabled=yes state=restarted diff --git a/baserock_gerrit/instance-mirroring-config.yml b/baserock_gerrit/instance-mirroring-config.yml deleted file mode 100644 index 19ac76cc..00000000 --- a/baserock_gerrit/instance-mirroring-config.yml +++ /dev/null @@ -1,68 +0,0 @@ -# This Ansible playbook configures mirroring in and out of Gerrit. -# -# To run it, use: -# ansible-playbook -i hosts baserock_gerrit/instance-mirroring-config.yml -# -# It expects the SSH key for the 'lorry' user to exist at -# ../keys/lorry-gerrit.key. -# -# This script currently doesn't handle the lorry-controller.conf file that -# controls what lorry-controller mirrors into Gerrit. To set up or modify -# lorry-controller configuration you need to commit your changes to the -# 'local-config/lorries' project on the Gerrit. ---- -- hosts: gerrit - gather_facts: no - sudo: yes - tasks: - - name: Lorry user - user: name=lorry comment="Lorry mirroring service" - - # Ansible can generate a new SSH key for Lorry when we add the user, - # but it seems tricky to then extract this and add it to the 'lorry' Gerrit - # user. - - name: SSH private key for Lorry user - copy: src=../keys/lorry-gerrit.key dest=~/.ssh/id_rsa mode=600 - sudo_user: lorry - - - name: SSH public key for Lorry user - copy: src=../keys/lorry-gerrit.key.pub dest=~/.ssh/id_rsa.pub mode=644 - sudo_user: lorry - - - name: directory in /etc for Lorry Controller system configuration - file: dest=/etc/lorry-controller state=directory - - - name: Lorry tool configuration - copy: src=lorry.conf dest=/etc/lorry.conf - - - name: Lorry Controller system configuration - copy: - src=lorry-controller/{{ item }} - dest=/etc/lorry-controller/{{ item }} - with_items: - - minion.conf - - webapp.conf - - - name: enable and restart core lorry controller services. - service: name={{ item }} enabled=yes state=restarted - with_items: - - lighttpd-lorry-controller-webapp.service - - lorry-controller-minion@1.service - - - name: enable lorry-controller scheduled activity timers - service: name={{ item }} enabled=yes - with_items: - - lorry-controller-ls-troves.timer - - lorry-controller-readconf.timer - - lorry-controller-remove-ghost-jobs.timer - - lorry-controller-remove-old-jobs.timer - - lorry-controller-status.timer - - - name: gerrit-replication configuration - copy: src=replication.config dest=/srv/gerrit/etc - notify: - - restart gerrit - -handlers: - - name: restart gerrit - service: name=gerrit state=restarted diff --git a/baserock_gerrit/lorry-controller.conf b/baserock_gerrit/lorry-controller.conf deleted file mode 100644 index 3f4818fe..00000000 --- a/baserock_gerrit/lorry-controller.conf +++ /dev/null @@ -1,38 +0,0 @@ -[ - { - "type": "trove", - - "trovehost": "git.baserock.org", - "protocol": "http", - - "prefixmap": { - "baserock": "baserock", - "delta": "delta" - }, - - "ignore": [ - "baserock/baserock/documentation", - "baserock/baserock/jenkins-config", - "baserock/baserock/lorries", - "baserock/baserock/morph-cache-server", - "baserock/baserock/morphs", - "baserock/baserock/remo", - "baserock/local-config/mason", - "baserock/site/*", - "baserock/tests/*", - "delta/*" - ], - - "ls-interval": "4H", - "interval": "2M" - }, - - { - "type": "lorries", - "interval": "2M", - "prefix": "delta", - "globs": [ - "delta-lorries/*.lorry" - ] - } -] diff --git a/baserock_gerrit/lorry-controller/minion.conf b/baserock_gerrit/lorry-controller/minion.conf deleted file mode 100644 index 99abdba8..00000000 --- a/baserock_gerrit/lorry-controller/minion.conf +++ /dev/null @@ -1,6 +0,0 @@ -[config] -log = syslog -log-level = debug -webapp-host = localhost -webapp-port = 12765 -webapp-timeout = 3600 diff --git a/baserock_gerrit/lorry-controller/webapp.conf b/baserock_gerrit/lorry-controller/webapp.conf deleted file mode 100644 index 755dd61e..00000000 --- a/baserock_gerrit/lorry-controller/webapp.conf +++ /dev/null @@ -1,13 +0,0 @@ -[config] -log = /home/lorry/webapp.log -log-max = 100M -log-keep = 1 -log-level = debug -statedb = /home/lorry/webapp.db -configuration-directory = /home/lorry/confgit -status-html = /home/lorry/lc-status.html -wsgi = yes -debug-port = 12765 -templates = /usr/share/lorry-controller/templates -confgit-url = http://localhost:8080/local-config/lorries -git-server-type = gerrit diff --git a/baserock_gerrit/lorry.conf b/baserock_gerrit/lorry.conf deleted file mode 100644 index 03c1177b..00000000 --- a/baserock_gerrit/lorry.conf +++ /dev/null @@ -1,8 +0,0 @@ -[config] -mirror-base-url-push = ssh://lorry@localhost:29418/ -bundle = never -tarball = never -working-area = /home/lorry/working-area -verbose = yes -log = /dev/stdout -log-level = debug diff --git a/baserock_gerrit/replication.config b/baserock_gerrit/replication.config deleted file mode 100644 index 067acc9b..00000000 --- a/baserock_gerrit/replication.config +++ /dev/null @@ -1,30 +0,0 @@ -# Configuration for gerrit-replication plugin. -# -# This handles pushing changes from gerrit.baserock.org to git.baserock.org. -# -# To deploy changes in this file to production, run: -# ansible-playbook -i hosts baserock_gerrit/instance-mirroring-config.yml - -[remote "trove"] - url = ssh://git@git.baserock.org/${name}.git - - # Disable force-pushing and only sync 'master' and tags. - # - # This will probably prove annoying and we'll need to mirror more branches in - # future. But right now there are hundreds of personal branches and I want to - # avoid potential push errors for branches we don't care about. - push = refs/heads/master:refs/heads/master - push = refs/tags/*:refs/tags/* - - createMissingRepositories = false - replicatePermissions = false - - # What to sync: this is a regexp that must match the whole project name. - projects = ^baserock/.*$ - - # If true, gerrit-replication will remove remote branches that are absent in - # the trove. This is a bit dangerous, but necessary if we are to make gerrit - # the 'master'. Note that if you set 'authGroup', branches that are not - # visible to the configured authorisation group will also be removed. So do - # not set 'authGroup' to anything. - mirror = false |
