Project

General

Profile

Feature #3078

Feature #3076: migrate to new (2018-03) server "host2.osmocom.org"

migate gerrit to new server

Added by laforge over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
03/19/2018
Due date:
% Done:

100%

Spec Reference:

Description

I've been setting up the official gerrit docker image (https://github.com/GerritCodeReview/docker-gerrit) on the new server and converted the existing configuration + tested it. gerrit comes up and serves the current patch review state via its web interface when started from docker-compose.yml

What's primarily missing is the OpenID integration, where I think there was some manual patching done on the existing gerrit.

Would be great if somebody could provide me with a diff and/or a script on what needs to be done to gerrit to re-apply those changes.


Checklist

  • find out what kind of changes we need for Osmocom OpenID integration
  • create a custom Dockerfile that applies our changes
  • re-test with new dockerfile

History

#1 Updated by laforge over 1 year ago

  • Status changed from New to Feedback
  • Assignee changed from laforge to zecke

#2 Updated by neels over 1 year ago

I'm fairly sure all that it is is a link to set the openid URL as GET parameter to save the need to type it in the edit field:

https://gerrit.osmocom.org/login/%23%2Fq%2Fstatus%3Aopen?id=https://osmocom.org/openid

I used to have a bookmark for this link in my browser until the link showed up on our gerrit login.
You'll notice that clicking on it even from redmine here will directly go for the openid validation.

#3 Updated by zecke over 1 year ago

Maybe we can make it configurable in the upstream version? It was committed locally and is the only relevant commit. OpenID is a redmine plugin and installed in (root@projects:/usr/local/www/redmine-3.2.9/plugins/redmine_openid_provider). We are the only user of the OpenID plugin and I wasn't sure if pushing it is a good idea.

commit ce79992aba745d194538beff705f00e20b3d5650
Author: User <gerrit@gerrit.osmocom.org>
Date:   Sat Apr 22 08:43:59 2017 +0000

    openid: Provide one click option for the osmocom redmine

diff --git a/gerrit-openid/src/main/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html b/gerrit-openid/src/main/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html
index 07e09f5324..0c0b854470 100644
--- a/gerrit-openid/src/main/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html
+++ b/gerrit-openid/src/main/resources/com/google/gerrit/httpd/auth/openid/LoginForm.html
@@ -70,6 +70,10 @@
         <div id="providers">
         </div>

+       <div id="provider_osmocom">
+         <a href="?id=https://osmocom.org/openid" id="id_osmocom">Sign in with Osmocom</a>
+        </div>
+
         <div id="provider_launchpad">
           <img height="16" width="16" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAA4AAAAOCAYAAAAfSC3RAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAAHKSURBVCiRjZI9SFtRGIafc5tiVFCkhUxKBAcLYoPWwE0GEUPBwc0f1MHFoWLBiKABobWtBh2kacFYwUUQRXBoB3EJCVUvyBVrIB1UskTawUGFQOoP5h6H3ki8deg7vuc853zvxyuklORLDUc9QH9nZeAL0AGM+1v0cywSOVANR8uBaaALOOysDLwCYsAp8AaY97fo2RyoqOFooRqOvgUOTMiqJ8AsEA9tuH13IFkcQD1QZHpbQE+bPXEADAK5MSsA1/p+1SMAoTbF9oAh2WYUAcWbz5tThiQE1EsI7VxVzMWvHe2lGWP1RaqgWyKe1g5vjyhAHfBdrCmuWG1zqSHRAS9gFxBQC451/+PdhbqUPSYR00JSAmDLy+IE7ICwZHRkbBQKqMo3lQeW8V/KB5PAMSAtd06Kb7iQf8/vgXuA9/2V9nN7dCKjCNyABlxKmPqx7HQvDjX0HX29bBLIUSlIA4gNT9Bpw/gMtJqPaYD/2evJX5FgTQcwDpQBaeCD8+XZx8aZZFaxYZyYv/4xQS+wFAnWVAOfTAgzRrxxJpkFUHza2IVPG3sHVAMrD+zhFBgAXL0JPZIzhbXkEe+kB+j/nf52V/LexL8lvwVTCpkwGXEEfAAAAABJRU5ErkJggg=="/>
           <a href="?id=https://login.launchpad.net/%2Bopenid" id="id_launchpad">Sign in with a Launchpad ID</a>

#4 Updated by laforge over 1 year ago

On Tue, Mar 20, 2018 at 01:23:25PM +0000, zecke [REDMINE] wrote:

Maybe we can make it configurable in the upstream version?

I think it's already possible via a Java plugin. My JAva language skills are close
to non-existant, but
https://github.com/gerrit-review/gerrit/blob/master/java/com/google/gerrit/httpd/auth/openid/LoginForm.java
seems to look like there is some code ("see addProvider()") which adds HTML element to the form.

It's called from a loop further above:

Element providers = HtmlDomUtil.find(doc, "providers");
Set<String> plugins = oauthServiceProviders.plugins();
for (String pluginName : plugins) {
Map<String, Provider<OAuthServiceProvider>> m = oauthServiceProviders.byPlugin(pluginName);
for (Map.Entry<String, Provider<OAuthServiceProvider>> e : m.entrySet()) {
addProvider(providers, link, pluginName, e.getKey(), e.getValue().get().getName());
}
}

So I think it should be possible to have a Java plugin that adds Osmocom to the list of OpenID
providers? This way we wouldn't need to patch the code/html but simply had a plugin that we could
keep across updates, etc? How do you read the code?

#5 Updated by neels about 1 year ago

(ah, so the openid login is not from stock gerrit? what's the usual way of login, then?
openid seems a good idea, but in practice it makes logging in an orgy of clicking back and forth,
where the "normal" password credentials login is just hitting enter in the presence of a pw manager.
So in fact I wouldn't mind if we left the openid out of the loop and had a normal login like
jenkins or redmine have?)

#6 Updated by zecke about 1 year ago

laforge wrote:

So I think it should be possible to have a Java plugin that adds Osmocom to the list of OpenID
providers? This way we wouldn't need to patch the code/html but simply had a plugin that we could
keep across updates, etc? How do you read the code?

The question is how to get "providers" into the config. I used a search engine and checked providers on https://gerrit-review.googlesource.com/Documentation/config-gerrit.html. It seems possible.. but nobody documented. ;)

#7 Updated by laforge about 1 year ago

  • Status changed from Feedback to Stalled
  • Assignee changed from zecke to laforge

#8 Updated by laforge about 1 year ago

Mh. I distinctly remember that zecke was doign some work on this, even creating a related Dockerfile. Still, no mention of this here?

Ah yes, it's Change-Id: I713948fbb93355c2e33e3b92969e2389cb88c938 in docker-playground.git, see http://git.osmocom.org/docker-playground/tree/gerrit

Planning to migrate on sunday this week.

#9 Updated by laforge about 1 year ago

  • Checklist item find out what kind of changes we need for Osmocom OpenID integration set to Done
  • Checklist item create a custom Dockerfile that applies our changes set to Done

#10 Updated by laforge about 1 year ago

  • Checklist item re-test with new dockerfile set to Done
  • Status changed from Stalled to Resolved
  • % Done changed from 30 to 100

migration finally completed today. There was a lot of trouble due to the fact that the docker-entrypoint script was overwriting config changes that I manually made beforehand, repeatedly.

The other problems were related to the NoteDb migration config file changes that also confused gerrit during multiple rollback/forward trials. But all is well now, including openID. We also have gerrit 2.15.1 now, as an added benefit.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)