Gerrit + Jenkins in LDAP environment

Today, I got Gerrit integrated with Jenkins. Even though there’s good info on the web on how to get this beautiful couple working together, I lack the explanation on how to configure Gerrit SSH for Jenkins usage when Gerrit authenticates its users on a LDAP service.

First of all, the Gerrit instance I’m working on is authenticating against the company LDAP directory. Nothing new here as LDAP users can log-in sucessfully. Now, the thing is Gerrit process is not running as an LDAP user, but rather an Unix one (local) and we need a Gerrit user (non-local) with a public SSH key for Jenkins to be able to acess the code review tool.

The confusion was set! How would I authenticate Jenkins without an LDAP user created for this sole purpose?! gerrit create-account is the way to go!

For this command to work, you must have an authenticated user in Gerrit with administrative privileges and public SSH key set.

First, let’s create a key for the user that Jenkins is going to use:

ssh-keygen -t rsa -b 2048

You should now have two new files, a private key and a public key. Never ever give the private key!! Imagining your recently created public key file is named id_rsa.pub and that you’ve got an xpto user configured in Gerrit as part of the group Administrators, let’s add thevirtual user:

cat id_rsa.pub | ssh -p 29418 xpto@gerrit.example.com gerrit create-account --ssh-key - jenkins

It should be OK now! Just install Gerrit Trigger Jenkins plug-in and configure it as described in the documentation. It won’t take more than two minutes before you’ve got Gerrit shaking hands with Jenkins 🙂

Installing Gerrit on Glassfish

Yey, I’m finally back!! This time I’ll share with you how to get Gerrit deployed on Glassfish application server and MySQL.

The pre-requisites are:

  • MySQL up and running and experience creating databases and defining privileges;
  • Glassfish up and running and the experience creating JDBC Datasources and deploying applications, including managing library dependencies for JDBC and others – in this case, you’ll need to provide MySQL JDBC driver and Bouncy Castle crypto API libraries to Gerrit.

If you’re ready, follow me now:

    1. Create a database for Gerrit
              mysql -u root -p
      
              CREATE USER 'gerrit2'@'localhost' IDENTIFIED BY 'secret';
              CREATE DATABASE reviewdb;
              ALTER DATABASE reviewdb charset=latin1;
              GRANT ALL ON reviewdb.* TO 'gerrit2'@'localhost';
              FLUSH PRIVILEGES;
    2. Download the latest version of Gerrit. By the time of this writing, it was 2.2.1.
    3. Initialize Gerrit in standalone mode (for now). Don’t forget to provide the correct MySQL configuration:
      java -jar gerrit-2.2.1.war init -d gerrit

If all goes well, you should have a new directory named gerrit with everything you need to get Gerrit running. Also, the standalone server (Jetty) should be up. Stop it:

    gerrit/bin/gerrit.sh stop

Now, let’s configure Glassfish datasource. Please, pay attention as this was where I got into problems..

  1. Create a JDBC Connection Pool with type javax.sql.DataSource and MySQL as datasource classname.
  2. Enable Ping mode.
  3. Define DatabaseName, User, Password, Server depending on what information you’ve provided while initializing Gerrit.
  4. Finally and most importantly, define both URL and Url properties to something like jdbc:mysql://localhost:3306/reviewdb?autoReconnect=true
  5. The parts in italic bold are the ones to change according to your own configuration.

Try to ping your datasource to check if it’s OK. It is? Great! Now, let’s proceed with the deployment of Gerrit:

    asadmin deploy --contextroot codereview --name gerrit-2.2.1 gerrit-2.2.1.war

It should be working now! Point your browser to http://your_host/codereview, et voilá 🙂

Gerrit working on Glassfish application server and on top of MySQL

Gerrit working on Glassfish application server and on top of MySQL