Fix master-slave recipe
Fix many breakages on the master-slave recipe:
- generation of the Prometheus bearer token
- sequence of resolution of variables
- reference to the Gerrit slave docker image
- service discovery of git-daemon
- missing includes in the git-ssh and git-daemon Makefiles
- missing GERRIT_KEY_PREFIX in git-ssh container's setup
- fix replication.config.template with more suitable sample values
- fix sequence of activation of the master-slave services
This change breaks the rule "one change = one thing", however, here
the thing is really "making master-slave recipe work".
Change-Id: Ic71ab16a4e83de60b4b2877727ad71abd79f117c
diff --git a/gerrit/add_secrets_aws_secrets_manager.sh b/gerrit/add_secrets_aws_secrets_manager.sh
index 3026cf3..2bccd2b 100755
--- a/gerrit/add_secrets_aws_secrets_manager.sh
+++ b/gerrit/add_secrets_aws_secrets_manager.sh
@@ -65,3 +65,8 @@
echo "Adding SMTP password..."
set-secret-string smtpPassword
+
+if [ -f "$SECRETS_DIRECTORY/prometheus_bearer_token" ]; then
+ echo "Adding Prometheus bearer token..."
+ set-secret-string prometheus_bearer_token
+fi
diff --git a/gerrit/replication.setup.template b/gerrit/replication.setup.template
index e4b7372..e5e018b 100644
--- a/gerrit/replication.setup.template
+++ b/gerrit/replication.setup.template
@@ -1,3 +1,3 @@
[remote-slave]
- url = git://replication.internal:29500/${name}.git
- adminUrl = ssh://gerrit@replication.internal:1022/var/gerrit/git/${name}.git
+ url = git://subdomain.hostedzonename:9418/${name}.git
+ adminUrl = ssh://gerrit@$subdomain.hostedzonename:1022/var/gerrit/git/${name}.git
diff --git a/gerrit/setup_gerrit.py b/gerrit/setup_gerrit.py
index c48d02f..fc15a6b 100755
--- a/gerrit/setup_gerrit.py
+++ b/gerrit/setup_gerrit.py
@@ -43,6 +43,7 @@
elif e.response['Error']['Code'] == 'ResourceNotFoundException':
# We can't find the resource that you asked for.
# Deal with the exception here, and/or rethrow at your discretion.
+ print("Secret name '%s' was not found" % secret_name)
raise e
else:
# Decrypts secret using the associated KMS CMK.
@@ -99,7 +100,7 @@
os.chmod(GERRIT_SSH_DIRECTORY, 0o700)
with open(GERRIT_REPLICATION_SSH_KEYS, 'w', encoding='utf-8') as f:
- f.write(get_secret(GERRIT_KEY_PREFIX + 'replication_user_id_rsa'))
+ f.write(get_secret(GERRIT_KEY_PREFIX + '_replication_user_id_rsa'))
os.chmod(GERRIT_REPLICATION_SSH_KEYS, 0o400)
file_loader = FileSystemLoader(GERRIT_CONFIG_DIRECTORY)
diff --git a/master-slave/Makefile b/master-slave/Makefile
index a84b575..6431c3d 100644
--- a/master-slave/Makefile
+++ b/master-slave/Makefile
@@ -1,5 +1,5 @@
-include setup.env
include ../Makefile.common
+include setup.env
CLUSTER_TEMPLATE:=cf-cluster.yml
SERVICE_MASTER_TEMPLATE:=cf-service-master.yml
@@ -8,14 +8,15 @@
AWS_FC_COMMAND=export AWS_PAGER=;aws cloudformation
.PHONY: create-all delete-all \
- cluster cluster-keys service-master dns-routing \
+ cluster cluster-keys service-master service-slave dns-routing \
+ delete-cluster delete-service-master delete-service-slave delete-dns-routing \
wait-for-cluster-creation wait-for-service-master-creation wait-for-dns-routing-creation \
wait-for-cluster-deletion wait-for-service-master-deletion wait-for-dns-routing-deletion \
gerrit-build gerrit-publish
create-all: cluster wait-for-cluster-creation \
- service-master service-slave \
- wait-for-service-master-creation wait-for-service-slave-creation \
+ service-slave wait-for-service-slave-creation \
+ service-master wait-for-service-master-creation \
dns-routing wait-for-dns-routing-creation
cluster: cluster-keys
@@ -57,7 +58,7 @@
ParameterKey=DockerRegistryUrl,ParameterValue=$(DOCKER_REGISTRY_URI) \
ParameterKey=CertificateArn,ParameterValue=$(SSL_CERTIFICATE_ARN) \
ParameterKey=GerritKeyPrefix,ParameterValue=$(GERRIT_KEY_PREFIX)\
- ParameterKey=DockerImage,ParameterValue=aws-gerrit/gerrit:$(IMAGE_TAG)
+ ParameterKey=GerritDockerImage,ParameterValue=aws-gerrit/gerrit:$(IMAGE_TAG)
dns-routing:
$(AWS_FC_COMMAND) create-stack \
diff --git a/master-slave/README.md b/master-slave/README.md
index b2e2e6d..59d7f80 100644
--- a/master-slave/README.md
+++ b/master-slave/README.md
@@ -121,6 +121,9 @@
* replication_user_id_rsa
* replication_user_id_rsa.pub
+Generate a random bearer token to be used for monitoring with Promtetheus:
+* `openssl rand -hex 20 > prometheus_bearer_token`
+
You will have to create the keys and place them in a directory.
#### Register Email Private Key
diff --git a/master-slave/cf-service-slave.yml b/master-slave/cf-service-slave.yml
index 45f84ac..7415836 100644
--- a/master-slave/cf-service-slave.yml
+++ b/master-slave/cf-service-slave.yml
@@ -263,6 +263,8 @@
Value: gerrit:1000:1000
- Name: AWS_REGION
Value: !Ref AWS::Region
+ - Name: GERRIT_KEY_PREFIX
+ Value: !Ref GerritKeyPrefix
MountPoints:
- SourceVolume: !Ref GerritGitVolume
ContainerPath: /var/gerrit/git
diff --git a/master-slave/git-daemon/Makefile b/master-slave/git-daemon/Makefile
index d9fe694..110b819 100644
--- a/master-slave/git-daemon/Makefile
+++ b/master-slave/git-daemon/Makefile
@@ -1,3 +1,4 @@
+include ../../Makefile.common
include ../setup.env
IMAGE_NAME:=git-daemon
diff --git a/master-slave/git-ssh/Makefile b/master-slave/git-ssh/Makefile
index 88db26b..1b05de0 100644
--- a/master-slave/git-ssh/Makefile
+++ b/master-slave/git-ssh/Makefile
@@ -1,3 +1,4 @@
+include ../../Makefile.common
include ../setup.env
IMAGE_NAME:=git-ssh
diff --git a/master-slave/git-ssh/setup_ssh.py b/master-slave/git-ssh/setup_ssh.py
index fc228d0..362df06 100644
--- a/master-slave/git-ssh/setup_ssh.py
+++ b/master-slave/git-ssh/setup_ssh.py
@@ -58,13 +58,13 @@
"""
-GERRIT_KEY_PREFIX = "gerrit_secret_"
+GERRIT_KEY_PREFIX = os.getenv("GERRIT_KEY_PREFIX", "gerrit_secret")
SSH_KEYS_DIRECTORY = "/home/gerrit/.ssh"
print("Installing SSH Keys from Secret Manager in directory: " + SSH_KEYS_DIRECTORY)
with open(SSH_KEYS_DIRECTORY + '/authorized_keys', 'w', encoding='utf-8') as f:
- f.write(get_secret(GERRIT_KEY_PREFIX + 'replication_user_id_rsa.pub'))
+ f.write(get_secret(GERRIT_KEY_PREFIX + '_replication_user_id_rsa.pub'))
os.chmod(SSH_KEYS_DIRECTORY, 0o700)
os.chmod(SSH_KEYS_DIRECTORY + '/authorized_keys', 0o600)
