Age | Commit message (Collapse) | Author |
|
Since the server already has LDAP access, let's just
drop crowd and use the host's `groups` command to
get a list of group memberships.
Change-Id: I1a6cad650f5e747c6867129ce2560c2b3aca71e5
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
|
|
When checking for an existing user authorized_keys file,
the try statement should encapsulate the entire operation
so that if with open() fails (ie, because the user doesn't
have an authorized_keys file yet or the .ssh directory
doesn't exist) it should not be a fatal error.
Change-Id: Iaa015f485afea5494ae9b9c0c40c6644fc2fa706
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
|
|
Some actual testing reveals more python3 chagnes needed,
mainly due to the utf-8 changes.
Change-Id: I18836508049e315a7be574a844fcae7f1a1f9c86
|
|
This change decomplexifies the check_external_ids script and adds in the
ability to report if any accounts are missing an external_id link to
github-oauth.
Change-Id: If7b779e47000ed244f51aa0b8e06cf8b20757f44
|
|
Change-Id: Ib4948b9c1193d8ba2f732d09367ee7df813a562c
|
|
This is apparently the recommended way by ldap
library authors:
https: //github.com/pyldap/pyldap/issues/110
Change-Id: Icbd52e115a2eecc633d3f5f01e2946c5cbeca165
|
|
Beware: deploy this only once the server has python3 and
python3-ldap deploed
Change-Id: If39a0792eda60aa8a97fbf9bad363fe5f1462a17
|
|
Script to check the integrity of the gerrit user account external-ids
repository to look for orphan github-oauth accounts or other inconsistencies
that may have been caused by upstream account changes/renames.
Change-Id: I66f663435ee55e77d01306b770f3a18877f2f4f9
|
|
Add in a script that allows us to verify if the default assigned
or default qa for all products/components in a bugzilla install
are current Linaro employees.
This is being added to linaro-git-tools as it requires linaro_ldap
to check if the user is valid.
Change-Id: I32cfd4208a7da0e6c2da6ab5fa91da165c335e17
|
|
This change adds a function to get a list of all
employees organized by department and team name
based on the departmentNumber user account attribute
instead of membership in groups.
Change-Id: I40bfd9acc0125e615419cab8a2acdf4cfa189740
|
|
This change allows us to specify a list of repositories
that are excluded from the ref check.
Previously, this was limited to gitolite-admin, but with
the move to NoteDB it's possible for All-Users refs to
temporarily get out of sync, and this can create a
flood of false positives that can obscure real problems.
Change-Id: I1a261fc58bd5039de5aa37a96a34b17d55493a3b
|
|
This script builds an identities.yaml file for Member user
accounts in our LDAP database.
Change-Id: Id20ba6ed8f1937d24bcd6cbdc5e1f2a19214ca9e
|
|
This change adds a function similar to do_query() that will allow
the programmer to specify a more complex LDAP query that can
change the scope, basedn, or search filter used for the request.
This is needed as the current do_query() function limits us to
only looking for subtree entries from the basedn on a simple filter
of (<search_attr>=<search_pat>)
Documentation on more complex filters and searches can be found here:
https://www.ibm.com/support/knowledgecenter/en/SSYJ99_8.5.0/admin-system/rbug_ldapfltrxprns.html
Change-Id: Ic1e290a3dfb6b97dda83c4595848490b8d219025
|
|
This change adds a check to call 'git clean' with prune if the repo
has any pack files that are more than a week old. Previously
we were relying on the result of 'git fsck' which were allowing
extraneous pack files to accumulate and take up disk space.
Change-Id: Ic4b7c9ed17841b130f86be70742bec1e811645ac
|
|
This adds a script that can be used to clean out the
mirrors of upstream git repositories.
Change-Id: Ie695994872c6b7a6a879e4fee762323a9a454cff
|
|
By default the git user shell sets the umask to 002, but our
check scripts are expecting 022. This prevents spurious
warnings from the cron jobs about resetting file permissions
on things the cleaning script has touched.
Change-Id: I3086c0a69cf6154d7d35b0754988c3767bed543b
|
|
Skip user repos since they are not as likely to have
loose objects due to frequent mirroring pushes and
because the sheer number of repos to check extends the
execution time of the script beyond 48 hours.
Change-Id: Ifb1d66dde80d897bb091cb0aeaf560c78fbe15f5
|
|
The previous version of the script did not change
directories before issuing git commands. Solved
by using pushd/popd, fixed misspelled "aggressive"
option, and fixed inconsistent spacing.
Change-Id: I67c6eab16eacbecd2258649207cb60bfd86df266
|
|
The create-bundle script is the only things that
reference the /etc/linaro/hosttype file. In order to
help simplify the git ansible playbooks, let's just source
this file and let ansible define the variables at deploy time.
Change-Id: I0d2f008fecf03b4648c924bbf0bba96c5a087fdb
|
|
Re SYS-146. Introduces a cron script that can
be used to run git clean on repos and recover
if the repo has too many loose git objects.
Change-Id: Ic0f984b20e94ef655357b61546f28eb61adbaefb
|
|
Use linaro_ldap.conf from git checkout directory, instead
of system-wide /etc/ldap.conf
To allow that, move ssh_keys.py from playbooks to this repo,
since it is already cloned in ssh-ldap role
Change-Id: Icb29958b80f947316eeea6f43ab4686c903293a8
|
|
Due to using the RESTAPI, we were looking up usernames based on the
firstname.lastname. Whilst this has worked, the problem is the rest api
"fuzzy" matches, meaning multiple ssh_keys will get returned if account
names are similar.
Instead of using the username, lets look up the username, return a
account_id and do our calls based on that.
Change-Id: Ia1bb2c98f61ba865229ccc11e5f5ae7911818e68
|
|
Change-Id: I1a3643d86cacdd7357e908a126a2ce15bf397e09
|
|
Change-Id: I4db44492846b6903b382b989bd2e4d29d81b57af
|
|
We don't install gitolite on android-us.linaro.org. This code was
causing a cron issue showing up in /var/mail/git on android-us.
Change-Id: I91684573d4abccacac542b1dfe98ad19bdbbb6f7
|
|
In Gerrit 2.14, HTTP Digest has been removed, move to HTTPBasicAuth
instead
Change-Id: Idf3f9800f068b9ca7ca370a0cfd6c3e00f8993ee
|
|
For some reason the Gerrit REST API treats requests to /buildslave/* as
GETS/PUTS/etc to the tcwg-buildslave user. This causes us to constantly
add/remove the keys for each account. "buildslave" isn't a user in
Gerrit, so we'll just skip that user for now.
Change-Id: Id1a8c759e3c375d614e58001ff754da33077e1b9
|
|
We shouldn't use encodestring, due to it adding a \n to the string. A
CVE fix was released to fix this issue (https://bugs.python.org/issue22928).
Change-Id: I2c2ab1b9337f1b8412bd429304b891a8bc43f2da
|
|
This is needed for cgit to safely handle dev-private-git.linaro.org
Change-Id: I66de59f797ddb5378855ba3de6ea290c54d009ea
|
|
This has been moved to our improved common mirroring logic
Change-Id: I0170f7e31ccb2edd8115252154bef89275725192
|
|
Change-Id: Id7bc4bd2997c9998de4cf8f89b33cdd4040fe57a
|
|
Relying on projects.list was never a great idea and now that we use cgit
there's no need for projects.list anymore. Additionally, we sometimes
need to move a repository to another location (for example when someone
leaves Linaro). The current process for handling this is a pain.
With this change we can automatically handle renamed repositories by
looking at the list of all repositories defined on disk.
Change-Id: I91d15c207525a996f0d170ec2ab1b73a9a20ef65
|
|
"fatal: Invalid revision range" appears when a user pushes a new repo,
this fix ignores new repos so the user isn't presented with an error.
Change-Id: I65bfdec465d9edaa0181632c4bc7653f6a7890d4
|
|
Change-Id: I702cdaf90e94554655bfa5f67c9e06163e8b2803
|
|
As per: https://review.linaro.org/#/c/13634
We need an easy way to determine if a user has read access to repo.
Change-Id: I3f66dcc4a14801bbc5db8d446e9a737b53d1c76b
|
|
Change-Id: I7f12383379b2d279cf1d7f625e8931fb012db538
|
|
This method is used by update-gerrit-parents.py, and at least for starters
we want to know which projects are re-parented.
Change-Id: Ibcf22701aba0f5b6ff5777de72c5adfefa993269
|
|
To at the same time reliably check geo-mirror mis-sync.
Change-Id: If933c20e2fc4c0f57d987c33777fcb213e1a1948
|
|
Indended to serve as an aid with issue reporting when mirrors get out of
sync or aren't updated as expected. Prompted by
https://servicedesk.linaro.org/browse/SYS-38.
Change-Id: Ie5219fd86f2297998631336a1a5d6d87dd35fe80
|
|
Change-Id: Ia5e788f00231b04549c9fae4e0efaa5c4f0ea0b6
|
|
This allows to define mapping between project path prefixes and Gerrit
parent project which should be set for all matching projects. It also
allows to define more than one possible parent, in which case the script
just issues a warning in case of non-match, leaving choosing the right
parent to operator.
Change-Id: Ia53fb9359dd717fe003200c81643619f4d2ab837
|
|
The biggest usecase for this script is to backup Gerrit installation
before upgrading to a new version, so usual process is: stop Gerrit -
backup - upgrade - start.
Change-Id: I1347d43bdb87fd93d69ec5612f788d986e95ed6e
Reviewed-on: https://review.linaro.org/11710
Reviewed-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
|
|
Previously, help output gave an impression that it has a default of
"https://review.linaro.org". It doesn't (and shouldn't), and not specifying
it led to weird URLs like https://None/...
Change-Id: I93f9f869a4bc76b3a7e9f07b25b0501b415ee651
|
|
This allows to pass quoted args without them being hosed. Fixes dejagnu
mirroring.
Change-Id: I3307e85046a554015fe0938717894fcdd9bbe4c1
|
|
dejagnu mirror transfer repo config was set to "mirror = true", which caused
removal of any locally created branches in the main toolchain/dejagnu repo.
"mirror = true" is now disabled in the config, and this change mirrors
new/existing branches/tags, but doesn't remove any local branches. (Local
branch creation is subject to ACLs and constraints on Gerrit side.)
Change-Id: I69616493cdb0062db0fac4f35ec117c19cc0e924
|
|
In the event no user was found in crowd, we should not be displaying the
group membership warning. The old version of the script would have still
printed out the message on the KeyError case in get_crowd_user, but I
think the current "ERROR User does "... is sufficient given how unlikely
that is to occur.
Change-Id: I3764034a7dc51d21c22e421202956a04d97e6f13
|
|
To continue processing. Some errors, like incorrect authentication, are fatal
though.
Change-Id: Ifdefcb2f31504a8999f20fb53282c69b3adfb49a
|
|
Scripts like update-gerrit-groups.py ran to the completion without producing
any error due to lax error checking.
Change-Id: Icdb95297486d96690acceb6d3855062496191bba
|
|
I.e. work per the spec in the docstring. Override only options whose value
is None after parsing command line. This is true for string-valued options
not set on command line, but may be not true for other options.
Change-Id: Ib63020922f908fd8ff9f936c04e47bc827582a91
|
|
Passwords are not safe to be passed from command line: tehy can be shown in
process list (ps ax, etc), in cron mails, etc.
Config file is linaro_gerrit.conf in the same directory as linaro_gerrit.py.
Clients of linaro_gerrit.py must call apply_gerrit_conf() to pull data from
config.
Change-Id: If21503769d27d5ca865a3d890598d67a0e1ff18f
|