diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2024-02-22 09:36:01 -0600 |
---|---|---|
committer | Benjamin Copeland <ben.copeland@linaro.org> | 2024-02-23 09:15:01 +0000 |
commit | 558211c7ec80f7e925d0d07ebd0316f98026acb6 (patch) | |
tree | b84a22dc8c645231c3a07da4aa54f1556b7347a8 | |
parent | 82fe0badf1a17a6701f3032820fe29dc40643285 (diff) |
gerrit: add support for audit-sl4j to gerrit
This adds in support for the audit-sl4j plugin.
Change-Id: I18f88fc98c8790cd4fb86489816082d6c093166c
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/46770
Reviewed-by: Benjamin Copeland <ben.copeland@linaro.org>
-rw-r--r-- | files/gerrit/review.trustedfirmware.org | 3 | ||||
-rw-r--r-- | roles/gerrit/tasks/gerrit.yml | 17 |
2 files changed, 20 insertions, 0 deletions
diff --git a/files/gerrit/review.trustedfirmware.org b/files/gerrit/review.trustedfirmware.org index e67f15ad..4e215ad3 100644 --- a/files/gerrit/review.trustedfirmware.org +++ b/files/gerrit/review.trustedfirmware.org @@ -71,6 +71,9 @@ [plugin "gerrit-oauth-provider-github-oauth"] client-id = 1bdcda52ecaa25e3e63b fix-legacy-user-id = false +[plugin "audit-sl4j"] + format: CSV + logName: audit.log [plugin "verify-status"] dbType = h2 database = /srv/gerrit/db/CiDB diff --git a/roles/gerrit/tasks/gerrit.yml b/roles/gerrit/tasks/gerrit.yml index ddd91614..f25b741b 100644 --- a/roles/gerrit/tasks/gerrit.yml +++ b/roles/gerrit/tasks/gerrit.yml @@ -70,6 +70,15 @@ force: yes when: gerrit_autosubmitter is defined +- name: Download audit-sl4j plugin + get_url: + url: https://gerrit-ci.gerritforge.com/view/Plugins-stable-{{gerrit_plugin_version}}/job/plugin-audit-sl4j-bazel-master-stable-{{gerrit_plugin_version}}/lastSuccessfulBuild/artifact/bazel-bin/plugins/audit-sl4j/audit-sl4j.jar + dest: "{{gerrit_root}}/plugins/audit-sl4j.jar" + owner: "{{git_user}}" + group: "{{git_user}}" + validate_certs: no + force: yes + - name: Create Gerrit.config template: src="files/gerrit/{{gerrit_host}}" dest={{gerrit_root}}/etc/gerrit.config owner={{git_user}} group={{git_user}} backup=yes @@ -97,6 +106,14 @@ notify: - restart-gerrit +- name: Set up Gerrit audit log + template: src="audit.config" dest={{gerrit_root}}/etc/audit.config owner={{git_user}} group={{git_user}} + mode=0600 backup=yes + tags: + - gerrit-conf + notify: + - restart-gerrit + - name: Install Gerrit automation crontab template: src=gerrit-automate dest=/etc/cron.d/ owner=root |