opendev/system-config
Code Issues Proposed changes
7657b69387
system-config/playbooks/host_vars/review01.openstack.org.yaml
Monty Taylor 63d8f7af48 Base 2.13 image on gerrit-base 
We install jeepyb and launchpadlib in gerrit-base. Those are
important. We also need to add cgi for gitweb.

The gerrit init command does two things that we don't actually
want it to do at runtime. It extracts the plugins into the
plugins dir, and it downloads the right database library.

We can extract the plugins for it during image creation, and
then we can also download the plugin it would have downloaded.

We can also download the mysql library for it:

https://gerrit.googlesource.com/gerrit/+/refs/heads/stable-2.13/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config

Finally, we tell it to not download or expand anything during
init, because we're running in a container and next time we run
the process that dir isn't going to be there.

Our gerrit integration tests don't depend on our gerrit image builds.
Put in image depends between run-review and gerrit builds.

We also need to depend directly on opendev-buildset-registry.

Add java.security.egd setting to java invocation

This tells java to be secure.

https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for

Add support for setting heap limit properly

The gerrit init script does this based on the value in
container.javaOptions. We could, but then we'd have to
run an entrypoint script. Instead, set the value via
the JAVA_OPTIONS env var setting based on a value from
ansible.

Finally, make gerrit-master image build non-voting

It looks like there might be a real issue, but debugging that
is not important for us at this moment.

Depends-On: https://review.opendev.org/714216
Change-Id: I01e94c10f470fb3c8ddfce7b0e201357e5050679
2020-03-20 16:37:18 -05:00

87 lines
2.4 KiB
YAML
Raw Blame History

gerrit_replication:
- name: 'github'
url: 'git@github.com:'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
projects:
- '^openstack/(?!ara$|ara-web$|ara-infra$).*'
- 'openstack-dev/*'
- 'openstack-infra/*'
- name: 'gitea01'
url: 'ssh://git@gitea01.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea02'
url: 'ssh://git@gitea02.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea03'
url: 'ssh://git@gitea03.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea04'
url: 'ssh://git@gitea04.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea05'
url: 'ssh://git@gitea05.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea06'
url: 'ssh://git@gitea06.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea07'
url: 'ssh://git@gitea07.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'gitea08'
url: 'ssh://git@gitea08.opendev.org:222/'
authGroup: 'Anonymous Users'
replicationDelay: '1'
replicatePermissions: false
mirror: true
threads: '4'
- name: 'local'
url: 'file:///opt/lib/git/'
replicationDelay: '1'
threads: '4'
mirror: true
gerrit_storyboard_url: https://storyboard.openstack.org
gerrit_vhost_name: review.opendev.org
gerrit_redirect_vhost: review.openstack.org
gerrit_heap_limit: 48g
letsencrypt_certs:
review01-opendev-org-main:
- review.opendev.org
- review01.opendev.org
- review.openstack.org
# We have to set the letsencrypt_gid to something that isn't 3000
# to not conflict with gerrit2's gid.
# Also, on review01.openstack.org, 3001 is openstackwatch and
# 3002 is github.
letsencrypt_gid: 3003
View Git Blame Copy Permalink