Docker Gerrit Server
Gerrit version supported: 2.11
This is a Gerrit Docker image which runs a ssh & web server of the gerrit based code review system, facilitating online code reviews for projects using the Git version control system.
This project improves the existing available Gerrit Docker images as it supports to pass as parameters the authentication mode, the env variables to be used to replicate the git repositories with a Git Server platform like Gogs or Gitlab and many more.
The following gerrit plugins are packaged with this image :
- download-commands (gerrit project)
- delete-project (gerrit project)
- replication (gerrit project)
create-user-plugin has been created specifically for the Continous Delivery Scenario of Fabric8 and is not yet integrated within the Gerrit Project.
It goal is to add new users (jenkins, sonar, ...) to the database created by Gerrit during the generation of the site.
The users to be created can be added using a Gerrit env variale
GERRIT_ACCOUNTS using this convention :
GERRIT_ACCOUNTS='user1,fullname1,email1,pwd1,group1:group2:...;user2,fullname2,email2,pwd2,group1:group2:...;...' Example : -e GERRIT_ACCOUNTS='jenkins,jenkins,email@example.com,secret,Non-Interactive Users:Administrators;sonar,sonar,firstname.lastname@example.org,secret,Non-Interactive Users'
Remark : The Gerrit groups that you can use are : 'Non-Interactive Users','Administrators'
The volume of the folder containing the public keys of the users must be mounted and the value of the volume
passed as an env variable to the docker container ("GERRIT_SSH_PATH").
create-user-plugin uses these env variables :
-e GERRIT_ADMIN_USER='admin' \ -e GERRIT_ADMIN_EMAILemail@example.com' \ -e GERRIT_ADMIN_FULLNAME='Administrator' \ -e GERRIT_ADMIN_PWD='mysecret' \ -e GERRIT_ACCOUNTS='jenkins,jenkins,firstname.lastname@example.org,secret,Non-Interactive Users:Administrators;sonar,sonar,email@example.com,secret,Non-Interactive Users' \ -e GERRIT_SSH_PATH='/VolumeMounted/ssh-keys' \ -v /admin_user/home/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \ -v /admin_user/home/.ssh/id_rsa:/root/.ssh/id_rsa \ -v /accounts/ssh-keys/:/home/gerrit/ssh-keys \
When the Gerrit SSHD & HTTP Servers will be started by the Docker container, we will also start a Java job in charge to update the permissions of the project using the procedure described here ((http://blog.bruin.sg/2013/04/how-to-edit-the-project-config-for-all-projects-in-gerrit/) but implemented
using the Eclipse JGit API.
Like the previous plugin, this java job has not yet been published into the gerrit google project.
In order to allow the job to run, the private / public keys to be used by the gerrit admin user and also the Root User account must be mounted using Docker volumes.
The java job uses the following env variables :
-e GERRIT_GIT_LOCALPATH='/home/gerrit/git' \ -e GERRIT_GIT_PROJECT_CONFIG='/home/gerrit/config/project.config' \ -e GERRIT_GIT_REMOTEPATH='ssh://admin@localhost:29418/All-Projects' \
Running this container
To run a daemon container exposing the HTTP server with the port
8080 and the ssh daemon under the port
2418, launch the following command within a unix terminal
docker run -dP -p 0.0.0.0:8080:8080 -p 127.0.0.1:29418:29418 \ -e GERRIT_GIT_LOCALPATH='/home/gerrit/git' \ -e GERRIT_GIT_PROJECT_CONFIG='/home/gerrit/config/project.config' \ -e GERRIT_GIT_REMOTEPATH='ssh://admin@localhost:29418/All-Projects' \ -e GIT_SERVER_IP='gogs-http-service.default.local' \ -e GIT_SERVER_PORT='80' \ -e GIT_SERVER_USER=root \ -e GIT_SERVER_PASSWORD=fabric01 \ -e GIT_SERVER_PROJ_ROOT=root \ -e GERRIT_ADMIN_USER='admin' \ -e GERRIT_ADMIN_EMAILfirstname.lastname@example.org' \ -e GERRIT_ADMIN_FULLNAME='Administrator' \ -e GERRIT_ADMIN_PWD='mysecret' \ -e GERRIT_ACCOUNTS='jenkins,jenkins,email@example.com,secret,Non-Interactive Users:Administrators;sonar,sonar,firstname.lastname@example.org,secret,Non-Interactive Users' \ -e GERRIT_SSH_PATH='/VolumeMounted/ssh-keys' \ -e AUTH_TYPE='DEVELOPMENT_BECOME_ANY_ACCOUNT' \ -e ROOT_PATH='http://localhost:8080' \ -v /admin_user/home/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub \ -v /admin_user/home/.ssh/id_rsa:/root/.ssh/id_rsa \ -v /accounts/ssh-keys/:/home/gerrit/ssh-keys \ -v /home/gerrit-site:/home/gerrit/site \ --name gerrit-server fabric8/gerrit
Remark : When the container is created, we mount/map the volume of the host
/home/gerrit-site to this volume of the docker container
/home/gerrit/site in order to restore previously configured configurations (database, etc files, ...). The name of the docker container volume can't be changed.
This image supports different environment variables to specifiy :
1) Change Project Permissions
GERRIT_GIT_LOCALPATHTemporary folder used to clone locally the Git AllProjects Repo of gerrit (Default : /home/gerrit/git)
GERRIT_GIT_PROJECT_CONFIGLocation of the project config file to be changed within the Gerrit Git AllProjects repo (Default: /home/gerrit/config/project.config)
GERRIT_GIT_REMOTEPATHgit ssh address of the Gerrit Git Repo containing the Project Permissions (Default : ssh://admin@localhost:29418/All-Projects)
2) Replicate to a Git Server
GIT_SERVER_IPhostname of the Git Server (gogs, gitlab) used to replicate the git project
GIT_SERVER_PORTport of the http Git Server (gogs, gitlab)
GIT_SERVER_USERuser name to be used to be authenticated with the Git Http Server when replication will take place
GIT_SERVER_PASSWORDpassword of the
GIT_SERVER_PROJ_ROOTroot of the web project hosting the git repositories (Default : root)
3) Admin user & accounts to be created
GERRIT_ADMIN_USERadmin user to be created in order to log in to the gerrit http server (Default: admin)
GERRIT_ADMIN_EMAILemail address of the admin user. Could be used to send email notification during review process (Default: email@example.com)
GERRIT_ADMIN_FULLNAMEfull name of the Administrator (Default: Administrator)
GERRIT_ADMIN_PWDpassword used for http access to the web site (Default: mysecret)
GERRIT_ACCOUNTS'jenkins,jenkins,firstname.lastname@example.org,secret,Non-Interactive Users:Administrators;sonar,sonar,email@example.com,secret,Non-Interactive Users'
4) Authentication mode
AUTH_TYPE: the authentication mode to use to authenticate the incoming user (Default : OpenID, Values : OpenID, DEVELOPMENT_BECOME_ANY_ACCOUNT, HTTP, LDAP, OAUTH, ...) - See doc for more info
This image requires that we pass mount different volumes :
- Host SSH Public Key Volume : Container SSH Public Volume (Example : -v /user/home/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub)
Host SSH Private Key Volume : Container SSH Private Volume (Example : -v /user/home/.ssh/id_rsa:/root/.ssh/id_rsa)
Those keys will be used by the Java Job to git clone the project using the SSHD of gerrit. The public key will also be imported as the admin user key
Host Gerrit Site generated Volume (backup) : Container Gerrit Site Volume (Example : -v /home/gerrit-site:/home/gerrit/site)
- Host Users/Accounts Public Volume : Container Gerrit SSh-Keys of the accounts (Example : -v /home/accounts/ssh-keys/:/home/gerrit/ssh-keys)
Build Docker image and test it
The docker image can be built using pre-defined keys part of that project (located under the folder ssh-keys/admin and ssh-keys/users) and a docker container started.
For that purpose, use the bash script
/scripts/daemon-interactive and pass as parameter; the name of the image, your local temp directory hosting the gerrit site generated, the location of the admin ssh keys (private and public) and the location of the users ssh public key
./scripts/daemon-gerrit.sh cmoulliard /Users/chmoulli/Temp/gerrit-site ssh-keys/admin ssh-keys/users