blob: 30bdf7aeccd4c3299f716186ee1bca0ceb0b6231 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
# Instance-specific configuration for the baserock.org Gerrit system.
#
# You must have the Java SE Runtime Environment binary available in the
# baserock_gerrit directory when you run this script.
#
# Download it from here:
# <http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html>
#
- hosts: gerrit
gather_facts: False
vars:
GERRIT_VERSION: 2.13.1
# Download from http://www.oracle.com/technetwork/java/javase/downloads/server-jre8-downloads-2133154.html
JRE_FILE: server-jre-8u40-linux-x64.tar.gz
# This path should correspond to where the JRE ends up if you extract the
# downloaded tarball in /opt.
JRE_DIR: /opt/jdk1.8.0_40
# Download from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
JCE_FILE: jce_policy-8.zip
run_gerrit: "{{ JRE_DIR }}/bin/java -jar /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war"
vars_files:
- ../baserock_database/baserock_gerrit.database_password.yml
tasks:
- name: add gerrit user
user:
name: gerrit
shell: /bin/false
generate_ssh_key: yes
ssh_key_comment: gerrit@baserock.org
- name: unpack the Java Runtime Environment
unarchive: src={{ JRE_FILE }} dest=/opt owner=root group=root creates={{ JRE_DIR }}
# The Java Cryptography Extensions are needed in order to enable all SSH
# ciphers, due to US export restrictions.
- name: unpack the Java Cryptography Extensions
unarchive: src={{ JCE_FILE }} dest=/opt owner=root group=root creates=/opt/UnlimitedJCEPolicyJDK8/
- name: install the Java Cryptography Extensions
file: src=/opt/UnlimitedJCEPolicyJDK8/{{ item }} dest={{ JRE_DIR }}/jre/lib/security/{{ item }} state=link force=yes
with_items:
- local_policy.jar
- US_export_policy.jar
- name: create /opt/gerrit
file: path=/opt/gerrit state=directory
- name: download Gerrit
get_url:
url: https://gerrit-releases.storage.googleapis.com/gerrit-{{ GERRIT_VERSION }}.war
dest: /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war
- include: ../tasks/create-data-volume.yml lv_name=gerrit lv_size=25g mountpoint=/srv/gerrit
- name: ensure 'gerrit' user owns /srv/gerrit
file: path=/srv/gerrit owner=gerrit group=gerrit state=directory
- name: initialise Gerrit application directory
command: "{{ run_gerrit }} init -d /srv/gerrit creates=/srv/gerrit/etc/gerrit.config"
sudo: yes
sudo_user: gerrit
- name: extract and install some plugins for gerrit
shell: unzip /opt/gerrit/gerrit-{{ GERRIT_VERSION}}.war WEB-INF/plugins/{{ item }}.jar -p > /srv/gerrit/plugins/{{ item }}.jar
args:
creates: /srv/gerrit/plugins/{{ item }}.jar
with_items:
- replication
- download-commands
sudo: yes
sudo_user: gerrit
# WARNING Non core plugins are not compiled inside gerrit.war file, we need to
# download them from somwhere else (https://gerrit-ci.gerritforge.com/ or
# http://builds.quelltextlich.at/gerrit/nightly/index.html).
#
# We install them from there, but some of the plugins don't have an stable branch for
# a given gerrit version. Check before runnig this script that this task
# is pointing to the right version (API compatible) of the plugin
- name: install non-core plugins for gerrit
shell: wget https://gerrit-ci.gerritforge.com/job/plugin-{{ item }}-master/lastBuild/artifact/buck-out/gen/plugins/{{ item }}/{{ item }}.jar -O /srv/gerrit/plugins/{{ item }}.jar
args:
creates: /srv/gerrit/plugins/{{ item }}.jar
with_items:
- avatars-gravatar
sudo: yes
sudo_user: gerrit
- name: download extra Java libraries
get_url:
url: "{{ item }}"
dest: /srv/gerrit/lib
with_items:
# MySQL Java Connector
- http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar
# Bouncy Castle Crypto APIs for Java. The interactive `gerrit init`
# command recommends installing these libraries, and who am I to argue?
- http://repo2.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar
- http://repo2.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar
- name: install gerrit.config
template: src=gerrit.config dest=/srv/gerrit/etc/gerrit.config
- name: install images for branding
copy: src=branding/{{ item }} dest=/srv/gerrit/static/{{ item }}
with_items:
- baserock-logo.png
- openstack-page-bkg.jpg
sudo: yes
sudo_user: gerrit
- name: install HTML and CSS for branding
copy: src=branding/{{ item }} dest=/srv/gerrit/etc/{{ item }}
with_items:
- GerritSiteHeader.html
- GerritSite.css
sudo: yes
sudo_user: gerrit
- name: set database password
command: git config -f /srv/gerrit/etc/secure.config database.password "{{ baserock_gerrit_password }}"
sudo: yes
sudo_user: gerrit
- name: install gerrit.service
template: src=gerrit.service dest=/etc/systemd/system/gerrit.service
- name: start Gerrit service
service: name=gerrit enabled=yes state=restarted
|