Howto automate gerrit install with postgresql ?

[Arnaud Bailly]

Hello,

I am a big fan of gerrit which I find incredibly useful and usable as far as  code review tools go. There is one thing however I find extremely painful, it's gerrit installation.

I have tried to automate gerrit +postgresql installation and configuration and I am running into postgres authentication issue which I do not know exactly how to solve. Here are the scripts I have written (they are run as part of vagrant):

The postgresql.sh script:

#!/bin/sh

# install postgres
sudo yum install -y postgresql-server git

# start it
sudo service postgresql initdb
sudo chkconfig postgresql on
sudo service postgresql start

# allow connections from localhost
sudo sed -i -e '/127.0.0.1/i\
host    reviewdb        ciadmin         127.0.0.1/32       trust' /var/lib/pgsql/data/pg_hba.conf
sudo service postgresql start

# configure DB
sudo -u postgres createuser -ldrS ciadmin
sudo -u postgres createdb -E UTF-8 -O ciadmin reviewdb

# create ciadmin user
sudo adduser ciadmin
cd /home/ciadmin


The gerrit.sh script:

#!/bin/sh
# install and configure gerrit
# www.vogella.com/tutorials/Gerrit/article.html
# http://review.cyanogenmod.org/Documentation/install-quick.html
# https://git.eclipse.org/r/Documentation/install.html

# download gerrit
[ -f gerrit-2.8.war ] || wget --no-check-certificate -O gerrit-2.8.war \
    https://gerrit-releases.storage.googleapis.com/gerrit-2.8.war

mkdir gerrit

# create gerrit directory structure
java -jar gerrit-2.8.war init --batch -d gerrit

# stop as by default it uses h2
gerrit/bin/gerrit.sh stop

# update configuration to use postgres
sed -i -e 's/h2/postgresql/' gerrit/etc/gerrit.config
sed -i -e 's|db/ReviewDB|reviewdb|' gerrit/etc/gerrit.config
sed -i -e '/auth/i \
      username = ciadmin \
      hostname = localhost' gerrit/etc/gerrit.config

# redo init to create postgres DB
java -jar gerrit-2.8.war init --batch -d gerrit

# really start
gerrit/bin/gerrit.sh start

Here is the (end of the) output of the scripts execution:

Generating SSH host key ... rsa(simple)... done
Initialized /home/ciadmin/gerrit
Executing /home/ciadmin/gerrit/bin/gerrit.sh start
Starting Gerrit Code Review: OK
fatal: DbInjector failed
fatal: Unable to determine SqlDialect
fatal:   caused by org.postgresql.util.PSQLException: FATAL: Ident authentication failed for user "ciadmin"

Thanks for your help

Arnaud

[David Ostrovsky]

Am Mittwoch, 26. Februar 2014 19:49:38 UTC+1 schrieb Arnaud Bailly:

Hello,

I am a big fan of gerrit which I find incredibly useful and usable as far as  code review tools go. There is one thing however I find extremely painful, it's gerrit installation.

I have tried to automate gerrit +postgresql installation and configuration and I am running into postgres authentication issue which I do not know exactly how to solve. Here are the scripts I have written (they are run as part of vagrant):

The postgresql.sh script:

#!/bin/sh

# install postgres
sudo yum install -y postgresql-server git

# start it
sudo service postgresql initdb
sudo chkconfig postgresql on
sudo service postgresql start

# allow connections from localhost
sudo sed -i -e '/127.0.0.1/i\
host    reviewdb        ciadmin         127.0.0.1/32       trust' /var/lib/pgsql/data/pg_hba.conf
sudo service postgresql start

# configure DB
sudo -u postgres createuser -ldrS ciadmin

So the installation instructions for Postgresql [1] suggest:

 $ createuser --username=postgres -RDIElPS gerrit2

You are omitting -P options, which would set up password auth [2]:

-P
--pwprompt

If given, createuser will issue a prompt for the password of the new user. This is not necessary if you do not plan on using password authentication.

The password must be provided in $gerrit_site/etc/secure.config, under database section:

[database]

  password = secret

[1] https://gerrit-review.googlesource.com/Documentation/install.html#createdb_postgres

[2] http://www.postgresql.org/docs/8.1/static/app-createuser.html

[Arnaud Bailly]

Thanks for your reply.

Yes, I deliberately omitted this option because I do not want to be prompted for a password within the script. 

And I do not think this is the problem here: The error message from gerrit says 'Ident authentication failed for user "ciadmin"' which AFAIU means that postgres is trying to use ident for authenticating the use, although I requested 'trust' in pg_hba.conf. 

But anyway I will try setting a password and see where it goes.

Regards,

Arnaud

[David Ostrovsky]

On Thursday, February 27, 2014 7:31:22 AM UTC+1, Arnaud Bailly wrote:

Thanks for your reply.

Yes, I deliberately omitted this option because I do not want to be prompted for a password within the script. 

To quote Norbert, a friend of mine:

"If you are that smart to diverge from instructions, you should be smart enough to fix it if it goes wrong"

;-) 

[Arnaud Bailly]

Sure. That's what I did actually, which does not mean I am pretending to be that smart :-)

Anyway the issue was not in the password but in the pg_hba.conf as I suspected. I changed the following:

sudo sed -i -e '/127.0.0.1/i\

host    reviewdb        ciadmin         0.0.0.0/0       trust' /var/lib/pgsql/data/pg_hba.conf
sudo service postgresql reload



and it now works. Actually, the password in the DB is used to authenticate user only if given an md5 authentication scheme in pg. ident means the user is authenticated against the identd daemon hence the latter needs to be installed and running, whereas trust means no authentication is done on connection. I have changed 127.0.0.1/32 to 0.0.0.0/0 to ensure that it works even if gerrit is not connecting through localhost which it should because that's what I defined in the configuration... And beside I replaced 'start' with 'reload' for postgresql service because otherwise the modified pg_hba.conf was not used.

Thanks for your help

Regards

Arnaud

[Matthew Beamer]

@Arnaud Bailly

Willing to share your Vagrantfile for folks to poke around at?

[Arnaud Bailly]

Oh sure. Never thought this could interest anyone. Will post it to github asap.

On 16 Apr 2014, at 17:09, Matthew Beamer <matthew...@gmail.com> wrote:

@Arnaud Bailly

Willing to share your Vagrantfile for folks to poke around at?

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to a topic in the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/repo-discuss/lHokbi3FDgA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Arnaud Bailly]

Here it is: https://github.com/abailly/ci-vagrant

Comments and PR greatly appreciated, fo course!

Arnaud

On 16 Apr 2014, at 17:09, Matthew Beamer <matthew...@gmail.com> wrote:

@Arnaud Bailly

Willing to share your Vagrantfile for folks to poke around at?

[Yanis Guenane]

Hi @ArnaudBailly,

Reading your post here I realized we try to do much the same thing. About settings a vagrant machine that set an environment with Gerrit/Jenkins, etc...
Just in case you're interested in taking a look of what I've been doing (https://github.com/Spredzy/vagrant-softwarefactory), we could probably try to work together.

Sorry it's unrelated to the main purpose of this topic.

--
Yanis Guenane

[Arnaud Bailly]

Clearly! I was not ready to learn puppet so I went for Plain Old Script Shell which is kind of passé :-) Your box seems a bit more polished than mine.

I had special requirements regarding java locations and base OS, hence the funky Java install and the CentOS box. 

Do you have something specific in mind? 

Regards,

Arnaud

[Steffen Gebert]

Hi,

we've created a chef cookbook for automated install.
Postgresql is also supported.

https://github.com/TYPO3-cookbooks/gerrit

Steffen

On 16 Apr 2014, at 22:19, Yanis Guenane <ygue...@gmail.com> wrote:

> You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.

[Yanis Guenane]

Hi Arnaud,

The idea was to have a deeply integrated system that allows Software Management at large (code review + continuous integration + issue tracker + <nameit>). All of them tightly bind together. (ie. a review create a ticket, comment in Gerrit adds comment in the issue tracker, merging review close issue, etc..).

That would be the global idea.

--
Yanis Guenane