diff options
author | Kelley Spoon <kelley.spoon@linaro.org> | 2023-10-25 11:49:32 -0500 |
---|---|---|
committer | Kelley Spoon <kelley.spoon@linaro.org> | 2023-10-25 20:35:19 +0000 |
commit | 94dac63331c91546549c4a9fdc1f6d9a13c20375 (patch) | |
tree | 27fd5e550de50b1bcf2280fe882cfcc38bed4acb | |
parent | d4d0fe7bc261a7f1524ffaf9d6d819fb76c0845a (diff) |
devboards: enable git requests through source
It has been requested that we allow git requests
over http to the same URL that users are using
to browse a repo via gitiles. Unfortunately
git requests to a gitiles repo results in a 403
error.
This change updates both apache and gerrit's gitiles
configuration to allow the git request to work.
Change-Id: I039bff2d0dcd92846f40ba041fd5622337e568a5
Signed-off-by: Kelley Spoon <kelley.spoon@linaro.org>
Reviewed-on: https://review.linaro.org/c/infrastructure/ansible-playbooks/+/46025
5 files changed, 19 insertions, 14 deletions
diff --git a/files/apache/gerrit.devboardsforandroid.linaro.org.conf b/files/apache/gerrit.devboardsforandroid.linaro.org.conf index 6e958667..c33de03a 100644 --- a/files/apache/gerrit.devboardsforandroid.linaro.org.conf +++ b/files/apache/gerrit.devboardsforandroid.linaro.org.conf @@ -1,6 +1,5 @@ <VirtualHost *:80> - ServerName gerrit.devboardsforandroid.ctt.linaro.org - ServerAlias source.devboardsforandroid.ctt.linaro.org + ServerName gerrit.devboardsforandroid.linaro.org {% if ssl_cert is defined %} RedirectMatch permanent "^/(?!\.well-known/acme-challenge)(.*)" "https://{{hostname}}/$1" @@ -9,8 +8,8 @@ DocumentRoot /srv/gerrit - CustomLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-access.log combined - ErrorLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-error.log + CustomLog /var/log/apache2/gerrit.devboardsforandroid.linaro.org-access.log combined + ErrorLog /var/log/apache2/gerrit.devboardsforandroid.linaro.org-error.log ExpiresActive On ExpiresDefault "access plus 0 seconds" @@ -47,18 +46,17 @@ AllowEncodedSlashes On ProxyPass / http://127.0.0.1:8080/ nocanon - ProxyPass /g/ http://127.0.0.1:8080/r/plugins/gitiles/ retry=0 nocanon Keepalive=On + ProxyPass /g/ http://127.0.0.1:8080/r/plugins/gitiles/ retry=0 nocanon Keepalive=On {% endif %} - Include /etc/apache2/linaro/letsencrypt.conf + Include /etc/apache2/linaro/letsencrypt.conf </VirtualHost> {% if ssl_cert is defined %} <VirtualHost *:443> - ServerName gerrit.devboardsforandroid.ctt.linaro.org - ServerAlias source.devboardsforandroid.ctt.linaro.org + ServerName gerrit.devboardsforandroid.linaro.org - Include /etc/apache2/linaro/settings-ssl.conf + Include /etc/apache2/linaro/settings-ssl.conf SSLCertificateFile {{ssl_cert}} SSLCertificateKeyFile {{ssl_key}} {% if ssl_ca is defined -%} @@ -67,8 +65,8 @@ DocumentRoot /srv/gerrit - CustomLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-access.log combined - ErrorLog /var/log/apache2/gerrit.devboardsforandroid.ctt.linaro.org-error.log + CustomLog /var/log/apache2/gerrit.devboardsforandroid.linaro.org-access.log combined + ErrorLog /var/log/apache2/gerrit.devboardsforandroid.linaro.org-error.log ExpiresActive On ExpiresDefault "access plus 0 seconds" diff --git a/files/apache/source.devboardsforandroid.linaro.org.conf b/files/apache/source.devboardsforandroid.linaro.org.conf index 8549e71f..d171d19f 100644 --- a/files/apache/source.devboardsforandroid.linaro.org.conf +++ b/files/apache/source.devboardsforandroid.linaro.org.conf @@ -55,6 +55,9 @@ AllowEncodedSlashes On # Just like AOSP, keep URL navigation simple by using / instead of /plugins/gitiles + ProxyPassMatch .*git-upload-pack.* http://127.0.0.1:8080/ retry=0 nocanon Keepalive=On + ProxyPassMatch .*/info/refs.* http://127.0.0.1:8080/ retry=0 nocanon Keepalive=On + ProxyPass / http://127.0.0.1:8080/plugins/gitiles/ retry=0 nocanon Keepalive=On RewriteEngine On diff --git a/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org b/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org index 4e766b2d..1a0950ec 100644 --- a/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org +++ b/files/gerrit/gitiles_gerrit.devboardsforandroid.linaro.org @@ -1,7 +1,9 @@ -[gerrit] +[gitiles] cloneUrlType = http linkname = gitiles target = _self - baseUrl = https://source.devboardsforandroid.linaro.org + canonicalHostname = source.devboardsforandroid.linaro.org + gerritUrl = https://source.devboardsforandroid.linaro.org/ + baseGitUrl = https://source.devboardsforandroid.linaro.org/ [markdown] namedanchor = true diff --git a/host_vars/gerrit.devboardsforandroid.linaro.org b/host_vars/gerrit.devboardsforandroid.linaro.org index 715715dd..7e96c545 100644 --- a/host_vars/gerrit.devboardsforandroid.linaro.org +++ b/host_vars/gerrit.devboardsforandroid.linaro.org @@ -14,6 +14,7 @@ gerrit_config_server_id: 8f6f209b-eb1a-4cbf-aa44-c8bc30e9bfda gerrit_oauth: yes gerrit_github_oauth_id: bfe5b324c057fe64896c gerrit_gitiles: yes +gerrit_no_update_keys: yes dovecot_user: "{{gerrit_config_dovecot_user}}" dovecot_password: "{{gerrit_config_dovecot_password}}" diff --git a/roles/gerrit/templates/gerrit-automate b/roles/gerrit/templates/gerrit-automate index 5e4fb5a0..c9747825 100644 --- a/roles/gerrit/templates/gerrit-automate +++ b/roles/gerrit/templates/gerrit-automate @@ -1,8 +1,9 @@ MAILTO=linaro-infrastructure-errors@lists.linaro.org #Ansible: Update gerrit SSH keys from LDAP +{% if gerrit_no_update_keys is defined%} */10 * * * * {{git_user}} {{tools_checkout_dir}}/linaro-git-tools/update-gerrit-keys.py --username {{gerrit_http_username}} --base {{gerrit_http_base}} - +{% endif %} #Ansible: Update gerrit group membership from LDAP */60 * * * * {{git_user}} {{tools_checkout_dir}}/linaro-git-tools/update-gerrit-groups.py --username {{gerrit_http_username}} --base {{gerrit_http_base}} |