Add opendev Gerrit spec

This describes the process to migrate Gerrit to opendev.org
and sets it as a priority effort.

Change-Id: I05dbc8570aae48f218c20529b2ba90f435120d32
This commit is contained in:
James E. Blair 2018-12-05 09:44:25 -08:00
parent 80be266c9c
commit 3230076f5f
2 changed files with 182 additions and 2 deletions

View File

@ -14,12 +14,13 @@ infrastructure developers.
specs/task-tracker
specs/update-config-management
specs/opendev-gerrit
Gerrit query for all changes related to priority efforts::
status:open AND topic:storyboard-migration
status:open AND (topic:storyboard-migration OR topic:opendev-gerrit)
https://review.openstack.org/#/q/status:open+AND+topic:storyboard-migration,n,z
https://review.openstack.org/#/q/status:open+AND+(topic:storyboard-migration+OR+topic:opendev-gerrit)
Approved Design Specifications
==============================

179
specs/opendev-gerrit.rst Normal file
View File

@ -0,0 +1,179 @@
::
Copyright 2018 Red Hat, Inc.
This work is licensed under a Creative Commons Attribution 3.0
Unported License.
http://creativecommons.org/licenses/by/3.0/legalcode
======================
OpenDev Gerrit Hosting
======================
Storyboard: https://storyboard.openstack.org/#!/story/2004627
Migrate review.openstack.org to review.opendev.org.
Problem Description
===================
OpenDev is intended to be the project infrastructure used by open
infrastructure projects, no longer limited to OpenStack. To convey
that, we need to change the name of the Gerrit server, and accommodate
new repository organizational structures.
Proposed Change
===============
Because of the complexity of operating a Gerrit server, OpenDev will
provide a single Gerrit server for all supported projects. Whitelabel
branding of the service will not be available.
Since Zuul, golang, and other tools operate best with a single
canonical name for git repositories, we will also deprecate whitelabel
branding of git repository hosting.
The existing review.openstack.org server will be renamed to
review.opendev.org.
Plain git hosting will be served from opendev.org. The repository
directory structure will be org/project.
For example the canonical name for the nova repository will be
"opendev.org/openstack/nova". Zuul will be "opendev.org/zuul/zuul".
The URL https://opendev.org/openstack/nova will serve a browseable
version of the repository, and can also be used to clone and fetch
directly with git.
We will use Gitea for repository browsing. It is a fully-featured
GitHub close which nonetheless allows disabling features we don't use
(issues, wiki, pull requests) as well as customizing web pages (so we
can configure a custom header, etc. It can support inline RST
rendering via pandoc. It is written in Go, and an official container
image is provided. We will need to use its API to create repositories
in its internal database as part of our new repo creation process. It
supports cloning from the browse URL. It has a landing page which we
can customize to our needs, as well as a repository exploration
feature. It also supports code search across all projects. Once it
is up and running, we can retire codesearch.openstack.org (and
redirect that URL to opendev.org).
We will not support authentication or any features other than browsing
and searching to start, however, we may want to use other features in
the future (such as wiki), so we should plan to eventually configure
the system to support those.
Example site: https://try.gitea.io/gitea/gitea
Only the HTTP/HTTPS git protocol will be supported, not the native git
protocol. HTTP will redirect to HTTPS.
Redirects from git.openstack.org, git.zuul-ci.org, git.starlingx.io
will be established and maintained for at least a year.
As part of the initial migration, we will move all Zuul repositories
to use the "zuul/" prefix, along with any other similar moves which
may be ready. We will offer all projects the option to rename their
repositories in the future, as we expect that it will take some time
for them to establish policies around how they would like to use their
prefixes. For any future project renames, we will establish redirects
on opendev.org.
When we perform the move, we will force-merge (bypassing code review
and testing) changes to the .gitreview file of every project in the
system.
Implementation
==============
Assignee(s)
-----------
* corvus
Gerrit Topic
------------
Use Gerrit topic "opendev-gerrit" for all patches related to this spec.
.. code-block:: bash
git-review -t opendev-gerrit
Work Items
----------
* Remove all git:// protocol references (eg in devstack)
* Select gitea or gitlist
* Create gitea/gitlist backend servers running software in containers
* Create new opendev.org frontend load balancers
* Configure Gerrit to replicate to opendev servers
* Configure redirects on backend servers
* Add review.opendev.org to DNS pointing at review.openstack.org IP addrs
* During outage:
* Rename Gerrit server to review.opendev.org
* Replace openstack logo with opendev logo
* Update Gerrit apache config to redirect review.openstack.org to
review.opendev.org
* Update DNS to point git.openstack.org, git.starlingx.io,
git.zuul-ci.org to opendev.org
* Rename any projects ready to be renamed as part of the move
* Force-merge changes
Repositories
------------
We may need new repositories related to operating gitea/gitlist.
Servers
-------
We will briefly have two git farms, but can retire the current git
farm at the completion of the migration. We can operate with one or
two backends during setup and scale out to a full cluster size during
the outage.
DNS Entries
-----------
Many DNS changes will happen as described in the work items. Some
will be manual changes to the openstack.org zone, most will be in
opendev.org which is managed via git. Most DNS entries can be made in
advance of the cutover.
Documentation
-------------
The new code browsing system should be documented. Instructions for
configuring redirects on project renames should be added.
Security
--------
This should not alter the security posture of any of the affected
services.
Testing
-------
New services can be tested with testinfra in system-config.
Dependencies
============
No dependencies.