diff options
author | Benjamin Copeland <ben.copeland@linaro.org> | 2023-09-07 14:23:10 +0100 |
---|---|---|
committer | Benjamin Copeland <ben.copeland@linaro.org> | 2023-10-09 08:36:11 +0000 |
commit | 1fdaaca9e03f8d098c2147d6d4f8f9f0a14bf3a6 (patch) | |
tree | 384a3258a597565d89183e9b9a376ace0f33f602 | |
parent | c16054317aa58f4bfa2b43c6579c15678151fd32 (diff) |
Gerrit: Devboardsforandroid
A rather large changeset but here we are. This change set makes gerrit
the primary address, drops git. and makes sources. a new tld.
With the new tld sources.devboardsforandroid. we proxy redirect these
requests to gitiles, and drop cgit. Upon this gitiles requires some
config to change clone urls and redirects.
Change-Id: I225030730ad8e3945b138fc80119de20f6a6b519
Signed-off-by: Benjamin Copeland <ben.copeland@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/45700
-rw-r--r-- | files/apache/gerrit.devboardsforandroid.linaro.org.conf (renamed from files/apache/git.devboardsforandroid.ctt.linaro.org.conf) | 16 | ||||
-rw-r--r-- | files/apache/source.devboardsforandroid.linaro.org.conf | 62 | ||||
-rw-r--r-- | files/gerrit/git.devboardsforandroid.ctt.linaro.org | 67 | ||||
-rw-r--r-- | files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org | 7 | ||||
-rw-r--r-- | host_vars/gerrit.devboardsforandroid.linaro.org (renamed from host_vars/git.devboardsforandroid.ctt.linaro.org) | 13 | ||||
-rw-r--r-- | hosts | 4 | ||||
-rw-r--r-- | roles/gerrit/tasks/gerrit.yml | 12 | ||||
-rw-r--r-- | ssh/known_hosts | 3 |
8 files changed, 101 insertions, 83 deletions
diff --git a/files/apache/git.devboardsforandroid.ctt.linaro.org.conf b/files/apache/gerrit.devboardsforandroid.linaro.org.conf index f4612b9f..6e958667 100644 --- a/files/apache/git.devboardsforandroid.ctt.linaro.org.conf +++ b/files/apache/gerrit.devboardsforandroid.linaro.org.conf @@ -1,5 +1,6 @@ <VirtualHost *:80> - ServerName git.devboardsforandroid.ctt.linaro.org + ServerName gerrit.devboardsforandroid.ctt.linaro.org + ServerAlias source.devboardsforandroid.ctt.linaro.org {% if ssl_cert is defined %} RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" @@ -8,8 +9,8 @@ DocumentRoot /srv/gerrit - CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined - ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log + CustomLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-access.log combined + ErrorLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-error.log ExpiresActive On ExpiresDefault "access plus 0 seconds" @@ -46,6 +47,7 @@ AllowEncodedSlashes On ProxyPass / http://127.0.0.1:8080/ nocanon + ProxyPass /g/ http://127.0.0.1:8080/r/plugins/gitiles/ retry=0 nocanon Keepalive=On {% endif %} Include /etc/apache2/linaro/letsencrypt.conf @@ -53,7 +55,8 @@ {% if ssl_cert is defined %} <VirtualHost *:443> - ServerName git.devboardsforandroid.ctt.linaro.org + ServerName gerrit.devboardsforandroid.ctt.linaro.org + ServerAlias source.devboardsforandroid.ctt.linaro.org Include /etc/apache2/linaro/settings-ssl.conf SSLCertificateFile {{ssl_cert}} @@ -64,8 +67,8 @@ DocumentRoot /srv/gerrit - CustomLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-access.log combined - ErrorLog /var/log/apache2/git.devboardsforandroid.ctt.linaro.org-error.log + CustomLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-access.log combined + ErrorLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-error.log ExpiresActive On ExpiresDefault "access plus 0 seconds" @@ -99,7 +102,6 @@ Order deny,allow Allow from all </Proxy> - AllowEncodedSlashes On ProxyPass / http://127.0.0.1:8080/ nocanon </VirtualHost> diff --git a/files/apache/source.devboardsforandroid.linaro.org.conf b/files/apache/source.devboardsforandroid.linaro.org.conf new file mode 100644 index 00000000..8549e71f --- /dev/null +++ b/files/apache/source.devboardsforandroid.linaro.org.conf @@ -0,0 +1,62 @@ +<VirtualHost *:80> + ServerName source.devboardsforandroid.linaro.org + + RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://source.devboardsforandroid.linaro.org/$1" + + + Include /etc/apache2/linaro/letsencrypt.conf +</VirtualHost> + +<VirtualHost *:443> + ServerName source.devboardsforandroid.linaro.org + + Include /etc/apache2/linaro/settings-ssl.conf + SSLCertificateFile /etc/dehydrated/certs/source.devboardsforandroid.linaro.org/fullchain.pem + SSLCertificateKeyFile /etc/dehydrated/certs/source.devboardsforandroid.linaro.org/privkey.pem + SSLCACertificateFile /etc/dehydrated/certs/source.devboardsforandroid.linaro.org/fullchain.pem + DocumentRoot /srv/gerrit + + CustomLog /var/log/apache2/source.devboardsforandroid.linaro.org-access.log combined + ErrorLog /var/log/apache2/source.devboardsforandroid.linaro.org-error.log + + ExpiresActive On + ExpiresDefault "access plus 0 seconds" + + ExpiresByType text/css "access plus 1 week" + ExpiresByType text/javascript "access plus 1 week" + ExpiresByType image/png "access plus 1 month" + ExpiresByType image/jpg "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/x-icon "access plus 1 month" + + Header append Cache-Control "no-transform" + + <FilesMatch "\.(html|htm)$"> + Header add Cache-Control "must-revalidate" + </FilesMatch> + + <FilesMatch "\.(js|css)$"> + Header add Cache-Control "max-age=604800" + <ifModule mod_deflate.c> + SetOutputFilter DEFLATE + </ifModule> + </FilesMatch> + + RequestHeader set X-Forwarded-Scheme http + + ProxyRequests Off + ProxyVia Off + ProxyPreserveHost On + <Proxy *> + Order deny,allow + Allow from all + </Proxy> + + AllowEncodedSlashes On + + # Just like AOSP, keep URL navigation simple by using / instead of /plugins/gitiles + ProxyPass / http://127.0.0.1:8080/plugins/gitiles/ retry=0 nocanon Keepalive=On + + RewriteEngine On + RewriteRule ^/plugins/gitiles(.+)$ https://source.devboardsforandroid.linaro.org$1 [L,R=301,NE] +</VirtualHost> diff --git a/files/gerrit/git.devboardsforandroid.ctt.linaro.org b/files/gerrit/git.devboardsforandroid.ctt.linaro.org deleted file mode 100644 index 686e022f..00000000 --- a/files/gerrit/git.devboardsforandroid.ctt.linaro.org +++ /dev/null @@ -1,67 +0,0 @@ -[core] - streamFileThreshold = 512m - packedGitLimit = 2000m -[gerrit] - basePath = /srv/repositories - canonicalWebUrl = https://git.devboardsforandroid.ctt.linaro.org/ - serverId = {{gerrit_config_server_id}} -[auth] - type = OAUTH - loginUrl = /login - loginText = Sign-in with GitHub - registerPageUrl = "/#/register" - gitBasicAuthPolicy = HTTP -[oauth] - allowEditFullName = true - allowRegisterNewEmail = true -[plugin "gerrit-oauth-provider-github-oauth"] - client-id = bfe5b324c057fe64896c - fix-legacy-user-id = false -[sendemail] - smtpServer = localhost - expiryDays = 15 - replyToAddress = review@git.devboardsforandroid.ctt.linaro.org -{% if gerrit_config_dovecot_user is defined and gerrit_config_dovecot_password is defined %} -[receiveemail] - protocol = IMAP - host = localhost - username = {{ gerrit_config_dovecot_user }} -{% endif %} -[container] - user = git - javaHome = /usr/lib/jvm/java-11-openjdk-amd64/jre - heapLimit = {{ gerrit_mem }} - javaOptions = "-Dflogger.backend_factory=com.google.common.flogger.backend.log4j.Log4jBackendFactory#getInstance" - javaOptions = "-Dflogger.logging_context=com.google.gerrit.server.logging.LoggingContext#getInstance" - -[sshd] - listenAddress = *:29418 - idleTimeout = 5m -[httpd] - listenUrl = proxy-https://127.0.0.1:8080/ -[cache] - directory = cache -[cache "projects"] - memoryLimit = 4096 - diskLimit = 10240 -[download] - scheme = http - scheme = ssh - scheme = anon_http - scheme = repo_download -[gitweb] - type = cgit - url = https://git.devboardsforandroid.ctt.linaro.org/ -[theme] - selectionColor = FFFEAE -[user] - name = Linaro Dev Boards for Android Code Review - email = review@git.devboardsforandroid.ctt.linaro.org -[index] - type = LUCENE -[noteDb "changes"] - autoMigrate = true -[change] - allowDrafts = true -[receive] - enableSignedPush = false diff --git a/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org b/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org new file mode 100644 index 00000000..4e766b2d --- /dev/null +++ b/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org @@ -0,0 +1,7 @@ +[gerrit] + cloneUrlType = http + linkname = gitiles + target = _self + baseUrl = https://source.devboardsforandroid.linaro.org +[markdown] + namedanchor = true diff --git a/host_vars/git.devboardsforandroid.ctt.linaro.org b/host_vars/gerrit.devboardsforandroid.linaro.org index e34b2f50..715715dd 100644 --- a/host_vars/git.devboardsforandroid.ctt.linaro.org +++ b/host_vars/gerrit.devboardsforandroid.linaro.org @@ -2,7 +2,7 @@ hosttype: git-review server_role: git-review #db_user: gerrit2 -gerrit_host: git.devboardsforandroid.ctt.linaro.org +gerrit_host: gerrit.devboardsforandroid.linaro.org host_site_name: Linaro Dev Boards for Android Code Review grokmirror_master: false @@ -13,6 +13,7 @@ gerrit_mem: 4000m gerrit_config_server_id: 8f6f209b-eb1a-4cbf-aa44-c8bc30e9bfda gerrit_oauth: yes gerrit_github_oauth_id: bfe5b324c057fe64896c +gerrit_gitiles: yes dovecot_user: "{{gerrit_config_dovecot_user}}" dovecot_password: "{{gerrit_config_dovecot_password}}" @@ -24,15 +25,17 @@ ssl_ca: "{{ssl_cert}}" # Note: this also sets up config for android-review.linaro.org cert dehydrated_http_domains: - - git.devboardsforandroid.ctt.linaro.org + - gerrit.devboardsforandroid.linaro.org + - source.devboardsforandroid.linaro.org dehydrated_dns_domains: [] dehydrated_domains_txt: | - git.devboardsforandroid.ctt.linaro.org + gerrit.devboardsforandroid.linaro.org + source.devboardsforandroid.linaro.org apache_ldap_uri: ldaps://login.linaro.org ssh_ldap_uri: ldaps://login.linaro.org -postfix_destinations: ["git.devboardsforandroid.ctt.linaro.org"] -postfix_hostname: "git.devboardsforandroid.ctt.linaro.org" +postfix_destinations: ["gerrit.devboardsforandroid.linaro.org"] +postfix_hostname: "gerrit.devboardsforandroid.linaro.org" @@ -25,7 +25,7 @@ review.trustedfirmware.org review.mlplatform.org # Note: only accessible via Forge's VPN gerrit.forge.aws.linaro.com ansible_host=10.252.23.114 -git.devboardsforandroid.ctt.linaro.org +gerrit.devboardsforandroid.linaro.org [gerrit_mirror] git-us.linaro.org @@ -183,7 +183,7 @@ android-review.linaro.org elk.linaro.org git.morello-project.org gerrit.forge.aws.linaro.com -git.devboardsforandroid.ctt.linaro.org +gerrit.devboardsforandroid.linaro.org [swarm_nodes] x86-07 diff --git a/roles/gerrit/tasks/gerrit.yml b/roles/gerrit/tasks/gerrit.yml index c2914070..33c0e878 100644 --- a/roles/gerrit/tasks/gerrit.yml +++ b/roles/gerrit/tasks/gerrit.yml @@ -60,7 +60,7 @@ force: yes when: gerrit_verify is defined -- name: Create Gerrit.conf +- name: Create Gerrit.config template: src="files/gerrit/{{gerrit_host}}" dest={{gerrit_root}}/etc/gerrit.config owner={{git_user}} group={{git_user}} backup=yes register: gerrit_conf @@ -69,6 +69,16 @@ notify: - restart-gerrit +- name: Create gitiles.config + template: src="files/gerrit/gitiles_{{gerrit_host}}" dest={{gerrit_root}}/etc/gitiles.config owner={{git_user}} group={{git_user}} + backup=yes + register: gerrit_conf + tags: + - gerrit-conf + notify: + - restart-gerrit + when: gerrit_gitiles is defined + - name: Set up Gerrit secure.conf template: src="secure.config" dest={{gerrit_root}}/etc/secure.config owner={{git_user}} group={{git_user}} mode=0600 backup=yes diff --git a/ssh/known_hosts b/ssh/known_hosts index cd548d8c..3eb2bfd0 100644 --- a/ssh/known_hosts +++ b/ssh/known_hosts @@ -373,4 +373,5 @@ gerrit.forge.aws.linaro.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJJYD+iG0I7hbLd flexnet.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfxMgScSvY67rmci7rpsiCU4dTFOhzrsbreEaZGT4Ka mbedtls.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDe5WQk5mtt30d6spLcYXfVeHQpZ5MKWSrAt/qPJVHOE ci.trustedfirmware.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGQOW9Zk6tmYyV7eh5qtjpUoNoYom7FVMtvEmMNHzGWt -git.devboardsforandroid.ctt.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/t+zvQuh3t2E8zIbbYL1gQRE8nPgwphWs/cVVcxrv4 +gerrit.devboardsforandroid.ctt.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/t+zvQuh3t2E8zIbbYL1gQRE8nPgwphWs/cVVcxrv4 +gerrit.devboardsforandroid.linaro.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASzeLZnFxBsm6XcQrxyLnL+6nSZOarQIxZGlGYSpEfl |