Remove docker-setup-specific contents of gerrit-master image
The purpose of this project is to provide a Kubernetes setup for Gerrit.
Out of historical reasons the container images maintained by this
project were built in a way to also support running a similar setup
in docker. This causes a lot of additional effort and also adds contents
to the containers that are not used in the Kubernetes context, which
makes them larger and potentially more insecure than need be.
This change moves the custom entrypoint in the gerrit-master chart to
the start-script of the docker image. The docker container will continue
to work on its own, but has the option to symlink configuration provided
at /var/config into /var/gerrit/etc as needed for the gerrit-master helm
chart. Since the initialization of the Gerrit site will be performed by
the gerrit-init container, the corresponding command was removed from
the start script. To continue to allow Gerrit to start up without
further prerequisites, a basic site is initialized in the gerrit-base
image. The script to start the container in a docker setup was removed.
Change-Id: I02e740ddbb7152dd272daeed96f8b7e43a4e13ac
diff --git a/container-images/gerrit-base/Dockerfile b/container-images/gerrit-base/Dockerfile
index 54aa13f..d360860 100644
--- a/container-images/gerrit-base/Dockerfile
+++ b/container-images/gerrit-base/Dockerfile
@@ -23,4 +23,9 @@
chown -R gerrit:users /var/war
USER gerrit
+RUN java -jar /var/gerrit/bin/gerrit.war init \
+ --batch \
+ --no-auto-start \
+ -d /var/gerrit
+
ENTRYPOINT ["/bin/bash", "/var/tools/start"]
diff --git a/container-images/gerrit-master/README.md b/container-images/gerrit-master/README.md
index 2ec21e0..8739cbb 100644
--- a/container-images/gerrit-master/README.md
+++ b/container-images/gerrit-master/README.md
@@ -10,4 +10,7 @@
## Start
* starts the container via start script `/var/tools/start` (definition of
- Entrypoint is inherited from gerrit-base container)
\ No newline at end of file
+Entrypoint is inherited from gerrit-base container)
+* If configuration files (`gerrit.config`, `secret.config`, `replication.config`
+and `keystore`) are provide in `/var/config`, they will be symlinked into the
+Gerrit site.
diff --git a/container-images/gerrit-master/start b/container-images/gerrit-master/start
deleted file mode 100755
index 0a8c47c..0000000
--- a/container-images/gerrit-master/start
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-
-MODE=$1 && shift
-NAME=$1 && shift
-SITE=$1 && shift
-REGISTRY=$1 && shift
-TAG=$1 && shift
-OWNER_UID=$1 && shift
-OWNER_GID=$1 && shift
-ENV=$1 && shift
-
-create_dir "$SITE/logs" $OWNER_UID $OWNER_GID
-
-docker run $MODE \
- -h $(hostname -f) \
- --name ${NAME} \
- -p 8082:8080 \
- -p 29418:29418 \
- -v $SITE/etc:/var/gerrit/etc \
- -v $SITE/git:/var/gerrit/git \
- -v $SITE/logs:/var/gerrit/logs \
- -v $SITE/lib:/var/gerrit/lib \
- $ENV \
- ${REGISTRY}k8sgerrit/${NAME}:${TAG}
diff --git a/container-images/gerrit-master/tools/start b/container-images/gerrit-master/tools/start
index 9e2942e..e39013e 100755
--- a/container-images/gerrit-master/tools/start
+++ b/container-images/gerrit-master/tools/start
@@ -1,26 +1,20 @@
#!/bin/bash
-gerrit_uid=$(id -u)
-gerrit_gid=$(cut -d: -f3 < <(getent group users))
+symlink_config_to_site(){
+ mkdir -p /var/gerrit/etc
+ for file in keystore gerrit.config secure.config replication.config; do
+ test -f /var/config/$file && \
+ ln -sf /var/config/$file /var/gerrit/etc/$file
+ done
+}
-for dir in /var/gerrit/*; do
- /var/tools/validate_site.sh $dir $gerrit_uid $gerrit_gid || exit 1
-done
-
-/var/gerrit/bin/gerrit.sh check >/dev/null
-if [[ $? -eq 1 ]]; then
- echo "Performing Gerrit site initialization..."
- java -jar /var/gerrit/bin/gerrit.war init \
- --batch \
- -d /var/gerrit
-fi
+# Ensure that configuration provided at /var/config is symlinked to the Gerrit
+# site. This is necessary, because mounting files from secrets/configmaps in
+# Kubernetes make the containing directory read-only.
+symlink_config_to_site
java -jar /var/gerrit/bin/gerrit.war reindex \
-d /var/gerrit
-git config -f /var/gerrit/etc/gerrit.config --add \
- container.javaOptions "-Djava.security.egd=file:/dev/./urandom"
-
/var/gerrit/bin/gerrit.sh start
-
tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log
diff --git a/container-images/gerrit-slave/Dockerfile b/container-images/gerrit-slave/Dockerfile
index b89f302..be5a81f 100644
--- a/container-images/gerrit-slave/Dockerfile
+++ b/container-images/gerrit-slave/Dockerfile
@@ -4,10 +4,5 @@
# Initialize Gerrit site, install MySQL driver for Gerrit and configure Gerrit
# as slave
-RUN java -jar /var/gerrit/bin/gerrit.war init \
- --batch \
- --no-auto-start \
- --install-plugin singleusergroup \
- -d /var/gerrit && \
- /var/tools/download_db_driver && \
+RUN /var/tools/download_db_driver && \
git config -f /var/gerrit/etc/gerrit.config container.slave true
diff --git a/helm-charts/gerrit-master/templates/gerrit-master.deployment.yaml b/helm-charts/gerrit-master/templates/gerrit-master.deployment.yaml
index ef15963..d23b647 100644
--- a/helm-charts/gerrit-master/templates/gerrit-master.deployment.yaml
+++ b/helm-charts/gerrit-master/templates/gerrit-master.deployment.yaml
@@ -91,29 +91,6 @@
- name: gerrit-master
image: {{ template "registry" . }}{{ .Values.gerritMaster.images.gerritMaster }}:{{ .Values.images.version }}
imagePullPolicy: {{ .Values.images.imagePullPolicy }}
- command:
- - /bin/bash
- - -c
- args:
- - |
- symlink_config_to_site(){
- {{ if .Values.gerritMaster.keystore -}}
- ln -s /var/keystore /var/gerrit/etc/keystore
- {{- end }}
- ln -sf /var/config/gerrit.config /var/gerrit/etc/gerrit.config
- ln -sf /var/config/secure.config /var/gerrit/etc/secure.config
- ln -sf /var/config/replication.config /var/gerrit/etc/replication.config
- }
-
- mkdir -p /var/gerrit/etc
- symlink_config_to_site
-
- java -jar /var/gerrit/bin/gerrit.war reindex \
- -d /var/gerrit
-
- /var/gerrit/bin/gerrit.sh start
-
- tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log
ports:
- containerPort: 8080
volumeMounts:
@@ -136,7 +113,7 @@
subPath: secure.config
{{ if .Values.gerritMaster.keystore -}}
- name: gerrit-master-secure-config
- mountPath: "/var/keystore"
+ mountPath: "/var/config/keystore"
subPath: keystore
{{- end }}
resources:
diff --git a/start b/start
index dee0388..43fb4a6 100755
--- a/start
+++ b/start
@@ -74,10 +74,6 @@
case "$NAME" in
-gerrit-master)
- container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
- ;;
-
gerrit-slave)
container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
;;
