Google Git
Sign in
gerrit / k8s-gerrit / 9cfd5b97b83fa7f3ea9721d16506b71a9b77495f^! / .
commit9cfd5b97b83fa7f3ea9721d16506b71a9b77495f[log] [tgz]
authorThomas Draebing <thomas.draebing@sap.com>Thu Jan 03 16:35:10 2019 +0100
committerMatthias Sohn <matthias.sohn@sap.com>Wed Feb 20 15:28:13 2019 +0100
tree959efd7c32c59f21efda99f6f3d3fa47ae75ba9c
parent2b3635aa84eb84f589f3026a53164fdea07e2c48 [diff]
Remove docker-setup-specific contents of gerrit-slave image

The purpose of this project is to provide a Kubernetes setup for Gerrit.
Out of historical reasons the container images maintained by this
project were built in a way to also support running a similar setup
in docker. This causes a lot of additional effort and also adds contents
to the containers that are not used in the Kubernetes context, which
makes them larger and potentially more insecure than need be.

This change moves the custom entrypoint in the gerrit-slave chart to
the start-script of the docker image. The docker container will continue
to work on its own, but has the option to symlink configuration provided
at /var/config into /var/gerrit/etc as needed for the gerrit-slave helm
chart. The script to start the container in a docker setup was removed.

Change-Id: I28166aaab8785522c2c8101f46903c564909705c

diff --git a/container-images/gerrit-slave/README.md b/container-images/gerrit-slave/README.md
index b771242..65073a2 100644
--- a/container-images/gerrit-slave/README.md
+++ b/container-images/gerrit-slave/README.md

@@ -17,4 +17,6 @@
 ## Start
 
 * starts the container via start script `/var/tools/start`
- (Entrypoint is inherited from gerrit-base image)
\ No newline at end of file
+(Entrypoint is inherited from gerrit-base image)
+* If configuration files (`gerrit.config`, `secret.config`, and `keystore`) are
+provide in `/var/config`, they will be symlinked into the Gerrit site.

diff --git a/container-images/gerrit-slave/start b/container-images/gerrit-slave/start
deleted file mode 100755
index 0a8c47c..0000000
--- a/container-images/gerrit-slave/start
+++ /dev/null

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-MODE=$1 && shift
-NAME=$1 && shift
-SITE=$1 && shift
-REGISTRY=$1 && shift
-TAG=$1 && shift
-OWNER_UID=$1 && shift
-OWNER_GID=$1 && shift
-ENV=$1 && shift
-
-create_dir "$SITE/logs" $OWNER_UID $OWNER_GID
-
-docker run $MODE \
-  -h $(hostname -f) \
-  --name ${NAME} \
-  -p 8082:8080 \
-  -p 29418:29418 \
-  -v $SITE/etc:/var/gerrit/etc \
-  -v $SITE/git:/var/gerrit/git \
-  -v $SITE/logs:/var/gerrit/logs \
-  -v $SITE/lib:/var/gerrit/lib \
-  $ENV \
-  ${REGISTRY}k8sgerrit/${NAME}:${TAG}

diff --git a/container-images/gerrit-slave/tools/start b/container-images/gerrit-slave/tools/start
index 974e2ca..b7dc32e 100755
--- a/container-images/gerrit-slave/tools/start
+++ b/container-images/gerrit-slave/tools/start

@@ -1,26 +1,35 @@
 #!/bin/bash
 
+symlink_config_to_site(){
+  mkdir -p /var/gerrit/etc
+  for file in keystore gerrit.config secure.config; do
+    test -f /var/config/$file && \
+      ln -sf /var/config/$file /var/gerrit/etc/$file
+  done
+}
+
 create_missing_repository(){
   test -d $1 || git init --bare $1
 }
 
-gerrit_uid=$(id -u)
-gerrit_gid=$(cut -d: -f3 < <(getent group users))
-
-for dir in /var/gerrit/*; do
-  /var/tools/validate_site.sh $dir $gerrit_uid $gerrit_gid || exit 1
-done
-
-JAVA_OPTIONS=$(git config --file /var/gerrit/etc/gerrit.config --get-all container.javaOptions)
-git config -f /var/gerrit/etc/gerrit.config container.slave true
+# Ensure that configuration provided at /var/config is symlinked to the Gerrit
+# site. This is necessary, because mounting files from secrets/configmaps in
+# Kubernetes make the containing directory read-only.
+symlink_config_to_site
 
 create_missing_repository /var/gerrit/git/All-Projects.git
 create_missing_repository /var/gerrit/git/All-Users.git
 
+DB=$(git config --file /var/gerrit/etc/gerrit.config --get database.type)
+if [[ "${DB^^}" == "MYSQL" ]]; then
+  /var/tools/download_db_driver
+fi
+
 # workaround gerrit.sh does not start httpd
+JAVA_OPTIONS=$(git config --file /var/gerrit/etc/gerrit.config --get-all container.javaOptions)
 java ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war daemon \
-    -d /var/gerrit \
-    --enable-httpd \
-    --slave &
+  -d /var/gerrit \
+  --enable-httpd \
+  --slave &
 
 tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log

diff --git a/helm-charts/gerrit-slave/templates/gerrit-slave.deployment.yaml b/helm-charts/gerrit-slave/templates/gerrit-slave.deployment.yaml
index 9c0baa3..bddb9b8 100644
--- a/helm-charts/gerrit-slave/templates/gerrit-slave.deployment.yaml
+++ b/helm-charts/gerrit-slave/templates/gerrit-slave.deployment.yaml

@@ -109,57 +109,10 @@
           mountPath: "/var/keystore"
           subPath: keystore
         {{- end }}
-      - name: create-repositories
-        image: bitnami/git
-        securityContext:
-          runAsUser: 1000
-          runAsGroup: 100
-        command:
-        - /bin/bash
-        - -c
-        args:
-        - |
-          create_missing_repository(){
-            test -d $1 || git init --bare $1
-          }
-
-          create_missing_repository /var/gerrit/git/All-Projects.git
-          create_missing_repository /var/gerrit/git/All-Users.git
-        volumeMounts:
-        - name: git-filesystem
-          mountPath: "/var/gerrit/git"
       containers:
       - name: gerrit-slave
         image: {{ template "registry" . }}{{ .Values.gerritSlave.images.gerritSlave }}:{{ .Values.images.version }}
         imagePullPolicy: {{ .Values.images.imagePullPolicy }}
-        command:
-        - /bin/bash
-        - -c
-        args:
-        - |
-          symlink_config_to_site(){
-            {{ if .Values.gerritSlave.keystore -}}
-            ln -s /var/keystore /var/gerrit/etc/keystore
-            {{- end }}
-            ln -sf /var/config/gerrit.config /var/gerrit/etc/gerrit.config
-            ln -sf /var/config/secure.config /var/gerrit/etc/secure.config
-          }
-
-          symlink_config_to_site
-
-          JAVA_OPTIONS=$(git config --file /var/gerrit/etc/gerrit.config --get-all container.javaOptions)
-
-          DB=$(git config --file /var/gerrit/etc/gerrit.config --get database.type)
-          if [[ "${DB^^}" == "MYSQL" ]]; then
-            /var/tools/download_db_driver
-          fi
-
-          java ${JAVA_OPTIONS} -jar /var/gerrit/bin/gerrit.war daemon \
-              -d /var/gerrit \
-              --enable-httpd \
-              --slave &
-
-          tail -F -n +1 /var/gerrit/logs/{error,httpd,sshd}_log
         ports:
         - containerPort: 8080
         volumeMounts:

diff --git a/start b/start
index 43fb4a6..5147c61 100755
--- a/start
+++ b/start

@@ -74,10 +74,6 @@
 
 case "$NAME" in
 
-gerrit-slave)
-  container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
-  ;;
-
 gerrit-init)
   container-images/$NAME/start "$MODE" "$NAME" "$SITE" "$REGISTRY" "$TAG" "$OWNER_UID" "$OWNER_GID" "$ENV"
   ;;