Gerrit: Devboardsforandroid

A rather large changeset but here we are. This change set makes gerrit
the primary address, drops git. and makes sources. a new tld.

With the new tld sources.devboardsforandroid. we proxy redirect these
requests to gitiles, and drop cgit. Upon this gitiles requires some
config to change clone urls and redirects.

Change-Id: I225030730ad8e3945b138fc80119de20f6a6b519
Signed-off-by: Benjamin Copeland <ben.copeland@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/45700

8 files changed, 101 insertions, 83 deletions

diff --git a/files/apache/git.devboardsforandroid.ctt.linaro.org.conf b/files/apache/gerrit.devboardsforandroid.linaro.org.conf
index f4612b9f..6e958667 100644
--- a/files/apache/git.devboardsforandroid.ctt.linaro.org.conf
+++ b/files/apache/gerrit.devboardsforandroid.linaro.org.conf
@@ -1,5 +1,6 @@
 <VirtualHost *:80>
-	ServerName git.devboardsforandroid.ctt.linaro.org
+	ServerName gerrit.devboardsforandroid.ctt.linaro.org
+	ServerAlias source.devboardsforandroid.ctt.linaro.org
 	{% if ssl_cert is defined %}
 
 	RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1"
@@ -8,8 +9,8 @@
 
 	DocumentRoot    /srv/gerrit
 
-	CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined
-	ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log
+	CustomLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-access.log combined
+	ErrorLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-error.log
 
 	ExpiresActive   On
 	ExpiresDefault  "access plus 0 seconds"
@@ -46,6 +47,7 @@
 
 	AllowEncodedSlashes On
 	ProxyPass	/	http://127.0.0.1:8080/ nocanon
+        ProxyPass /g/ http://127.0.0.1:8080/r/plugins/gitiles/ retry=0 nocanon Keepalive=On
 	{% endif %}
 
         Include /etc/apache2/linaro/letsencrypt.conf
@@ -53,7 +55,8 @@
 
 {% if ssl_cert is defined %}
 <VirtualHost *:443>
-	ServerName git.devboardsforandroid.ctt.linaro.org
+	ServerName gerrit.devboardsforandroid.ctt.linaro.org
+	ServerAlias source.devboardsforandroid.ctt.linaro.org
 
         Include /etc/apache2/linaro/settings-ssl.conf
 	SSLCertificateFile {{ssl_cert}}
@@ -64,8 +67,8 @@
 
 	DocumentRoot /srv/gerrit
 
-	CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined
-	ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log
+	CustomLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-access.log combined
+	ErrorLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-error.log
 
 	ExpiresActive   On
 	ExpiresDefault  "access plus 0 seconds"
@@ -99,7 +102,6 @@
 		Order deny,allow
 		Allow from all
 	</Proxy>
-
 	AllowEncodedSlashes On
 	ProxyPass	/	http://127.0.0.1:8080/ nocanon
 </VirtualHost>
diff --git a/files/apache/source.devboardsforandroid.linaro.org.conf b/files/apache/source.devboardsforandroid.linaro.org.conf
new file mode 100644
index 00000000..8549e71f
--- /dev/null
+++ b/files/apache/source.devboardsforandroid.linaro.org.conf
@@ -0,0 +1,62 @@
+<VirtualHost *:80>
+	ServerName source.devboardsforandroid.linaro.org
+
+	RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://source.devboardsforandroid.linaro.org/$1"
+
+
+        Include /etc/apache2/linaro/letsencrypt.conf
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName source.devboardsforandroid.linaro.org
+
+        Include /etc/apache2/linaro/settings-ssl.conf
+	SSLCertificateFile /etc/dehydrated/certs/source.devboardsforandroid.linaro.org/fullchain.pem
+	SSLCertificateKeyFile /etc/dehydrated/certs/source.devboardsforandroid.linaro.org/privkey.pem
+	SSLCACertificateFile /etc/dehydrated/certs/source.devboardsforandroid.linaro.org/fullchain.pem
+	DocumentRoot /srv/gerrit
+
+	CustomLog /var/log/apache2/source.devboardsforandroid.linaro.org-access.log combined
+	ErrorLog /var/log/apache2/source.devboardsforandroid.linaro.org-error.log
+
+	ExpiresActive   On
+	ExpiresDefault  "access plus 0 seconds"
+
+	ExpiresByType   text/css        "access plus 1 week"
+	ExpiresByType   text/javascript "access plus 1 week"
+	ExpiresByType   image/png       "access plus 1 month"
+	ExpiresByType   image/jpg       "access plus 1 month"
+	ExpiresByType   image/jpeg      "access plus 1 month"
+	ExpiresByType   image/x-icon    "access plus 1 month"
+
+	Header append Cache-Control "no-transform"
+
+	<FilesMatch "\.(html|htm)$">
+        	Header add Cache-Control "must-revalidate"
+	</FilesMatch>
+
+	<FilesMatch "\.(js|css)$">
+        	Header add Cache-Control "max-age=604800"
+	        <ifModule mod_deflate.c>
+        	        SetOutputFilter DEFLATE
+	        </ifModule>
+	</FilesMatch>
+
+	RequestHeader set X-Forwarded-Scheme http
+
+	ProxyRequests Off
+	ProxyVia Off
+	ProxyPreserveHost On
+	<Proxy *>
+		Order deny,allow
+		Allow from all
+	</Proxy>
+
+	AllowEncodedSlashes On
+
+	# Just like AOSP, keep URL navigation simple by using / instead of /plugins/gitiles
+	ProxyPass / http://127.0.0.1:8080/plugins/gitiles/ retry=0 nocanon Keepalive=On
+
+	RewriteEngine On
+	RewriteRule ^/plugins/gitiles(.+)$ https://source.devboardsforandroid.linaro.org$1 [L,R=301,NE]
+</VirtualHost>
diff --git a/files/gerrit/git.devboardsforandroid.ctt.linaro.org b/files/gerrit/git.devboardsforandroid.ctt.linaro.org
deleted file mode 100644
index 686e022f..00000000
--- a/files/gerrit/git.devboardsforandroid.ctt.linaro.org
+++ /dev/null
@@ -1,67 +0,0 @@
-[core]
-    streamFileThreshold = 512m
-    packedGitLimit = 2000m
-[gerrit]
-	basePath = /srv/repositories
-	canonicalWebUrl = https://git.devboardsforandroid.ctt.linaro.org/
-    serverId = {{gerrit_config_server_id}}
-[auth]
-    type = OAUTH
-    loginUrl = /login
-    loginText = Sign-in with GitHub
-    registerPageUrl = "/#/register"
-    gitBasicAuthPolicy = HTTP
-[oauth]
-    allowEditFullName = true
-    allowRegisterNewEmail = true
-[plugin "gerrit-oauth-provider-github-oauth"]
-    client-id = bfe5b324c057fe64896c
-    fix-legacy-user-id = false
-[sendemail]
-	smtpServer = localhost
-    expiryDays = 15
-    replyToAddress = review@git.devboardsforandroid.ctt.linaro.org
-{% if gerrit_config_dovecot_user is defined and gerrit_config_dovecot_password is defined %}
-[receiveemail]
-    protocol = IMAP
-    host = localhost
-    username = {{ gerrit_config_dovecot_user }}
-{% endif %}
-[container]
-	user = git
-	javaHome = /usr/lib/jvm/java-11-openjdk-amd64/jre
-	heapLimit = {{ gerrit_mem }}
-	javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance"
-	javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance"
-
-[sshd]
-	listenAddress = *:29418
-    idleTimeout = 5m
-[httpd]
-	listenUrl = proxy-https://127.0.0.1:8080/
-[cache]
-	directory = cache
-[cache "projects"]
-    memoryLimit = 4096
-    diskLimit = 10240
-[download]
-    scheme = http
-    scheme = ssh
-    scheme = anon_http
-    scheme = repo_download
-[gitweb]
-    type = cgit
-    url = https://git.devboardsforandroid.ctt.linaro.org/
-[theme]
-    selectionColor = FFFEAE
-[user]
-	name = Linaro Dev Boards for Android Code Review
-    email = review@git.devboardsforandroid.ctt.linaro.org
-[index]
-	type = LUCENE
-[noteDb "changes"]
-    autoMigrate = true
-[change]
-    allowDrafts = true
-[receive]
-    enableSignedPush = false
diff --git a/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org b/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org
new file mode 100644
index 00000000..4e766b2d
--- /dev/null
+++ b/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org
@@ -0,0 +1,7 @@
+[gerrit]
+    cloneUrlType = http
+    linkname = gitiles
+    target = _self
+    baseUrl = https://source.devboardsforandroid.linaro.org
+[markdown]
+    namedanchor = true
diff --git a/host_vars/git.devboardsforandroid.ctt.linaro.org b/host_vars/gerrit.devboardsforandroid.linaro.org
index e34b2f50..715715dd 100644
--- a/host_vars/git.devboardsforandroid.ctt.linaro.org
+++ b/host_vars/gerrit.devboardsforandroid.linaro.org
@@ -2,7 +2,7 @@
 hosttype: git-review
 server_role: git-review
 #db_user: gerrit2
-gerrit_host: git.devboardsforandroid.ctt.linaro.org
+gerrit_host: gerrit.devboardsforandroid.linaro.org
 host_site_name: Linaro Dev Boards for Android Code Review
 grokmirror_master: false
 
@@ -13,6 +13,7 @@ gerrit_mem: 4000m
 gerrit_config_server_id: 8f6f209b-eb1a-4cbf-aa44-c8bc30e9bfda
 gerrit_oauth: yes
 gerrit_github_oauth_id: bfe5b324c057fe64896c
+gerrit_gitiles: yes
 
 dovecot_user: "{{gerrit_config_dovecot_user}}"
 dovecot_password: "{{gerrit_config_dovecot_password}}"
@@ -24,15 +25,17 @@ ssl_ca: "{{ssl_cert}}"
 
 # Note: this also sets up config for android-review.linaro.org cert
 dehydrated_http_domains:
-  - git.devboardsforandroid.ctt.linaro.org
+  - gerrit.devboardsforandroid.linaro.org
+  - source.devboardsforandroid.linaro.org
 
 dehydrated_dns_domains: []
 
 dehydrated_domains_txt: |
-  git.devboardsforandroid.ctt.linaro.org
+  gerrit.devboardsforandroid.linaro.org
+  source.devboardsforandroid.linaro.org
 
 apache_ldap_uri: ldaps://login.linaro.org
 ssh_ldap_uri: ldaps://login.linaro.org
 
-postfix_destinations: ["git.devboardsforandroid.ctt.linaro.org"]
-postfix_hostname: "git.devboardsforandroid.ctt.linaro.org"
+postfix_destinations: ["gerrit.devboardsforandroid.linaro.org"]
+postfix_hostname: "gerrit.devboardsforandroid.linaro.org"
diff --git a/hosts b/hosts
index 57a65ebb..d08fe3e6 100644
--- a/hosts
+++ b/hosts
@@ -25,7 +25,7 @@ review.trustedfirmware.org
 review.mlplatform.org
 # Note: only accessible via Forge's VPN
 gerrit.forge.aws.linaro.com ansible_host=10.252.23.114
-git.devboardsforandroid.ctt.linaro.org
+gerrit.devboardsforandroid.linaro.org
 
 [gerrit_mirror]
 git-us.linaro.org
@@ -183,7 +183,7 @@ android-review.linaro.org
 elk.linaro.org
 git.morello-project.org
 gerrit.forge.aws.linaro.com
-git.devboardsforandroid.ctt.linaro.org
+gerrit.devboardsforandroid.linaro.org
 
 [swarm_nodes]
 x86-07
diff --git a/roles/gerrit/tasks/gerrit.yml b/roles/gerrit/tasks/gerrit.yml
index c2914070..33c0e878 100644
--- a/roles/gerrit/tasks/gerrit.yml
+++ b/roles/gerrit/tasks/gerrit.yml
@@ -60,7 +60,7 @@
     force: yes
   when: gerrit_verify is defined
 
-- name: Create Gerrit.conf
+- name: Create Gerrit.config
   template: src="files/gerrit/{{gerrit_host}}" dest={{gerrit_root}}/etc/gerrit.config owner={{git_user}} group={{git_user}}
             backup=yes
   register: gerrit_conf
@@ -69,6 +69,16 @@
   notify:
   - restart-gerrit
 
+- name: Create gitiles.config
+  template: src="files/gerrit/gitiles_{{gerrit_host}}" dest={{gerrit_root}}/etc/gitiles.config owner={{git_user}} group={{git_user}}
+            backup=yes
+  register: gerrit_conf
+  tags:
+  - gerrit-conf
+  notify:
+  - restart-gerrit
+  when: gerrit_gitiles is defined
+
 - name: Set up Gerrit secure.conf
   template: src="secure.config" dest={{gerrit_root}}/etc/secure.config owner={{git_user}} group={{git_user}}
             mode=0600 backup=yes
diff --git a/ssh/known_hosts b/ssh/known_hosts
index cd548d8c..3eb2bfd0 100644
--- a/ssh/known_hosts
+++ b/ssh/known_hosts
@@ -373,4 +373,5 @@ gerrit.forge.aws.linaro.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJYD+iG0I7hbLd
 flexnet.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfxMgScSvY67rmci7rpsiCU4dTFOhzrsbreEaZGT4Ka
 mbedtls.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDe5WQk5mtt30d6spLcYXfVeHQpZ5MKWSrAt/qPJVHOE
 ci.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQOW9Zk6tmYyV7eh5qtjpUoNoYom7FVMtvEmMNHzGWt
-git.devboardsforandroid.ctt.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/t+zvQuh3t2E8zIbbYL1gQRE8nPgwphWs/cVVcxrv4
+gerrit.devboardsforandroid.ctt.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/t+zvQuh3t2E8zIbbYL1gQRE8nPgwphWs/cVVcxrv4
+gerrit.devboardsforandroid.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASzeLZnFxBsm6XcQrxyLnL+6nSZOarQIxZGlGYSpEfl