| commit | 3f2274f2f418c8b52342cabb936c69e753008c10 | [log] [tgz] |
|---|---|---|
| author | Gunjan Baid <gunjanbaid@google.com> | Fri Mar 06 15:26:03 2020 -0800 |
| committer | Gunjan Baid <gunjanbaid@google.com> | Fri Mar 06 16:04:04 2020 -0800 |
| tree | 4917f2dca6a391324b15a838d8f63b4f839d71f1 | |
| parent | 328d3e09cac2a6ad78569f29c49acb5002c10780 [diff] |
Add Python 3 compatibility. Change-Id: Id09cce1a0db2109ba5f37df03aa544b06bf41dda
The git-cookie-authdaemon uses the GCE metadata server to acquire an OAuth2 access token and configures git to always present this OAuth2 token when connecting to googlesource.com or Google Cloud Source Repositories.
Launch the GCE VMs with the gerritcodereview scope requested, for example:
gcloud compute instances create \ --scopes https://www.googleapis.com/auth/gerritcodereview \ ...
To add a scope to an existing GCE instance see this gcloud beta feature.
Install the daemon within the VM image and start it running:
sudo apt-get install git git clone https://gerrit.googlesource.com/gcompute-tools/ ./gcompute-tools/git-cookie-authdaemon
The daemon launches itself into the background and continues to keep the OAuth2 access token fresh.
git-cookie-authdaemon can be started as a systemd service at boot.
# Write the service config $ sudo cat > /etc/systemd/system/git-cookie-authdaemon.service << EOF [Unit] Description=git-cookie-authdaemon required to access git-on-borg from GCE Wants=network.target After=syslog.target network-online.target [Service] User=builder # update to your user Group=builder # update to your group Type=simple ExecStart=/path/to/git-cookie-authdaemon # update the path Restart=on-failure RestartSec=10 KillMode=process [Install] WantedBy=multi-user.target EOF # Reload the service configs $ sudo systemctl daemon-reload # Enable the service $ sudo systemctl enable git-cookie-authdaemon # Start the service sudo systemctl start git-cookie-authdaemon # Check the status of the service systemctl status git-cookie-authdaemon ps -ef | grep git-cookie-authdaemon # Reboot and check status again.
git-cookie-authdaemon in the same environment under the same user git commands will be run, for example in either Command Prompt or Cygwin bash shell under user builder.python git-cookie-authdaemon --nofork
It may be desired in automation to launch git-cookie-authdaemon at Windows boot. It can be done as a scheduled task. The following is an example on a Jenkins node. The setup is:
builder account.How to create a scheduled task.
Task Scheduler from an Administrator account.Create Task in the right pane.General tab:builder in this example.Run whether user is logged on or notTrigger tab. Add a triggerBegin the task as At startup.Stop task if it runs longer than.Enabled.Actions tab. Add Start a program.Program/script as C:\cygwin64\bin\bash.ext,Add arguments as --login -c /home/builder/git-cookie-authdaemon_wrapper.sh (see note below)Ok to save it.Enable All Tasks History in Task Scheduler's right pane.builder account to Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment -> Log On As Batch JobNote: /home/builder/git-cookie-authdaemon_wrapper.sh` below does
#!/bin/bash
exe=gcompute-tools/git-cookie-authdaemon
log=/cygdrive/c/build/git-cookie-autodaemon.log
# HOMEPATH is not set in task scheduled at machine boot.
export HOMEPATH=${HOMEPATH:-'\Users\builder'}
/cygdrive/c/Python27/python $exe --nofork >> $log 2>&1 # option --debug is also available.