| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: Ic9e6bd0cb7d25676ecb4fd442f32445c2848801b
|
|
|
|
| |
Change-Id: I2907e3bc01fdcb7adbc0cccfa47bc662d96dd264
|
|
|
|
|
|
|
|
| |
Also, add some placeholders to README so we can make the instructions
listed in the README easier to cut-n-paste, even when deploying to
somewhere other than DataCentred.
Change-Id: I32ca1073b7a956a7b8a21ad67682c6292c9d91af
|
|
|
|
|
|
|
| |
For consistency with other systems, and so they stand out better against
the upstream Baserock definitions files.
Change-Id: If6f9eb25dfb73d2c7b21ce7abcda16df39ab30a7
|
|
|
|
| |
Change-Id: I9b61036d8ead0e5a27873781d14cbd3c1b48591f
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit c7edd49d23fa3f1179c611b52d946ff194039723 tried to express this
using regular expressions but it actually blocked all force-pushes.
I spent some time trying figure out how to get java.util.regex to do the
right thing but I think it's a lost cause.
Instead, it now uses a BLOCK rule to remove the +force permission from
refs/heads/master for Mirroring Tools.
Change-Id: Idb4802ed176184168b928f1e3b79061bd3f408f0
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, Mirroring Tools (Lorry) could force-push anywhere. This is
so that personal branches are kept in sync between git.baserock.org and
gerrit.baserock.org. Since users may force-push to their personal
branches, it's necessary to allow force-pushes. But nobody should force
'master', and I have a feeling that this is causing an issue we are
seeing where Gerrit says that it has merged something, but there is no
sign of the merge in 'master'.
Change-Id: I80bc4eace46470ffa7f3da185fcc1c1f228cda71
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intention was always that Mergers would be able to push to anything
in refs/heads/* (on the assumption that we can trust each other not to
bypass the accepted review processes). Seems I never actually
implemented that.
Also, allow forgeAuthor so Mergers can push branches with commits made
by other people (without this, Gerrit complains if the author of any of
the commits doesn't match the email address of the person pushing).
Change-Id: Id60659b51f08bfcec9af2f8681a4faf958301bd0
|
|
|
|
| |
Change-Id: I5d11a3d685d2f68f9487ce20729780ffd5396208
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is implemented with the HAProxy frontend doing 'SSL termination'.
So internal traffic between the frontend_haproxy instance and the
various machines serving content is unencrypted HTTP as before, but all
traffic that goes over the public internet is encrypted now.
Note that storyboard.baserock.org is not behind HAProxy, and currently
uses a different, self-signed certificate.
Change-Id: I9140def605fe26c9c613066fa6524e3cf817f97c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The technique used is: create a new SSH key for backup automation, and
authorize it to log in as 'root' to instances.
To reduce potential harm if the key somehow gets compromised, it is
limited to logging in from a single IP, and it is limited to running
the 'backup-snapshot' program on the instances.
Inside each instance, the `backup-snapshot` script is used as a wrapper
for the `rsync --server` process. This script pauses running services,
takes a snapshot of the data volume, and then runs the RSync server.
Change-Id: I3c98ffe3dc2fa1373bd0df2388145636e491bf57
|
|
|
|
| |
Change-Id: I630b2e3edeedc7f52ae1b1b4e5bb12019b6ce541
|
|
|
|
| |
Change-Id: I13a125a79ea0fc9036bf705631bfc8e488950a3d
|
|\ |
|
| |
| |
| |
| |
| |
| | |
This is a Fedora Cloud 21 instance running exim4, for the moment.
Change-Id: I6298a134bb474c65dd57a1bda87469dc3cd88441
|
|/
|
|
|
|
|
|
| |
This avoids potentially having lots of merge commits. Previously, for
each change that was not against the latest commit in 'master', there
would be a merge commit created.
Change-Id: I858ffafd05731c50362596852927fd075330b97f
|
|\ |
|
| |
| |
| |
| |
| |
| | |
This isn't used in baserock.org yet, but having the
lorry-controller.conf entry there already saves me from having to
describe how to add it.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
In case there were any config changes.
It'd be neater to set up a handler so that the service was only
restarted when there actually were changes.
|
| |
| |
| |
| |
| | |
This hopefully makes the definitions for gerrit.baserock.org more easy
for others to adapt.
|
| |
| |
| |
| |
| |
| |
| | |
This makes the deployment scripts a bit more generic. Now, if I want to
deploy 'gerrit.example.com', I don't need to fix all the places that
say 'hosts: gerrit.baserock.org' to say 'hosts: gerrit.example.com'
instead.
|
| |
| |
| |
| |
| |
| |
| |
| | |
The idea is to make it easier for people to fork infrastructure.git and
use it for their own infrastructure. They'll need to totally change
'hosts' to point to their own systems, and this would lead to merge
conflicts every time they tried to pull in 'master' of
infrastructure.git.
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is so others can reuse them without having to reuse the other stuff
in baserock_gerrit. Most likely people who are setting up a Gerrit with
Baserock will make a copy of the baserock_gerrit/ folder, rather than
reusing it directly. If they copied the .morph files then they'd miss
out on improvements made to those files in subsequent commits to
infrastructure.git.
Such users will still miss out on improvements to the Ansible modules --
hopefully we can solve that in a nice way in future, too.
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
A new version of a Baserock Gerrit system definition now lives in
infrastructure.git.
Change-Id: I6aeed4c5381edf5e7736f1816f9d58832c0ac781
|
|/ |
|
|
|
|
| |
The 'Sign in' link now forwards straight to http://openid.baserock.org/.
|
|
|
|
|
|
|
|
|
|
|
| |
We only allow OpenIDs from http://openid.baserock.org/, but previously
Gerrit would offer to let users sign in with any OpenID or even a Google
accounts.
With OPENID_SSO:
There is no registration link, and the "Sign In" link sends the user
directly to the provider’s SSO entry point
|
|\ |
|
| |
| |
| |
| |
| | |
Changes can't be merged that aren't +1 Verified. But we don't have
Mason set up yet, so nothing can actually set things +1 Verified.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
This pulls from git.baserock.org with lorry-controller, and pushes
'master' back to git.baserock.org using gerrit-replication.
|
| |
| |
| |
| |
| | |
These came about after I redeployed gerrit.baserock.org from scratch
(but using the same database).
|
| |
| |
| |
| | |
Done as part of the Gerrit access config because it's easier then.
|
| | |
|
| |
| |
| |
| |
| | |
pygerrit seems to want Paramiko, it says it doesn't need it any more
though -- maybe requirements.txt needs updating.
|
|/
|
|
|
| |
These are implemented mostly using an Ansible playbook built on these
Ansible Gerrit modules I wrote: https://github.com/ssssam/ansible-gerrit
|
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
scripts/licensecheck.sh
strata/lorry-controller.morph
strata/trove.morph
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
The lorry-controller webapp uses these, as well as morph-cache-server.
In order to use lorry-controller in systems that don't contain Morph,
we need them to be in a separate stratum.
Change-Id: Ie187c0b506d12ed5e5f8f8ce4a4b91834bf29fe5
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows us to have a system with Lorry and Lorry Controller but
without Morph.
Change-Id: I5164237601d0ff028834c674274f13b6e1f315c9
|
| |\ \
| | | |
| | | |
| | | |
| | | | |
Reviewed-By: javier.jardon@codethink.co.uk
Reviewed-By: pedro.alvarez@codethink.co.uk
|
| |/ / |
|
| |\ \
| | |/
| |/|
| | |
| | | |
Reviewed-By: Adam Coldrick <adam.coldrick@codethink.co.uk>
Reviewed-By: Paul Sherwood <paul.sherwood@codethink.co.uk>
|
| |/ |
|
| |
| |
| |
| |
| | |
- sam/gerrit-support
- sam/ignore-globs
|