Add ssh_server option to Gerrit driver
In a multi-host Gerrit environment (HA or failover) it's plausible that admins may use one mechanism for managing ingress for HTTP requests and a different for SSH requests. Or admins may have different firewall rules for each. To accomodate these situations, Add an "ssh_server" configuration item for Gerrit. This makes the set of hostname-like items the following: * server: the HTTP hostname and default for all others * canonical_hostname: what to use for golang-style git paths * ssh_server: the hostname to use for SSH connections * baseurl: the base URL for HTTP connections The following are equivalent: server=review.example.com ssh_server=ssh-review.example.com and: server=ssh-review.example.com baseurl=https://review.example.com Change-Id: I6e9cd9f48c1a78d8d24bfe176efbb932a18ec83c
This commit is contained in:
parent
c5b55e59c8
commit
595fb3e9ef
|
@ -51,6 +51,12 @@ The supported options in ``zuul.conf`` connections are:
|
||||||
|
|
||||||
Fully qualified domain name of Gerrit server.
|
Fully qualified domain name of Gerrit server.
|
||||||
|
|
||||||
|
.. attr:: ssh_server
|
||||||
|
|
||||||
|
If SSH access to the Gerrit server should be via a different
|
||||||
|
hostname than web access, set this value to the hostname to use
|
||||||
|
for SSH connections.
|
||||||
|
|
||||||
.. attr:: canonical_hostname
|
.. attr:: canonical_hostname
|
||||||
|
|
||||||
The canonical hostname associated with the git repos on the
|
The canonical hostname associated with the git repos on the
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The new `ssh_server` option for gerrit connections may be used to specify
|
||||||
|
a hostname to use for SSH connections while the normal `server` option
|
||||||
|
specifies the hostname to use for HTTP connections.
|
|
@ -0,0 +1,38 @@
|
||||||
|
[statsd]
|
||||||
|
# note, use 127.0.0.1 rather than localhost to avoid getting ipv6
|
||||||
|
# see: https://github.com/jsocol/pystatsd/issues/61
|
||||||
|
server=127.0.0.1
|
||||||
|
|
||||||
|
[scheduler]
|
||||||
|
tenant_config=main.yaml
|
||||||
|
|
||||||
|
[merger]
|
||||||
|
git_dir=/tmp/zuul-test/merger-git
|
||||||
|
git_user_email=zuul@example.com
|
||||||
|
git_user_name=zuul
|
||||||
|
|
||||||
|
[executor]
|
||||||
|
git_dir=/tmp/zuul-test/executor-git
|
||||||
|
load_multiplier=100
|
||||||
|
|
||||||
|
[connection gerrit]
|
||||||
|
driver=gerrit
|
||||||
|
server=review.example.com
|
||||||
|
ssh_server=ssh-review.example.com
|
||||||
|
user=jenkins
|
||||||
|
sshkey=fake_id_rsa_path
|
||||||
|
password=badpassword
|
||||||
|
|
||||||
|
[connection github]
|
||||||
|
driver=github
|
||||||
|
webhook_token=0000000000000000000000000000000000000000
|
||||||
|
|
||||||
|
[connection smtp]
|
||||||
|
driver=smtp
|
||||||
|
server=localhost
|
||||||
|
port=25
|
||||||
|
default_from=zuul@example.com
|
||||||
|
default_to=you@example.com
|
||||||
|
|
||||||
|
[database]
|
||||||
|
dburi=$MYSQL_FIXTURE_DBURI$
|
|
@ -148,6 +148,25 @@ class TestGerrit(BaseTestCase):
|
||||||
'ssh://gerrit@localhost:29418/org/project',
|
'ssh://gerrit@localhost:29418/org/project',
|
||||||
url)
|
url)
|
||||||
|
|
||||||
|
def test_ssh_server_getGitURL(self):
|
||||||
|
gerrit_config = {
|
||||||
|
'user': 'gerrit',
|
||||||
|
'server': 'otherserver',
|
||||||
|
'password': '1/badpassword',
|
||||||
|
'ssh_server': 'localhost',
|
||||||
|
'git_over_ssh': 'true',
|
||||||
|
}
|
||||||
|
# The 1/ in the password ensures we test the url encoding
|
||||||
|
# path; this is the format of password we get from
|
||||||
|
# googlesource.com.
|
||||||
|
driver = GerritDriver()
|
||||||
|
gerrit = GerritConnection(driver, 'review_gerrit', gerrit_config)
|
||||||
|
project = gerrit.source.getProject('org/project')
|
||||||
|
url = gerrit.source.getGitUrl(project)
|
||||||
|
self.assertEqual(
|
||||||
|
'ssh://gerrit@localhost:29418/org/project',
|
||||||
|
url)
|
||||||
|
|
||||||
|
|
||||||
class TestGerritWeb(ZuulTestCase):
|
class TestGerritWeb(ZuulTestCase):
|
||||||
config_file = 'zuul-gerrit-web.conf'
|
config_file = 'zuul-gerrit-web.conf'
|
||||||
|
|
|
@ -316,6 +316,7 @@ class TestWeb(BaseTestWeb):
|
||||||
'baseurl': 'https://review.example.com',
|
'baseurl': 'https://review.example.com',
|
||||||
'canonical_hostname': 'review.example.com',
|
'canonical_hostname': 'review.example.com',
|
||||||
'server': 'review.example.com',
|
'server': 'review.example.com',
|
||||||
|
'ssh_server': 'review.example.com',
|
||||||
'port': 29418,
|
'port': 29418,
|
||||||
}
|
}
|
||||||
self.assertEqual([connection], data)
|
self.assertEqual([connection], data)
|
||||||
|
@ -2954,7 +2955,7 @@ class TestHeldAttributeInBuildInfo(BaseTestWeb):
|
||||||
|
|
||||||
|
|
||||||
class TestWebMulti(BaseTestWeb):
|
class TestWebMulti(BaseTestWeb):
|
||||||
config_file = 'zuul-gerrit-github.conf'
|
config_file = 'zuul-gerrit-ssh.conf'
|
||||||
|
|
||||||
def test_web_connections_list_multi(self):
|
def test_web_connections_list_multi(self):
|
||||||
data = self.get_url('api/connections').json()
|
data = self.get_url('api/connections').json()
|
||||||
|
@ -2966,6 +2967,7 @@ class TestWebMulti(BaseTestWeb):
|
||||||
'baseurl': url,
|
'baseurl': url,
|
||||||
'canonical_hostname': 'review.example.com',
|
'canonical_hostname': 'review.example.com',
|
||||||
'server': 'review.example.com',
|
'server': 'review.example.com',
|
||||||
|
'ssh_server': 'ssh-review.example.com',
|
||||||
'port': 29418,
|
'port': 29418,
|
||||||
}
|
}
|
||||||
github_connection = {
|
github_connection = {
|
||||||
|
|
|
@ -578,6 +578,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):
|
||||||
|
|
||||||
self.user = self.connection_config.get('user')
|
self.user = self.connection_config.get('user')
|
||||||
self.server = self.connection_config.get('server')
|
self.server = self.connection_config.get('server')
|
||||||
|
self.ssh_server = self.connection_config.get('ssh_server', self.server)
|
||||||
self.canonical_hostname = self.connection_config.get(
|
self.canonical_hostname = self.connection_config.get(
|
||||||
'canonical_hostname', self.server)
|
'canonical_hostname', self.server)
|
||||||
self.port = int(self.connection_config.get('port', 29418))
|
self.port = int(self.connection_config.get('port', 29418))
|
||||||
|
@ -680,6 +681,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):
|
||||||
"baseurl": self.baseurl,
|
"baseurl": self.baseurl,
|
||||||
"canonical_hostname": self.canonical_hostname,
|
"canonical_hostname": self.canonical_hostname,
|
||||||
"server": self.server,
|
"server": self.server,
|
||||||
|
"ssh_server": self.ssh_server,
|
||||||
"port": self.port,
|
"port": self.port,
|
||||||
})
|
})
|
||||||
return d
|
return d
|
||||||
|
@ -1535,7 +1537,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):
|
||||||
client.set_missing_host_key_policy(paramiko.WarningPolicy())
|
client.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||||
# SSH banner, handshake, and auth timeouts default to 15
|
# SSH banner, handshake, and auth timeouts default to 15
|
||||||
# seconds, so we only set the socket timeout here.
|
# seconds, so we only set the socket timeout here.
|
||||||
client.connect(self.server,
|
client.connect(self.ssh_server,
|
||||||
username=self.user,
|
username=self.user,
|
||||||
port=self.port,
|
port=self.port,
|
||||||
key_filename=self.keyfile,
|
key_filename=self.keyfile,
|
||||||
|
@ -1626,7 +1628,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):
|
||||||
baseurl = urllib.parse.urlunparse(baseurl)
|
baseurl = urllib.parse.urlunparse(baseurl)
|
||||||
url = ('%s/a/%s' % (baseurl, project.name))
|
url = ('%s/a/%s' % (baseurl, project.name))
|
||||||
else:
|
else:
|
||||||
url = 'ssh://%s@%s:%s/%s' % (self.user, self.server, self.port,
|
url = 'ssh://%s@%s:%s/%s' % (self.user, self.ssh_server, self.port,
|
||||||
project.name)
|
project.name)
|
||||||
return url
|
return url
|
||||||
|
|
||||||
|
@ -1717,7 +1719,7 @@ class GerritConnection(ZKChangeCacheMixin, ZKBranchCacheMixin, BaseConnection):
|
||||||
self.watcher_thread = GerritWatcher(
|
self.watcher_thread = GerritWatcher(
|
||||||
self,
|
self,
|
||||||
self.user,
|
self.user,
|
||||||
self.server,
|
self.ssh_server,
|
||||||
self.port,
|
self.port,
|
||||||
keyfile=self.keyfile,
|
keyfile=self.keyfile,
|
||||||
keepalive=self.keepalive)
|
keepalive=self.keepalive)
|
||||||
|
|
Loading…
Reference in New Issue