blob: 14651263d6b181693177fa43c5cf29314021f75f [file] [log] [blame] [edit]
= Gerrit at SAP
:backend: slidy
:max-width: 70em
== Gerrit at SAP
== Gerrit at SAP
* Introduction
* Project Administration & Self-Services
* Future Plans
== Introduction
* market leader in enterprise application software
* more than 65.500 employees
* more than 100.000 customers and 12 million users
* office locations in more than 130 countries
== Gerrit at SAP
Why is SAP using Gerrit?
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
* We believe in Code Review.
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
* We believe in Code Review.
* Fosters Collaboration between Teams.
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
* We believe in Code Review.
* Fosters Collaboration between Teams.
* Highly Customizable Workflows
** Access Rights
** Prolog Submit Rules
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
* We believe in Code Review.
* Fosters Collaboration between Teams.
* Highly Customizable Workflows
* Automatic Verifications of Open Changes
** Gerrit Trigger on Jenkins
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
* We believe in Code Review.
* Fosters Collaboration between Teams.
* Highly Customizable Workflows
* Automatic Verifications of Open Changes
* Easy Integration with other Tools
** Stream Events
** Plugins
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
* We believe in Code Review.
* Fosters Collaboration between Teams.
* Highly Customizable Workflows
* Automatic Verifications of Open Changes
* Easy Integration with other Tools
* Runs very stable + Low Administration Effort
== Gerrit at SAP
Why is SAP using Gerrit?
* We like Git.
* We believe in Code Review.
* Fosters Collaboration between Teams.
* Highly Customizable Workflows
* Automatic Verifications of Open Changes
* Easy Integration with other Tools
* Runs very stable + Low Administration Effort
* Large Open Source Community, Friendly Licence, no Licence Fees
== Gerrit at SAP
* using Gerrit since 2010
* 2 Gerrit maintainers
* multiple committers in JGit and EGit
== Gerrit at SAP
=== Main instance (2.7)
* mainly small projects
* number of projects: > 5K (~70GB)
* number of users: ~ 8K
* number of changes: ~ 400K
* virtual machine: 16 CPU, 64GB RAM
=== Special instance (2.5.2)
* 1 huge project (~15GB)
* number of users: > 2K
* hardware cluster, 80 CPU, 1TB RAM
Further Gerrit instances in preparation.
== Project Administration & Self-Services
== SAP Project Portal
* Central index of all projects
== Project Search
.Quick Search
== Project Info
== Project Info
== Project Info
== Project Info
== Contribute to a project
1. find project in Project Portal
2. clone the Git repository
3. make a change and push to Gerrit for review
== Contribute to a project
Everyone at SAP can contribute to any SAP project ➊!
* Committer/Contributor model
~➊ any project hosted in Gerrit~
== Project Creation
* Self-Service for creating new projects via SAP Project Portal
== Skalli
* Open Source project management tool
* SAP Project Portal = Skalli + SAP specific extensions
== Default Access Rights
* The project creator becomes project owner
== Default Access Rights
* The project creator becomes project owner
* The project owner group is self-owned
== Default Access Rights
* The project creator becomes project owner
* The project owner group is self-owned
* By default Project Owners can approve, verify, submit and push tags
== Default Access Rights
* The project creator becomes project owner
* The project owner group is self-owned
* By default Project Owners can approve, verify, submit and push tags
* Everyone can push for review and forge authors
== Default Access Rights
.Project access rights
.Inherited default access rights
== Default Access Rights
* Teams can start working without touching the access rights.
== Default Access Rights
* Teams can start working without touching the access rights.
* Teams can adapt the access rights to their needs
** enables team specific workflows (e.g. bypass code review)
== Default Access Rights
* Teams can start working without touching the access rights.
* Teams can adapt the access rights to their needs
** enables team specific workflows (e.g. bypass code review)
* Teams can configure custom Prolog rules, e.g.:
** 2 teams collaborate on 1 project, core team has to approve changes
in core files
** enforce 4-eyes-principle by prohibiting merging own changes
== Default Access Rights
* Best practices about which access rights should be assigned to which
roles are documented.
== Default Access Rights
* Best practices about which access rights should be assigned to which
roles are documented.
* Everyone can create new groups in Gerrit.
== Default Access Rights
* Best practices about which access rights should be assigned to which
roles are documented.
* Everyone can create new groups in Gerrit.
* `refs/meta/config` is readable for all
* By default new groups are visible to all users:
newGroupsVisibleToAll = true
== Decentralized Project Administration
* maximal freedom for teams to customize their workflows
* low central administration effort
2 admins spend a few hours per week on Gerrit administration
== SAP Product Standards
Requirements for development infrastructures
* security
* traceability
* etc.
== SAP Product Standards
For each code change it must be possible to find the person that was
doing the change.
* `Forge Committer` is BLOCKED on `All-Projects`
== SAP Product Standards
* ref logs never expire
GC script automatically sets:
gc.reflogexpire = never
gc.reflogexpireunreachable = never
* `reviewnotes` plugin is used
== SAP Product Standards
Every release build must be reproducable.
* Every release build is tagged
* Release tags must never be deleted
`Force Push` for release tags is BLOCKED on `All-Projects`
== SAP Product Standards
Special processes are enforced for release branches:
* code review mandatory
* release notes for customers
* custom review label in Gerrit with automated voting
* etc.
== Self-Service for Service User Creation
* many teams use Jenkins with Gerrit Trigger Plugin for verification
of open changes
* for each Jenkins instance a new service user needs to be created
* service users must not be able to push commits
.serviceuser Plugin (Gerrit 2.9)
== Configuration of serviceuser Plugin
== Configuration of serviceuser Plugin
== Configuration of serviceuser Plugin
== Configuration of serviceuser Plugin
== Configuration of serviceuser Plugin
== Observed misuses of Gerrit
* storage of Linux ISO images
* backup of database dumps
* (unintentional) upload of heap dumps
* usage as general purpose backup for arbitary files
== Protect against misuse of Gerrit
* Files larger than 20 MB cannot be pushed
maxObjectSizeLimit = 20 m
* Quota plugin
** limit max repository size
== Administration Pain Points
* project deletion
support to archive repositories is missing
* project renaming
* Project Owner confusion with Prolog
* accidental removal of owner rights for project / group
* configuration of periodical fetches for forked open source projects
== Summary - Project Administration & Self-Services
* decentralized project administration
** maximal freedom for teams to customize their workflows
** low central administration effort
* enforcement of central requirements
** use BLOCK rules on access rights
* Self-Services
** project creation via SAP Project Portal (Skalli)
** serviceuser plugin
== Future Plans
== Future Plans
Offer Gerrit as Git Service in the SAP HANA Cloud Platform.
== Future Plans
Offer Gerrit as Git Service in the SAP HANA Cloud Platform.
* *SAP HANA Cloud Platform*: SAP platform that enables customers and
developers to build, extend and run applications on SAP HANA in the
== Future Plans
Offer Gerrit as Git Service in the SAP HANA Cloud Platform.
* *SAP HANA Cloud Platform*: SAP platform that enables customers and
developers to build, extend and run applications on SAP HANA in the
* *SAP HANA* is an in-memory, column-oriented, relational database
management system
== Helium
* HTML5 applications
** static resources
** connect to existing backends via REST
* applications are directly served from Git repositories
* multiple versions can exist in parallel
* online development in the cloud (Web IDE)
* solution for SAP customers
== Requirements for Gerrit
* must run on SAP HANA Cloud Platform
** enabling of service-to-service communication
** roles are assigned outside of Gerrit (e.g. Gerrit admin role)
== Requirements for Gerrit
* must run on SAP HANA Cloud Platform
* isolation of Git repositories of different customers
** support for multi tenancy
== Requirements for Gerrit
* must run on SAP HANA Cloud Platform
* isolation of Git repositories from different customers
* protection against misuse
** enforcement of quotas per tenant
== Requirements for Gerrit
* must run on SAP HANA Cloud Platform
* isolation of Git repositories from different customers
* protection against misuse
* metering
== Requirements for Gerrit
* must run on SAP HANA Cloud Platform
* isolation of Git repositories of different customers
* protection against misuse
* metering
* unattended installation and upgrade
** automatic schema and index upgrades
** automatic plugin installation
** packaging of different configuration and choosing one based on a
system property
== Multi Tenancy Support in Gerrit
Map tenant to top-level folder in Gerrit.
== Multi Tenancy Support in Gerrit
Map tenant to top-level folder in Gerrit.
== Multi Tenancy Support in Gerrit
Tenant users must only see projects of their own tenant.
/** Can this user see this project exists? */
public boolean isVisible() {
if (user instanceof InternalUser && !isHidden()) {
return true;
if (!canPerformOnAnyRef(Permission.READ) || isHidden()) {
return false;
Project p = state.getProject();
for (ProjectFilter e : visibilityExtensions) {
if (!e.accept(p)) {
return false;
return true;
* An extension to the standard project visibility check
public interface ProjectFilter {
public boolean accept(Project project);
.Tenant ProjectFilter
class TenantAsTopLevelFolder implements ProjectFilter {
private final Provider<CurrentUser> currentUser;
private final DomainDbClient checker;
public TenantAsTopLevelFolder(Provider<CurrentUser> currentUser,
DomainDbClient checker) {
this.currentUser = currentUser;
this.checker = checker;
public boolean accept(Project project) {
if (currentUser.get().getCapabilities().canAdministrateServer()) {
return true;
String projectName = project.getName();
int n = projectName.indexOf('/');
if (n == -1) {
return false;
String tenant = projectName.substring(0, n);
String userName = currentUser.get().getUserName();
return checker.hasGitAccess(userName, tenant);
== Questions?
<style type="text/css">
#title-page {
border-bottom: 0;
text-align: center;
position: relative;
top: 30%;
font-size: 60px;