The following options must be set in $GERRIT_SITE/etc/gerrit.config
.
lfs
lfs.plugin = @PLUGIN@ : With this option set LFS requests are forwarded to the @PLUGIN@ plugin.
The following options can be configured in @PLUGIN@.config
on the refs/meta/config
branch of the All-Projects
project.
[@PLUGIN@ "sandbox/*"] enabled = true maxObjectSize = 10m [@PLUGIN@ "public/*"] enabled = true maxObjectSize = 200m [@PLUGIN@ "customerX/*"] enabled = true maxObjectSize = 500m [@PLUGIN@ "customerY/*"] enabled = false
A namespace can be specified as
exact project name (plugins/myPlugin
): Defines LFS settings for one project.
pattern (sandbox/*
): Defines LFS settings for one project namespace.
regular expression (^test-.*/.*
): Defines LFS settings for the namespace matching the regular expression.
for-each-pattern (?/*
): Defines the same LFS settings for each subfolder. ?
is a placeholder for any name and ?/*
with maxObjectSize = 100m
means that for every subfolder the maximum object size is 100 mb
. Hence ?/*
is a shortcut for having n explicit namespaces.
If a project name matches several @PLUGIN@ namespaces, the one the that is defined first in the @PLUGIN@.config will be applied.
Example: Enable LFS for all projects, allowing unlimited object size for projects under /test
and limiting to 500 mb
for projects under other folders:
[@PLUGIN@ "test/*"] enabled = true [@PLUGIN@ "?/*"] enabled = true maxObjectSize = 500m
Example: Only enable LFS for projects under customer-A
:
[@PLUGIN@ "customer-A/*] enabled = true
lfs
lfs.enabled : Whether to enable LFS for projects in this namespace. If not set, defaults to false
.
lfs.maxObjectSize : Maximum allowed object size (per object) in bytes for projects in this namespace, or 0 for no limit. If not set, defaults to 0. Common unit suffixes of k
, m
, and g
are supported.
lfs.readOnly : Whether to switch LFS for projects in this namespace into read-only mode. In this mode reading LFS objects is still possible but pushing is forbidden. Note that regular git operations are not affected. If not set, defaults to false
.
lfs.backend : Backend that should be used for storing binaries. It has to be one of backends specified as fs or s3 subsection of Global Plugin Settings. If not set, defaults to value of storage.backend
from Global Plugin Settings.
The following options can be configured in $GERRIT_SITE/etc/@PLUGIN@.config
and $GERRIT_SITE/etc/@PLUGIN@.secure.config.
locks
The Git LFS File Locking API specifies that a certain path can be locked by a user. It prevents the file being accidentally overwritten by a different user, and costly (manual in most cases) binary file merge. Each lock is represented by a JSON structure:
{ "id":"[lock id the same as lock file name]", "path":"[path to the resource being locked]", "locked_at":"[timestamp the lock was created in ISO 8601 format]", "owner":{ "name":"[the name of the user that created the lock]" } }
The lock is stored in a file whose name is the SHA256 hash of the path being locked, under locks.directory
followed by the project name.
locks.directory : The directory in which to store Git LFS file locks.
: Default is $GERRIT_SITE/data/@PLUGIN@/lfs_locks
.
auth
auth.sshExpirationSeconds : Validity, in seconds, of authentication token for SSH requests. Git LFS Authentication specifies that SSH might be used to authenticate the user. Successful authentication provides token that is later used for Git LFS requests. : Default is 10
seconds.
storage
storage.backend : The default storage backend to use. Valid values are fs
for local file system, and s3
for Amazon S3. If not set, defaults to fs
.
fs
- default file system backendThe following configuration options are only used when the backend is fs
.
fs.directory : The directory in which to store data files. If not specified, defaults to the plugin's data folder: $GERRIT_SITE/data/@PLUGIN@
.
fs.expirationSeconds : Validity, in seconds, of authentication token for signed requests. Gerrit‘s LFS protocol handler signs requests to be issued by the git-lfs extension. This way the git-lfs extension doesn’t need any credentials to access objects in the FS bucket. Validity of these request signatures expires after this period. : Default is 10
seconds.
s3
- default S3 backendThe following configuration options are only used when the backend is s3
.
s3.region : Amazon region the S3 storage bucket is residing in.
s3.bucket : Name of the Amazon S3 storage bucket which will store large objects.
s3.storageClass : Amazon S3 storage class used for storing large objects. : Default is REDUCED_REDUNDANCY
s3.expirationSeconds : Expiration in seconds of validity of signed requests. Gerrit‘s LFS protocol handler signs requests to be issued by the git-lfs extension with the configured accessKey
and secretKey
. This way the git-lfs extension doesn’t need any credentials to access objects in the S3 bucket. Validity of these request signatures expires after this period. : Default is 60
seconds.
s3.disableSslVerify : true
: SSL verification is disabled : false
: SSL verification is enabled : Default is false
.
s3.accessKey : The Amazon IAM accessKey for authenticating to S3. It is recommended to place this setting in $GERRIT_SITE/etc/@PLUGIN@.secure.config
.
s3.secretKey : The Amazon IAM secretKey for authenticating to S3. It is recommended to place this setting in $GERRIT_SITE/etc/@PLUGIN@.secure.config
.
One can specify multiple LFS backends for both FS and S3 storage by introducing backend subsections:
[fs "foo"] directory = /foo_dir [s3 "bar"] ...
and use them for namespace configuration by adding backend namespace parameter:
[@PLUGIN@ "sandbox/*"] backend = foo ... [@PLUGIN@ "release/*"] backend = bar ...
The following options must be set in the local project's .git/config
file.
lfs
lfs.url : http://<username>@<gerrit-host>:<port>/<project-name>/info/lfs
When the Gerrit repo is cloned via ssh, the git lfs url must be set to use http.