baserock_gerrit/instance-config.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133

# Instance-specific configuration for the baserock.org Gerrit system.
#
# You must have the Java SE Runtime Environment binary available in the
# baserock_gerrit directory when you run this script.
#
# Download it from here:
# <http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html>
#
- hosts: gerrit
  gather_facts: False
  vars:
    GERRIT_VERSION: 2.12.2

    # Download from http://www.oracle.com/technetwork/java/javase/downloads/server-jre8-downloads-2133154.html
    JRE_FILE: server-jre-8u40-linux-x64.tar.gz
    # This path should correspond to where the JRE ends up if you extract the
    # downloaded tarball in /opt.
    JRE_DIR: /opt/jdk1.8.0_40

    # Download from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
    JCE_FILE: jce_policy-8.zip

    run_gerrit: "{{ JRE_DIR }}/bin/java -jar /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war"
  vars_files:
    - ../baserock_database/baserock_gerrit.database_password.yml
  tasks:
    - name: add gerrit user
      user:
        name: gerrit
        shell: /bin/false
        generate_ssh_key: yes
        ssh_key_comment: gerrit@baserock.org

    - name: unpack the Java Runtime Environment
      unarchive: src={{ JRE_FILE }} dest=/opt owner=root group=root creates={{ JRE_DIR }}

    # The Java Cryptography Extensions are needed in order to enable all SSH
    # ciphers, due to US export restrictions.
    - name: unpack the Java Cryptography Extensions
      unarchive: src={{ JCE_FILE }} dest=/opt owner=root group=root creates=/opt/UnlimitedJCEPolicyJDK8/

    - name: install the Java Cryptography Extensions
      file: src=/opt/UnlimitedJCEPolicyJDK8/{{ item }} dest={{ JRE_DIR }}/jre/lib/security/{{ item }} state=link force=yes
      with_items:
        - local_policy.jar
        - US_export_policy.jar

    - name: create /opt/gerrit
      file: path=/opt/gerrit state=directory

    - name: download Gerrit
      get_url:
        url: https://gerrit-releases.storage.googleapis.com/gerrit-{{ GERRIT_VERSION }}.war
        dest: /opt/gerrit/gerrit-{{ GERRIT_VERSION }}.war

    - include: ../tasks/create-data-volume.yml lv_name=gerrit lv_size=25g mountpoint=/srv/gerrit

    - name: ensure 'gerrit' user owns /srv/gerrit
      file: path=/srv/gerrit owner=gerrit group=gerrit state=directory

    - name: initialise Gerrit application directory
      command: "{{ run_gerrit }} init -d /srv/gerrit creates=/srv/gerrit/etc/gerrit.config"
      sudo: yes
      sudo_user: gerrit

    - name: extract and install some plugins for gerrit
      shell: unzip /opt/gerrit/gerrit-{{ GERRIT_VERSION}}.war WEB-INF/plugins/{{ item }}.jar -p > /srv/gerrit/plugins/{{ item }}.jar
      args:
        creates: /srv/gerrit/plugins/{{ item }}.jar
      with_items:
        - replication
        - download-commands
      sudo: yes
      sudo_user: gerrit

     # WARNING Non core plugins are not compiled inside gerrit.war file, we need to
     # download them from somwhere else (https://gerrit-ci.gerritforge.com/ or
     # http://builds.quelltextlich.at/gerrit/nightly/index.html).
     #
     # We install them from there, but some of the plugins don't have an stable branch for
     # a given gerrit version. Check before runnig this script that this task
     # is pointing to the right version (API compatible) of the plugin
    - name: install non-core plugins for gerrit
      shell: wget https://gerrit-ci.gerritforge.com/job/plugin-{{ item }}-master/lastBuild/artifact/buck-out/gen/plugins/{{ item }}/{{ item }}.jar -O /srv/gerrit/plugins/{{ item }}.jar
      args:
        creates: /srv/gerrit/plugins/{{ item }}.jar
      with_items:
        - avatars-gravatar
      sudo: yes
      sudo_user: gerrit

    - name: download extra Java libraries
      get_url:
        url: "{{ item }}"
        dest: /srv/gerrit/lib
      with_items:
        # MySQL Java Connector
        - http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar

        # Bouncy Castle Crypto APIs for Java. The interactive `gerrit init`
        # command recommends installing these libraries, and who am I to argue?
        - http://www.bouncycastle.org/download/bcpkix-jdk15on-152.jar
        - http://www.bouncycastle.org/download/bcprov-jdk15on-152.jar

    - name: install gerrit.config
      template: src=gerrit.config dest=/srv/gerrit/etc/gerrit.config

    - name: install images for branding
      copy: src=branding/{{ item }} dest=/srv/gerrit/static/{{ item }}
      with_items:
      - baserock-logo.png
      - openstack-page-bkg.jpg
      sudo: yes
      sudo_user: gerrit

    - name: install HTML and CSS for branding
      copy: src=branding/{{ item }} dest=/srv/gerrit/etc/{{ item }}
      with_items:
      - GerritSiteHeader.html
      - GerritSite.css
      sudo: yes
      sudo_user: gerrit

    - name: set database password
      command: git config -f /srv/gerrit/etc/secure.config database.password "{{ baserock_gerrit_password }}"
      sudo: yes
      sudo_user: gerrit

    - name: install gerrit.service
      template: src=gerrit.service dest=/etc/systemd/system/gerrit.service

    - name: start Gerrit service
      service: name=gerrit enabled=yes state=restarted