summaryrefslogtreecommitdiff
path: root/baserock_gerrit
Commit message (Collapse)AuthorAgeFilesLines
* Upgrade Gerrit to 2.13.1Pedro Alvarez2016-10-061-1/+1
| | | | Change-Id: I144f449a22cdcae6967bacf5f3c08ce660a998d8
* Upgrade gerrit to 2.12.3Pedro Alvarez2016-07-111-3/+3
| | | | | | | | | This new version brings bugs and security fixes, see release notes for more info: https://gerrit.googlesource.com/gerrit/+/HEAD/ReleaseNotes/ReleaseNotes-2.12.3.txt Change-Id: I8848c50339994263513362096e2f0126989d5bd4
* baserock_gerrit: Ensure hostname is 'gerrit' and not '$HOSTNAME'Pedro Alvarez2016-05-161-0/+1
| | | | Change-Id: I420d839b895cd263d9b912506a74811125b5b9e4
* Upgrade gerrit to 2.12.2Pedro Alvarez2016-04-042-3/+5
| | | | | | | Update gerrit.config to match with the current one, which was automatically updated during the upgrade. Change-Id: Ibae9c2c3eb7a8acf5a2a7acff365e68133f38db4
* Update infra machines built with BaserockSam Thursfield2016-02-201-4/+4
| | | | Change-Id: Iabfb66336fc69dc71432ada2b5a84679512abaf8
* Fix backup configurationSam Thursfield2016-02-201-1/+1
| | | | | | | | | | The frontend's internal IP has changed due to redeployment, so we need to update the whitelisted IP. Also, Fedora 23 doesn't contain the Python 2 version of PyYAML which the backup-snapshot script requires. It would be good to just require Python3 for backup-snapshot, but I don't have time to fix up all the issues with that right now. Change-Id: Ica6302ff288255870511f1c19ec61c324dcd4288
* baserock_mail: Update on top of Fedora 23, redeploySam Thursfield2016-02-191-1/+1
| | | | | | | | The instance-config.yml script was failing to create a valid EXIM config against the default /etc/exim.conf in Fedora 23, this is fixed now. The regexp configuration approach is rather fragile. Change-Id: Id1b4e3a854cb579ee58c1c4f7674415c6e8c096a
* baserock_gerrit: Add header HTML and CSS files for brandingPedro Alvarez2015-12-142-0/+16
| | | | Change-Id: I576452b6f618babde87f3ad0ac905b4398f018f7
* baserock_gerrit: Add images needed for brandingPedro Alvarez2015-12-142-0/+0
| | | | | | | OpenStack's Gerrit background was downloaded from: - https://review.openstack.org/static/openstack-page-bkg.jpg Change-Id: I32c9094fedc6fcbc4391afb7d6fcdec092329b72
* baserock_gerrit: Upgrade Gerrit to 2.11.5Pedro Alvarez2015-12-141-3/+3
| | | | | | | Upgrade also Bouncy Castle Crypto for the one that this version of Gerrit installs. Change-Id: I6a3c3dc91763b81cab87badf42d807fe9a270939
* baserock_gerrit: install files needed for brandingPedro Alvarez2015-12-141-0/+16
| | | | Change-Id: I27756c2f515d76c4bb675f4e56a3fd87d9e6c041
* backups: Update FRONTEND_IP for backup playbooksPedro Alvarez2015-11-051-1/+1
| | | | Change-Id: I21824a9b4c79ffac47d4e12c0854454b8208f4b4
* baserock_gerrit: Limit webapp logs to 1 filePedro Alvarez2015-11-051-1/+1
| | | | Change-Id: I8f20f7774f6646a529e90acb97a1f8636f35ea9e
* baserock_gerrit: Add support for installing external pluginsPedro Alvarez2015-11-041-0/+16
| | | | | | And install the avatars_gravatar plugin. Change-Id: Iaa447ab40d65f1c652d891c64a228552d004d8f2
* baserock_gerrit: Update gerrit.config for 2.11.4Pedro Alvarez2015-11-041-0/+3
| | | | Change-Id: I73b75fd489aafc61d19701570210e9e99431444e
* baserock_gerrit: Various fixesPedro Alvarez2015-11-041-1/+5
| | | | | | | | | - Fix some tasks that create files to be owned by gerrit user - Fix the path to the baserock_database folder, this change was missing since 2da9cfaba1f8aa8a9eed9d335fb6fed3d2b6a72a Change-Id: I31fa617e986a3c5d0806a0899bd170b010c0dfe5
* baserock_gerrit: Upgrade gerrit to 2.11.4Pedro Alvarez2015-11-041-1/+1
| | | | Change-Id: I089a04b7c1684cbcf97aecb74f84b4f5174d9b00
* baserock_gerrit: Update gerrit system with extensions, and missing strataPedro Alvarez2015-11-041-1/+1
| | | | Change-Id: I9a981d6d9c06d749840edbc1112dab798636e147
* Run definition migrations 002 - 005Pedro Alvarez2015-11-021-9/+9
|
* baserock_gerrit: Use git_commit_and_push module for access controlSam Thursfield2015-08-241-15/+13
| | | | | | | This is a custom Ansible module I wrote, available from <https://github.com/ssssam/ansible-gerrit>. Change-Id: I7a4819e06cbd9dd9ec9bb1af1ffa4448bc3f7e95
* baserock_gerrit: Allow Mergers group to force push (except to 'master')Sam Thursfield2015-08-241-4/+6
| | | | | | | Anyone who can create branches really needs to be able to delete them as well. Change-Id: Id1c315262545dd5ba18c1fd257dcf8a18d903374
* gerrit: Install download-commands plugin tooPedro Alvarez2015-04-281-3/+6
| | | | Change-Id: Iaa0e6b11af1087553b67477401faa019246d037a
* gerrit: Allow Lorry to force-push to branches other than 'master'Sam Thursfield2015-04-011-4/+7
| | | | | | | | | | | | | Commit c7edd49d23fa3f1179c611b52d946ff194039723 tried to express this using regular expressions but it actually blocked all force-pushes. I spent some time trying figure out how to get java.util.regex to do the right thing but I think it's a lost cause. Instead, it now uses a BLOCK rule to remove the +force permission from refs/heads/master for Mirroring Tools. Change-Id: Idb4802ed176184168b928f1e3b79061bd3f408f0
* gerrit: Don't let anyone force-push to 'master'Sam Thursfield2015-03-311-0/+6
| | | | | | | | | | | | Previously, Mirroring Tools (Lorry) could force-push anywhere. This is so that personal branches are kept in sync between git.baserock.org and gerrit.baserock.org. Since users may force-push to their personal branches, it's necessary to allow force-pushes. But nobody should force 'master', and I have a feeling that this is causing an issue we are seeing where Gerrit says that it has merged something, but there is no sign of the merge in 'master'. Change-Id: I80bc4eace46470ffa7f3da185fcc1c1f228cda71
* gerrit: Allow more people to push to refs/heads/*Sam Thursfield2015-03-311-0/+5
| | | | | | | | | | | | | The intention was always that Mergers would be able to push to anything in refs/heads/* (on the assumption that we can trust each other not to bypass the accepted review processes). Seems I never actually implemented that. Also, allow forgeAuthor so Mergers can push branches with commits made by other people (without this, Gerrit complains if the author of any of the commits doesn't match the email address of the person pushing). Change-Id: Id60659b51f08bfcec9af2f8681a4faf958301bd0
* gerrit: Stop logging users out every daySam Thursfield2015-03-301-0/+4
| | | | Change-Id: I5d11a3d685d2f68f9487ce20729780ffd5396208
* Use HTTPS for all infrastructure.Sam Thursfield2015-03-302-5/+33
| | | | | | | | | | | | This is implemented with the HAProxy frontend doing 'SSL termination'. So internal traffic between the frontend_haproxy instance and the various machines serving content is unencrypted HTTP as before, but all traffic that goes over the public internet is encrypted now. Note that storyboard.baserock.org is not behind HAProxy, and currently uses a different, self-signed certificate. Change-Id: I9140def605fe26c9c613066fa6524e3cf817f97c
* Add a simple data backup mechanismSam Thursfield2015-03-302-0/+34
| | | | | | | | | | | | | | | The technique used is: create a new SSH key for backup automation, and authorize it to log in as 'root' to instances. To reduce potential harm if the key somehow gets compromised, it is limited to logging in from a single IP, and it is limited to running the 'backup-snapshot' program on the instances. Inside each instance, the `backup-snapshot` script is used as a wrapper for the `rsync --server` process. This script pauses running services, takes a snapshot of the data volume, and then runs the RSync server. Change-Id: I3c98ffe3dc2fa1373bd0df2388145636e491bf57
* baserock_gerrit: Send emails via the baserock.org mail relaySam Thursfield2015-03-271-1/+8
| | | | Change-Id: I13a125a79ea0fc9036bf705631bfc8e488950a3d
* baserock_gerrit: Rebase patches before merging themSam Thursfield2015-03-261-0/+1
| | | | | | | | This avoids potentially having lots of merge commits. Previously, for each change that was not against the latest commit in 'master', there would be a merge commit created. Change-Id: I858ffafd05731c50362596852927fd075330b97f
* gerrit: Allow adding specific lorries for delta/ repos from the TroveSam Thursfield2015-03-181-0/+9
| | | | | | This isn't used in baserock.org yet, but having the lorry-controller.conf entry there already saves me from having to describe how to add it.
* gerrit: Restart mirroring services on config changesSam Thursfield2015-03-171-1/+7
|
* gerrit: Restart service once instance-config.yml has runSam Thursfield2015-03-171-1/+1
| | | | | | | In case there were any config changes. It'd be neater to set up a handler so that the service was only restarted when there actually were changes.
* gerrit: Add helpful comments to various configuration filesSam Thursfield2015-03-176-2/+49
| | | | | This hopefully makes the definitions for gerrit.baserock.org more easy for others to adapt.
* Use unqualified hostnames for Ansible 'hosts'Sam Thursfield2015-03-172-2/+2
| | | | | | | This makes the deployment scripts a bit more generic. Now, if I want to deploy 'gerrit.example.com', I don't need to fix all the places that say 'hosts: gerrit.baserock.org' to say 'hosts: gerrit.example.com' instead.
* gerrit: Move system and stratum .morph files into strata/ and systems/Sam Thursfield2015-03-173-77/+1
| | | | | | | | | | | | This is so others can reuse them without having to reuse the other stuff in baserock_gerrit. Most likely people who are setting up a Gerrit with Baserock will make a copy of the baserock_gerrit/ folder, rather than reusing it directly. If they copied the .morph files then they'd miss out on improvements made to those files in subsequent commits to infrastructure.git. Such users will still miss out on improvements to the Ansible modules -- hopefully we can solve that in a nice way in future, too.
* gerrit: Fix name of gerrit-system-x86_64Sam Thursfield2015-03-171-1/+1
|
* gerrit: Import baserock/local-config/lorriesSam Thursfield2015-03-171-1/+1
|
* gerrit: Make OpenID single sign-in work properlySam Thursfield2015-03-171-0/+5
| | | | The 'Sign in' link now forwards straight to http://openid.baserock.org/.
* gerrit: Use OPENID_SSO auth typeSam Thursfield2015-03-171-1/+1
| | | | | | | | | | | We only allow OpenIDs from http://openid.baserock.org/, but previously Gerrit would offer to let users sign in with any OpenID or even a Google accounts. With OPENID_SSO: There is no registration link, and the "Sign In" link sends the user directly to the provider’s SSO entry point
* gerrit: Disable 'Verified' label for nowSam Thursfield2015-03-132-6/+16
| | | | | Changes can't be merged that aren't +1 Verified. But we don't have Mason set up yet, so nothing can actually set things +1 Verified.
* gerrit: Release Team should contain Mergers, not vice versaSam Thursfield2015-03-131-2/+2
|
* gerrit: Reduce lorry-controller interval to 2 minutesSam Thursfield2015-03-131-1/+1
|
* gerrit: Add mirroring configurationSam Thursfield2015-03-1310-15/+165
| | | | | This pulls from git.baserock.org with lorry-controller, and pushes 'master' back to git.baserock.org using gerrit-replication.
* gerrit: Improvements to deploymentSam Thursfield2015-03-131-3/+3
| | | | | These came about after I redeployed gerrit.baserock.org from scratch (but using the same database).
* gerrit: Create local-config/lorries projectSam Thursfield2015-03-131-1/+9
| | | | Done as part of the Gerrit access config because it's easier then.
* gerrit: Update system morphSam Thursfield2015-03-132-7/+42
| | | | | pygerrit seems to want Paramiko, it says it doesn't need it any more though -- maybe requirements.txt needs updating.
* gerrit: Add initial access control rulesSam Thursfield2015-03-133-0/+250
| | | | | These are implemented mostly using an Ansible playbook built on these Ansible Gerrit modules I wrote: https://github.com/ssssam/ansible-gerrit
* baserock_gerrit: Fix lvm missing and foundation included twiceSam Thursfield2015-02-261-1/+1
|
* Add baserock_gerrit systemSam Thursfield2015-01-305-0/+178
These instructions allow deploying a production-ready Gerrit instance. Integrating the gerrit.baserock.org with git.baserock.org will be done separately.
View Lorry Controller Status