The following options must be set in $GERRIT_SITE/etc/gerrit.config.
lfslfs.plugin = @PLUGIN@ : With this option set LFS requests are forwarded to the @PLUGIN@ plugin.
The following options can be configured in @PLUGIN@.config on the refs/meta/config branch of the All-Projects project.
[@PLUGIN@ "sandbox/*"]
enabled = true
maxObjectSize = 10m
[@PLUGIN@ "public/*"]
enabled = true
maxObjectSize = 200m
[@PLUGIN@ "customerX/*"]
enabled = true
maxObjectSize = 500m
[@PLUGIN@ "customerY/*"]
enabled = false
A namespace can be specified as
exact project name (plugins/myPlugin): Defines LFS settings for one project.
pattern (sandbox/*): Defines LFS settings for one project namespace.
regular expression (^test-.*/.*): Defines LFS settings for the namespace matching the regular expression.
for-each-pattern (?/*): Defines the same LFS settings for each subfolder. ? is a placeholder for any name and ?/* with maxObjectSize = 100m means that for every subfolder the maximum object size is 100 mb. Hence ?/* is a shortcut for having n explicit namespaces.
If a project name matches several @PLUGIN@ namespaces, the one the that is defined first in the @PLUGIN@.config will be applied.
Example: Enable LFS for all projects, allowing unlimited object size for projects under /test and limiting to 500 mb for projects under other folders:
[@PLUGIN@ "test/*"]
enabled = true
[@PLUGIN@ "?/*"]
enabled = true
maxObjectSize = 500m
Example: Only enable LFS for projects under customer-A:
[@PLUGIN@ "customer-A/*]
enabled = true
lfslfs.enabled : Whether to enable LFS for projects in this namespace. If not set, defaults to false.
lfs.maxObjectSize : Maximum allowed object size (per object) in bytes for projects in this namespace, or 0 for no limit. If not set, defaults to 0. Common unit suffixes of k, m, and g are supported.
lfs.readOnly : Whether to switch LFS for projects in this namespace into read-only mode. In this mode reading LFS objects is still possible but pushing is forbidden. Note that regular git operations are not affected. If not set, defaults to false.
lfs.backend : Backend that should be used for storing binaries. It has to be one of backends specified as fs or s3 subsection of Global Plugin Settings. If not set, defaults to value of storage.backend from Global Plugin Settings.
The following options can be configured in $GERRIT_SITE/etc/@PLUGIN@.config and $GERRIT_SITE/etc/@PLUGIN@.secure.config.
locksThe Git LFS File Locking API specifies that a certain path can be locked by a user. It prevents the file being accidentally overwritten by a different user, and costly (manual in most cases) binary file merge. Each lock is represented by a JSON structure:
{
"id":"[lock id the same as lock file name]",
"path":"[path to the resource being locked]",
"locked_at":"[timestamp the lock was created in ISO 8601 format]",
"owner":{
"name":"[the name of the user that created the lock]"
}
}
The lock is stored in a file whose name is the SHA256 hash of the path being locked, under locks.directory followed by the project name.
locks.directory : The directory in which to store Git LFS file locks.
: Default is $GERRIT_SITE/data/@PLUGIN@/lfs_locks.
authauth.sshExpirationSeconds : Validity, in seconds, of authentication token for SSH requests. Git LFS Authentication specifies that SSH might be used to authenticate the user. Successful authentication provides token that is later used for Git LFS requests. : Default is 10 seconds.
storagestorage.backend : The default storage backend to use. Valid values are fs for local file system, and s3 for Amazon S3. If not set, defaults to fs.
fs - default file system backendThe following configuration options are only used when the backend is fs.
fs.directory : The directory in which to store data files. If not specified, defaults to the plugin's data folder: $GERRIT_SITE/data/@PLUGIN@.
fs.expirationSeconds : Validity, in seconds, of authentication token for signed requests. Gerrit‘s LFS protocol handler signs requests to be issued by the git-lfs extension. This way the git-lfs extension doesn’t need any credentials to access objects in the FS bucket. Validity of these request signatures expires after this period. : Default is 10 seconds.
s3 - default S3 backendThe following configuration options are only used when the backend is s3.
s3.region : Amazon region the S3 storage bucket is residing in.
s3.bucket : Name of the Amazon S3 storage bucket which will store large objects.
s3.storageClass : Amazon S3 storage class used for storing large objects. : Default is REDUCED_REDUNDANCY
s3.expirationSeconds : Expiration in seconds of validity of signed requests. Gerrit‘s LFS protocol handler signs requests to be issued by the git-lfs extension with the configured accessKey and secretKey. This way the git-lfs extension doesn’t need any credentials to access objects in the S3 bucket. Validity of these request signatures expires after this period. : Default is 60 seconds.
s3.disableSslVerify : true: SSL verification is disabled : false: SSL verification is enabled : Default is false.
s3.accessKey : The Amazon IAM accessKey for authenticating to S3. It is recommended to place this setting in $GERRIT_SITE/etc/@PLUGIN@.secure.config.
s3.secretKey : The Amazon IAM secretKey for authenticating to S3. It is recommended to place this setting in $GERRIT_SITE/etc/@PLUGIN@.secure.config.
One can specify multiple LFS backends for both FS and S3 storage by introducing backend subsections:
[fs "foo"]
directory = /foo_dir
[s3 "bar"]
...
and use them for namespace configuration by adding backend namespace parameter:
[@PLUGIN@ "sandbox/*"]
backend = foo
...
[@PLUGIN@ "release/*"]
backend = bar
...
The following options must be set in the local project's .git/config file.
lfslfs.url : http://<username>@<gerrit-host>:<port>/<project-name>/info/lfs
When the Gerrit repo is cloned via ssh, the git lfs url must be set to use http.