Automate Admin user creation

[Charles Moulliard]

Hi,

Gerrit provides a cmd to create user (https://gerrit-review.googlesource.com/Documentation/cmd-create-account.html) but it requires that an admin user + ssh key has been already created ("ssh -p 29418 admin@localhost gerrit create-account --full-name reviewer1 reviewer1"). Can we also automate the creation of the first - admin user (sql insert script, ...) ?

Regards,

Charles

[Luca Milanesio]

I believe you need to insert stuff into the DB via scripting I am afraid :-(

Tables:

- accounts

- account_external_ids

- account_ssh_keys

Without a first user you cannot use any gerrit ssh commands or REST API.

Luca.

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Edwin Kempin]

2015-06-01 17:52 GMT+02:00 Luca Milanesio <luca.mi...@gmail.com>:

I believe you need to insert stuff into the DB via scripting I am afraid :-(

You can also do these inserts from an init step. The postRun() method is invoked after the site has been created and can get access to the db.

I actually implemented the admin user creation as an init step for the DEVELOPMENT_BECOME_ANY_ACCOUNT mode, see
https://gerrit.googlesource.com/gerrit/+/refs/heads/master/gerrit-pgm/src/main/java/com/google/gerrit/pgm/init/InitAdminUser.java

This should be a good starting point, if you want to do the same for another auth type.

[Charles Moulliard]

Thx Luca. How can we use the step you described during the gerrit creation process to create this admin user ?

[Edwin Kempin]

2015-06-01 19:25 GMT+02:00 Charles Moulliard <ch0...@gmail.com>:

Thx Luca. How can we use the step you described during the gerrit creation process to create this admin user ?

Write you own plugin [1] with a similar init step.

[1] https://gerrit-review.googlesource.com/Documentation/dev-plugins.html

[Charles Moulliard]

Thx. I will have a look to dev a plugin "create-admin-user"

As the class "InitAdminUser.java" is part of the project/module "gerrit-pgm", is it used and when ? 

--

Charles Moulliard

Apache Committer / Architect @RedHat

Twitter : @cmoulliard | Blog :  http://cmoulliard.github.io

[Edwin Kempin]

2015-06-01 20:14 GMT+02:00 Charles Moulliard <ch0...@gmail.com>:

Thx. I will have a look to dev a plugin "create-admin-user"

As the class "InitAdminUser.java" is part of the project/module "gerrit-pgm", is it used and when ? 

It is used in Gerrit core when you init a new site and choose DEVELOPMENT_BECOME_ANY_ACCOUNT as auth type.

Then there will be a question whether the initial admin user should be created.

[Charles Moulliard]

Can we use it during gerrit initialization of a new site in batch mode ? Can we pass env vars to change how the batch configuration is done ?

[Charles Moulliard]

Hi Everyone,

I have created a plugin where the class implements the interface InitStep (https://github.com/cmoulliard/gerrit-create-adminuser-plugin/blob/master/src/main/java/com/googlesource/gerrit/plugins/admin/InitAdminUser.java#L25-25) and followed these steps to use it when we generate the site : 

https://github.com/cmoulliard/gerrit-create-adminuser-plugin/blob/master/readme.md

Unfortunately the admin user has not been created even if the auth_type = DEVLOPMENT_BECOME_ACCOUNT (https://github.com/cmoulliard/gerrit-create-adminuser-plugin/blob/master/config/gerrit.config#L10-10) as it already exists.

Auth Type : DEVELOPMENT_BECOME_ANY_ACCOUNT

Create administrator user

Exception in thread "main" com.google.gwtorm.server.OrmDuplicateKeyException: account_external_ids

        at com.google.gwtorm.schema.sql.DialectH2.convertError(DialectH2.java:42)

        at com.google.gwtorm.jdbc.JdbcAccess.convertError(JdbcAccess.java:459)

        at com.google.gwtorm.jdbc.JdbcAccess.insert(JdbcAccess.java:170)

        at com.googlesource.gerrit.plugins.admin.InitAdminUser.postRun(InitAdminUser.java:77)

        at com.google.gerrit.pgm.init.InitPlugins.postInitPlugins(InitPlugins.java:166)

        at com.google.gerrit.pgm.init.InitPlugins.postRun(InitPlugins.java:99)

        at com.google.gerrit.pgm.init.SitePathInitializer.postRun(SitePathInitializer.java:129)

        at com.google.gerrit.pgm.init.BaseInit.run(BaseInit.java:122)

        at com.google.gerrit.pgm.util.AbstractProgram.main(AbstractProgram.java:64)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:497)

        at com.google.gerrit.launcher.GerritLauncher.invokeProgram(GerritLauncher.java:166)

        at com.google.gerrit.launcher.GerritLauncher.mainImpl(GerritLauncher.java:93)

        at com.google.gerrit.launcher.GerritLauncher.main(GerritLauncher.java:50)

        at Main.main(Main.java:25)

Caused by: org.h2.jdbc.JdbcBatchUpdateException: Unique index or primary key violation: "PRIMARY_KEY_1 ON PUBLIC.ACCOUNT_EXTERNAL_IDS(EXTERNAL_ID) VALUES ( /* 3 */ 'username:admin' )"; SQL statement:

INSERT INTO account_external_ids(account_id,email_address,password,external_id)VALUES(?,?,?,?) [23505-174]

        at org.h2.jdbc.JdbcPreparedStatement.executeBatch(JdbcPreparedStatement.java:1167)

        at com.google.gwtorm.schema.sql.SqlDialect.executeBatch(SqlDialect.java:442)

        at com.google.gwtorm.jdbc.JdbcAccess.execute(JdbcAccess.java:449)

        at com.google.gwtorm.jdbc.JdbcAccess.insertAsBatch(JdbcAccess.java:212)

        at com.google.gwtorm.jdbc.JdbcAccess.insert(JdbcAccess.java:165)

        ... 14 more

Caused by: org.h2.jdbc.JdbcSQLException: Unique index or primary key violation: "PRIMARY_KEY_1 ON PUBLIC.ACCOUNT_EXTERNAL_IDS(EXTERNAL_ID) VALUES ( /* 3 */ 'username:admin' )"; SQL statement:

INSERT INTO account_external_ids(account_id,email_address,password,external_id)VALUES(?,?,?,?) [23505-174]

Do I have to change the code to update the previously account created or run the java instructions in a different way ?

java -jar target/gerrit.war init --batch --no-auto-start -d target/gerrit-site

cp target/create-user-plugin-1.0-SNAPSHOT.jar target/gerrit-site/plugins/

cp config/gerrit.config target/gerrit-site/etc

java -jar target/gerrit.war init --batch --no-auto-start -d target/gerrit-site

Regards,

Charles 

On Monday, June 1, 2015 at 6:28:58 PM UTC+2, Edwin Kempin wrote:

[Edwin Kempin]

2015-06-02 6:49 GMT+02:00 Charles Moulliard <ch0...@gmail.com>:

Can we use it during gerrit initialization of a new site in batch mode ?

Yes, it can be used during batch mode.

In batch mode the provided default values will be applied
 

Can we pass env vars to change how the batch configuration is done ?

In your own init step you can also read environment variables and use them as default values for the batch mode.

[Edwin Kempin]

Which previously created account?

This code is for creating the initial/first account. It assumes that there is no account yet.

[Charles Moulliard]

When the generated site is created in batch mode and when the auth_mode is DEVELOPMENT_BECOME_ANY_ACCOUNT, the class InitAdminUser of gerrit-pgm is called before my plugin. This is why an account already exists. 

I have changed my code to update the existing account within the plugin "https://github.com/cmoulliard/gerrit-create-adminuser-plugin/blob/master/src/main/java/com/googlesource/gerrit/plugins/admin/InitAdminUser.java#L100-L118".

[lucamilanesio]

Thanks for sharing :-) Why don't we move the plugin to Gerrit-Review?

I can set-up a CI job to build it with the Gerrit releases on ci.gerritforge.com (and gerrit.gerritforge.com).

Luca.

[Charles Moulliard]

Why not. As an Apache committer, I would love to contribute too to gerrit too. When the plugin code will be polished, I will submit it.

Remark : The intention f this plugin is too automate the creation of the users during generation site creation (admin, jenkins, reviewer, ...).

Is gerrit-review an existing plugin ? 

You received this message because you are subscribed to a topic in the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/repo-discuss/4OaOoEVOy8A/unsubscribe.
To unsubscribe from this group and all its topics, send an email to repo-discuss...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

[Luca Milanesio]

There isn’t an existing plugin on gerrit-review.googlesoure.com at the moment for that purpose, but Edwin (or another Gerrit maintainer) can create a “plugins/create-adminuser” Gerrit project for you :-)

Luca.

[Edwin Kempin]

2015-06-05 10:04 GMT+02:00 Luca Milanesio <luca.mi...@gmail.com>:

There isn’t an existing plugin on gerrit-review.googlesoure.com at the moment for that purpose, but Edwin (or another Gerrit maintainer) can create a “plugins/create-adminuser” Gerrit project for you :-)

Yes, if wanted, I can create such an empty plugin project.

Just let me know and confirm the name.

[Charles Moulliard]

The idea of this plugin is to populate the gerrit DB with a list of users that we will pass as parameter (env var -> GERRIT_ACCOUNTS) to this plugin (example : admin, Administrator, ad...@example.com,group ... groupN, sshKey or link of the file pointing the the ssh key).

Candidate name : create-users-plugin.

Question: Can a plugin be a HTTP/SSH command AND also used during init phase of the gerrit site OR they should be packaged separately; one for HTTP/SSH command and another for InitStep ?

[Edwin Kempin]

2015-06-05 14:59 GMT+02:00 Charles Moulliard <ch0...@gmail.com>:

The idea of this plugin is to populate the gerrit DB with a list of users that we will pass as parameter (env var -> GERRIT_ACCOUNTS) to this plugin (example : admin, Administrator, ad...@example.com,group ... groupN, sshKey or link of the file pointing the the ssh key).

Candidate name : create-users-plugin.

Do you already have a user on gerrit-review [1]?

You would to sign the Android Contributor License Agreement.

Only then I can create the project for you and assign you the owner permissions.

[1] https://gerrit-review.googlesource.com

[Charles Moulliard]

I have a user on gerrit-review but no CLA signed. Where can I download the document and send it back signed ?

[Edwin Kempin]

2015-06-05 20:54 GMT+02:00 Charles Moulliard <ch0...@gmail.com>:

I have a user on gerrit-review but no CLA signed. Where can I download the document and send it back signed ?

Have a look at
  https://gerrit-review.googlesource.com/Documentation/dev-contributing.html#_contributor_license_agreement
 

On Monday, June 1, 2015 at 5:44:52 PM UTC+2, Charles Moulliard wrote:

Hi,

Gerrit provides a cmd to create user (https://gerrit-review.googlesource.com/Documentation/cmd-create-account.html) but it requires that an admin user + ssh key has been already created ("ssh -p 29418 admin@localhost gerrit create-account --full-name reviewer1 reviewer1"). Can we also automate the creation of the first - admin user (sql insert script, ...) ?

Regards,

Charles

--