HOW TO SET LOCAL AOSP GERRIT SERVER – PART 2

Hi. This is part 2 of the “How to set local AOSP Gerrit server”, you might want to start with part 1 here.

In part 1 we’ve downloaded all the necessary stuff and in this post we’re going to set it all up.

First thing, let’s bootstrap Gerrit.

Let’s create a Gerrit user:

$ sudo adduser --system --shell /bin/bash --gecos 'Gerrit Code Review User' --group --disabled-password --home /home/gerrit2 gerrit2

Gerrit needs to work with a database, it support various types of database. for this tutorial I chose MySQL.
Open a shell and type the following:

$ mysql -u root -p
CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'secret';
CREATE DATABASE reviewdb;
ALTER DATABASE reviewdb charset=latin1;
GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';
FLUSH PRIVILEGES;
quit

This commands create a Gerrit user, a database and sets the required permissions for the Gerrit user.

Log in as the new user:
$ sudo su gerrit2

Copy the gerrit-2.11.war file you’ve downloaded in the previous post to gerrit2 home directory and run the following comand

$ java -jar ./gerrit-2.11.war init -d review_site

Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore

*** Gerrit Code Review 2.11
***

Create ‘/home/gerrit2/review_site’ [Y/n]?

*** Git Repositories
***

Location of Git repositories [git]:

*** SQL Database
***

Database server type [h2]: MySQL

Gerrit Code Review is not shipped with MySQL Connector/J 5.1.21
** This library is required for your configuration. **
Download and install it now [Y/n]?
Downloading http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar … OK
Checksum mysql-connector-java-5.1.21.jar OK
Server hostname [localhost]:
Server port [(mysql default)]:
Database name [reviewdb]:
Database username [gerrit2]: gerrit2
gerrit’s password :
confirm password :

*** Index
***

Type [LUCENE/?]:

*** User Authentication
***

Authentication method [OPENID/?]:

*** Review Labels
***

Install Verified label [y/N]?

*** Email Delivery
***

SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [NONE/?]:
SMTP username :

*** Container Process
***

Run as [gerrit2]:
Java runtime [/usr/lib/jvm/java-8-openjdk-amd64/jre]:
Copy gerrit-2.11.war to /home/gerrit2/review_site/bin/gerrit.war [Y/n]?
Copying gerrit-2.11.war to /home/gerrit2/review_site/bin/gerrit.war

*** SSH Daemon
***

Listen on address [*]:
Listen on port [29418]:

Gerrit Code Review is not shipped with Bouncy Castle Crypto SSL v151
If available, Gerrit can take advantage of features
in the library, but will also function without it.
Download and install it now [Y/n]?
Downloading http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar … OK
Checksum bcpkix-jdk15on-151.jar OK
Generating SSH host key … rsa… dsa… done

*** HTTP Daemon
***

Behind reverse proxy [y/N]?
Use SSL (https://) [y/N]?
Listen on address [*]:
Listen on port [8080]:
Canonical URL [http://ubuntu:8080/]: http://10.0.0.9:8080

*** Plugins
***

Installing plugins.
Install plugin download-commands version v2.11 [y/N]?
Install plugin reviewnotes version v2.11 [y/N]?
Install plugin singleusergroup version v2.11 [y/N]?
Install plugin replication version v2.11 [y/N]?
Install plugin commit-message-length-validator version v2.11 [y/N]?
Initializing plugins.
No plugins found with init steps.

Initialized /home/gerrit2/review_site
Executing /home/gerrit2/review_site/bin/gerrit.sh start
Starting Gerrit Code Review: OK
Waiting for server on ubuntu:8080 … OK
Opening http://10.0.0.9:8080/#/admin/projects/ …FAILED
Open Gerrit with a JavaScript capable browser:
http://10.0.0.9:8080/#/admin/projects/

Allright. We’ve got Gerrit running now.
A thing worth mentioning, the first user that logs into Gerrit becomes an admin. so make sure to login first with the administrator user.

Gerrit can work with several authentication models. I chose OpenID for this tutorial.
If you don’t have OpenID server on your machine, you can use external service such as Yahoo for instance. (Lately Google stopped supporting OpenID)

Let’s get started. open up a browser and browse to Gerrit site.

In the upper right corner you should see Register and Login links.
Register first using OpenID and log in.

Gerrit welcome screen

Now, let’s set our SSH keys so we can work from command line. we’re doing it as the Admin user for the Ubuntu Server, not as the Gerrit user.

Generate an SSH key pair by doing the following:

serveradmin@ubuntu:$ ssh-keygen <ENTER>
Generating public/private rsa key pair.
Enter file in which to save the key (/home/serveradmin/.ssh/id_rsa):  <ENTER>
Enter passphrase (empty for no passphrase): <ENTER>
Enter same passphrase again: <ENTER>
Your identification has been saved in /home/serveradmin/.ssh/id_rsa.
Your public key has been saved in /home/serveradmin/.ssh/id_rsa.pub.
The key fingerprint is:
d5:7b:51:d8:22:0e:95:63:f9:0e:a2:22:1c:97:76:40 serveradmin@ubuntu
The key's randomart image is:
+---[RSA 2048]----+
| .E ..o o.|
| . ..* o..|
| o .+.+.. |
| . + ... o... |
| . + .S. ..o. |
| o . . .. |
| . . |
| |
| |
+-----------------+

serveradmin@ubuntu:~/aosp_mirror$ cat ~/.ssh/id_rsa.pub  <ENTER>
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDobCUbb8ExP9ci48ZCzCUE3P+IjoH6zrv/l88+4NOTf9FJWDAl4SHCXI+mrZoFEeZo9
uieKTuvHqUFQNpnVA9vfNY6bhaTucAAt0fX9Q1M1ZtNj2IxaQd7u9PnxjSGEig0BUtjqDEu4CMhMShXGWsGAwL7ju/qu7G7RF
iK/Wtcye6wUSjziXseCusb1DUZZ6dsOpxrPYEM3kwXpItQtAq1oEIQWsxEgj2nrOqRXm1UWdqIQU1X45XHQtg5iqi44PfLVNU
3alu453MeWn5PrpSS5dFw/7AkBW4KMPwrOvVnu8gb9xLA0TWtPf+sQ9ROEQC5SBeO+4Q9XRNf5YaswpLj serveradmin@ubuntu

Copy the entire blob to clipboard and paste switch back to Gerrit web interface.

On the upper right corner of the screen, click on your user name and then on Settings.
On the left menu that appears click on “SSH Public Keys” and paste the blob in the white box and press add.

 

Let’s test that we can access Gerrit now through SSH:

ssh -p 29418 admin@localhost <ENTER> <Change "admin" to your username in gerrit>

**** Welcome to Gerrit Code Review ****

Hi Administrator, you have successfully connected over SSH.

Unfortunately, interactive shells are disabled.
To clone a hosted Git repository, use:

git clone ssh://ramon@10.0.0.9:29418/REPOSITORY_NAME.git

Connection to localhost closed.

Now when we’re logged in. let’s create two groups:

“android-admin” and “android”

The former will be used for administration, it will have permissions to review, merge, delete, etc.
The latter will have only view and submit change-set permission.

On the menu, press on People –> Create New Group
Enter in group name “android-admin” (Without the quotes)

Do this again for “android”

Now, let’s create a parent project for all the AOSP tree. All configuration we apply to that project will be inherited to the children projects. if we skip this step, all AOSP projects will inherit from the default “All-Projects” project, which is too global.

On the Gerrit GUI, Press on Project -> Create New Project.
Fill in the following:

Project Name: Android
Rights Inherit From: All-Projects

Tick the “Only Serve As Parent For Other Projects” and press on “Create Project” button.

Now, when we’ve got our parent project. let’s set it’s access permissions:

Click on Projects -> List, and select the Android project.

Click on Access and Edit.

 

Now it’s time to push all Android projects to gerrit.

First command will create all the projects in gerrit. it should be rather quick.\
The Second command will change the parent project for all the projects we’ve just created.
The Third command will actually push all the code into the repositories, this should take a while…

Go into the folder where you’ve mirrored Android and type:
$ repo forall -c 'echo $REPO_PATH; ssh -p 29418 admin@localhost gerrit create-project --name android/$REPO_PATH --owner android;'

accessories/manifest
device/asus/deb
device/asus/flo
device/asus/flo-kernel
device/asus/fugu
device/asus/fugu-kernel

$ repo forall -c 'echo $REPO_PATH; ssh -p 29418 admin@localhost gerrit set-project-parent --parent Android android/$REPO_PATH;'

accessories/manifest
device/asus/deb
device/asus/flo
device/asus/flo-kernel

Go to Projects -> List
Select Android and Press on General.
Below on the page you should find a button called “Edit Config”
Press on it and paste the following:

[access "refs/*"]
read = group android
read = group android-admin
abandon = group android-admin
push = group android-admin
pushTag = group android-admin
pushSignedTag = group android-admin
label-Code-Review = -2..+2 group android-admin
submit = group android-admin
submitAs = group android-admin
forgeAuthor = group android-admin
forgeCommitter = group android-admin
pushMerge = group android-admin
rebase = group android-admin
editTopicName = group android-admin
[access "refs/heads/*"]
label-Code-Review = -2..+2 group android-admin
label-Code-Review = -1..+1 group android
read = group android
abandon = group android
rebase = group android
submit = group android
[access "refs/tags/*"]
pushTag = group android
pushSignedTag = group android

Press on Save.

In next step, which will take some time, we’re going to push all of git tags and objects to the projects we’ve created. It may fail, but if it is, you can run it again until it succeeds. I found that increasing the Virtual machine RAM solved the issue for me.


$ repo forall -c 'echo $REPO_PATH; git push ssh://ramon@localhost:29418/android/$REPO_PATH +refs/heads/* +refs/tags/*;'

Okay.
That’s it for this time, in the next part I’ll show you how to maintain the gerrit server. how to add it as a startup service, how to update the mirror and push new releases of Google in to it.
Cy’a

Ramon

Part 3 is ready, here’s the link.

Advertisements
HOW TO SET LOCAL AOSP GERRIT SERVER – PART 2

4 thoughts on “HOW TO SET LOCAL AOSP GERRIT SERVER – PART 2

  1. Anthony says:

    new gerrit project-create syntax is:
    repo forall -c ‘echo $REPO_PATH; ssh -p 29418 admin@localhost gerrit create-project –owner android android/$REPO_PATH;’

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s