#\r
# *git.enableGitServlet* must be true to use this feature.\r
\r
+# Your federation name is used for federation status acknowledgments. If it is\r
+# unset, and you elect to send a status acknowledgment, your Gitblit instance\r
+# will be identified by its hostname, if available, else your internal ip address.\r
+# The source Gitblit instance will also append your external IP address to your\r
+# identification to differentiate multiple pulling systems behind a single proxy.\r
#\r
+# SINCE 0.6.0\r
+federation.name =\r
+\r
+# Specify the passphrase of this Gitblit instance.\r
+#\r
+# An unspecified (empty) passphrase disables processing federation requests.\r
+#\r
+# This value can be anything you want: an integer, a sentence, an haiku, etc.\r
+# Keep the value simple, though, to avoid Java properties file encoding issues.\r
+#\r
+# Changing your passphrase will break any registrations you have established with other\r
+# Gitblit instances.\r
+#\r
+# CASE-SENSITIVE\r
+# SINCE 0.6.0\r
+# RESTART REQUIRED\r
+federation.passphrase =\r
+\r
# Control whether or not this Gitblit instance can receive federation proposals\r
# from another Gitblit instance. Registering a federated Gitblit is a manual\r
# process. Proposals help to simplify that process by allowing a remote Gitblit\r
# SINCE 0.6.0\r
federation.defaultFrequency = 60 mins\r
\r
-# Specify the unique id of this Gitblit instance.\r
-#\r
-# An unspecified (empty) uuid disables procesing federation requests.\r
-#\r
-# This value can be anything you want: an integer, a sentence, an haiku, etc.\r
-# Keep the value simple, though, to avoid Java properties file encoding issues.\r
-#\r
-# Changing your uuid will break any registrations you have established with other\r
-# Gitblit instances.\r
-#\r
-# CASE-SENSITIVE\r
-# SINCE 0.6.0\r
-# RESTART REQUIRED\r
-federation.uuid =\r
-\r
-# Your federation name is used for federation status acknowledgments. If it is\r
-# unset, and you elect to send a status acknowledgment, your Gitblit instance\r
-# will be identified by its hostname, if available, else your internal ip address.\r
-# The source Gitblit instance will also append your external IP address to your\r
-# identification to differentiate multiple pulling systems behind a single proxy.\r
-#\r
-# SINCE 0.6.0\r
-federation.name = \r
-\r
# Federation pull registrations\r
# Registrations are read once, at startup.\r
#\r
\r
- added: federation feature to allow gitblit instances to pull repositories and, optionally, settings and accounts from other gitblit instances.<br/>\r
This is something like svn-sync for gitblit.\r
+<br/>**New:** *federation.name =*\r
+<br/>**New:** *federation.passphrase =*\r
<br/>**New:** *federation.allowProposals = false*\r
<br/>**New:** *federation.proposalsFolder = proposals*\r
<br/>**New:** *federation.defaultFrequency = 60 mins*\r
-<br/>**New:** *federation.uuid =*\r
-<br/>**New:** *federation.name =*\r
<br/>**New:** *mail.* settings for sending emails\r
<br/>**New:** user role *#notfederated* to prevent a user account from being pulled by a federated Gitblit instance\r
- added: google-gson dependency\r
### Source Gitblit Instance Requirements\r
\r
- *git.enableGitServlet* must be true, all Git clone and pull requests are handled through Gitblit's JGit servlet\r
-- *federation.uuid* must be non-empty\r
+- *federation.passphrase* must be non-empty\r
- The Gitblit source instance must be http/https accessible by the pulling Gitblit instance.<br/>That may require configuring port-forwarding on your router and/or opening ports on your firewall.\r
\r
-#### federation.uuid\r
+#### federation.passphrase\r
\r
-The uuid is used to generate permission tokens that can be shared with other Gitblit instances.\r
+The passphrase is used to generate permission tokens that can be shared with other Gitblit instances.\r
\r
-The uuid value never needs to be shared, although if you give another Gitblit instance the *ALL* federation token then your uuid will be transferred/backed-up along with all other server settings. \r
+The passphrase value never needs to be shared, although if you give another Gitblit instance the *ALL* federation token then your passphrase will be transferred/backed-up along with all other server settings.\r
\r
-This value can be anything you want: an integer, a sentence, an haiku, etc. You should probably keep the uuid simple and use standard Latin characters to prevent Java properties file encoding errors. The tokens generated from this value are affected by case, so consider this value CASE-SENSITIVE.\r
+This value can be anything you want: an integer, a sentence, an haiku, etc. You should probably keep the passphrase simple and use standard Latin characters to prevent Java properties file encoding errors. The tokens generated from this value are affected by case, so consider this value CASE-SENSITIVE.\r
\r
-The federation feature is completely disabled if your uuid value is empty.\r
+The federation feature is completely disabled if your passphrase value is empty.\r
\r
**NOTE**:<br/>\r
-Changing your *federation.uuid* will break any registrations you have established with other Gitblit instances.\r
+Changing your *federation.passphrase* will break any registrations you have established with other Gitblit instances.\r
\r
### Pulling Gitblit Instance Requirements\r
\r
\r
Gitblit generates the following federation tokens:\r
%BEGINCODE%\r
-String allToken = SHA1(uuid + "-ALL");\r
-String usersAndRepositoriesToken = SHA1(uuid + "-USERS_AND_REPOSITORIES");\r
-String repositoriesToken = SHA1(uuid + "-REPOSITORIES");\r
+String allToken = SHA1(passphrase + "-ALL");\r
+String usersAndRepositoriesToken = SHA1(passphrase + "-USERS_AND_REPOSITORIES");\r
+String repositoriesToken = SHA1(passphrase + "-REPOSITORIES");\r
%ENDCODE%\r
\r
The *ALL* token allows another Gitblit instance to pull all your repositories, user accounts, and server settings.<br/>\r
\r
Individual Gitblit repository configurations such as *description* and *accessRestriction* are always mirrored.\r
\r
-If *federation.uuid* has a non-empty value, the federation tokens are displayed in the log file and are visible, to administrators, in the web ui.\r
+If *federation.passphrase* has a non-empty value, the federation tokens are displayed in the log file and are visible, to administrators, in the web ui.\r
\r
\r
### Federation Proposals (Source Gitblit Instance)\r
\r
-Once you have properly setup your uuid and can see your federation tokens, you are ready to share them with a pulling Gitblit instance.\r
+Once you have properly setup your passphrase and can see your federation tokens, you are ready to share them with a pulling Gitblit instance.\r
\r
The registration process can be partially automated by sending a *federation proposal* to another Gitblit instance.<br/>\r
To send a proposal:\r
\r
The federation process executes using an internal administrator account, *$gitblit*. All the normal authentication and authorization processes are used for federation requests. For example, Git commands are authenticated as *$gitblit / token*.\r
\r
-While the *$gitblit* account has access to all repositories, server settings, and user accounts, it is prohibited from accessing the web ui and it is disabled if *federation.uuid* is empty.\r
+While the *$gitblit* account has access to all repositories, server settings, and user accounts, it is prohibited from accessing the web ui and it is disabled if *federation.passphrase* is empty.\r
\r
The federation feature should be considered a backdoor and enabled or disabled as appropriate for your installation.\r
\r
\r
#### User Accounts\r
\r
-By default all user accounts except the *admin* account are automatically pulled when using the *ALL* token or the *USERS_AND_REPOSITORIES* token. You may exclude a user account form being pulled by a federated Gitblit instance by checking *exclude form federation* in the edit user page.\r
+By default all user accounts except the *admin* account are automatically pulled when using the *ALL* token or the *USERS_AND_REPOSITORIES* token. You may exclude a user account form being pulled by a federated Gitblit instance by checking *exclude from federation* in the edit user page.\r
\r
The pulling Gitblit instance will store a registration-specific `users.properties` file for the pulled user accounts and their repository permissions. This file is stored in the *federation.N.folder* folder.\r
\r
\r
By default, federated repositories can not be pushed to, they are read-only by the *isFrozen* flag. This flag is **ONLY** enforced by Gitblit's JGit servlet. If you push to a federated repository after resetting the *isFrozen* flag or via some other Git access technique then you may break Gitblit's ability to continue pulling from the source repository. If you are only pushing to a local branch then you might be safe.\r
\r
+## Federation Pull Registration Keys\r
+\r
+<table>\r
+<tr><th>federation.N.url</th>\r
+<td>string</td>\r
+<td>the url of the source Gitblit instance</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.token</th>\r
+<td>string</td>\r
+<td>the token provided by the source Gitblit instance</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.frequency</th>\r
+<td>N [mins/hours/days]</td>\r
+<td>the period to wait between pull executions</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.folder</th>\r
+<td>string</td>\r
+<td>the destination folder, relative to *git.repositoriesFolder*, for these repositories. If empty, the repositories are put in *git.repositoriesFolder*.</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.mergeAccounts</th>\r
+<td>boolean</td>\r
+<td>merge the retrieved accounts into the `users.properties` of **this** Gitblit instance</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.sendStatus</th>\r
+<td>boolean</td>\r
+<td>send the status of the federated pull to the source Gitblit instance</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.freeze</th>\r
+<td>boolean</td>\r
+<td>freeze the repository at the end of each pull</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.include</th>\r
+<td>string array<br/>(space separated)</td>\r
+<td>list of included repositories *(wildcard and fuzzy matching supported)*</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.exclude</th>\r
+<td>string array<br/>(space separated)</td>\r
+<td>list of excluded repositories *(wildcard and fuzzy matching supported)*</td>\r
+</tr>\r
+\r
+<tr><th>federation.N.notifyOnError</th>\r
+<td>boolean</td>\r
+<td>send an email to the administrators on an error</td>\r
+</tr>\r
+</table>\r
+\r
## Example Federation Pull Registrations\r
\r
These examples would be entered into the `gitblit.properties` file of the pulling gitblit instance.\r
federation.example1.folder = \r
federation.example1.mergeAccounts = true\r
federation.example1.sendStatus = true\r
+ federation.example1.freeze = true\r
\r
#### Just Repositories Example\r
\r
\r
- added: federation feature to allow gitblit instances to pull repositories and, optionally, settings and accounts from other gitblit instances.<br/>\r
This is something like svn-sync for gitblit.\r
+<br/>**New:** *federation.name =*\r
+<br/>**New:** *federation.passphrase =*\r
<br/>**New:** *federation.allowProposals = false*\r
<br/>**New:** *federation.proposalsFolder = proposals*\r
<br/>**New:** *federation.defaultFrequency = 60 mins*\r
-<br/>**New:** *federation.uuid =*\r
-<br/>**New:** *federation.name =*\r
<br/>**New:** *mail.* settings for sending emails\r
<br/>**New:** user role *#notfederated* to prevent a user account from being pulled by a federated Gitblit instance\r
- added: google-gson dependency\r
if (result.createdRepository) {\r
// default local settings\r
repository.federationStrategy = FederationStrategy.EXCLUDE;\r
- repository.isFrozen = true;\r
+ repository.isFrozen = registration.freeze;\r
} else {\r
// preserve local settings\r
repository.isFrozen = rm.isFrozen;\r
return;\r
}\r
\r
- String uuid = GitBlit.getString(Keys.federation.uuid, "");\r
+ String uuid = GitBlit.getString(Keys.federation.passphrase, "");\r
if (StringUtils.isEmpty(uuid)) {\r
- logger.warn(Keys.federation.uuid + " is not properly set! Federation request denied.");\r
+ logger.warn(Keys.federation.passphrase\r
+ + " is not properly set! Federation request denied.");\r
response.sendError(HttpServletResponse.SC_FORBIDDEN);\r
return;\r
}\r
}\r
\r
public static boolean canFederate() {\r
- String uuid = getString(Keys.federation.uuid, "");\r
- return !StringUtils.isEmpty(uuid);\r
+ String passphrase = getString(Keys.federation.passphrase, "");\r
+ return !StringUtils.isEmpty(passphrase);\r
}\r
\r
/**\r
* instances.\r
*/\r
private void configureFederation() {\r
- boolean validUuid = true;\r
- String uuid = settings.getString(Keys.federation.uuid, "");\r
- if (StringUtils.isEmpty(uuid)) {\r
- logger.warn("Federation UUID is blank! This server can not be PULLED from.");\r
- validUuid = false;\r
+ boolean validPassphrase = true;\r
+ String passphrase = settings.getString(Keys.federation.passphrase, "");\r
+ if (StringUtils.isEmpty(passphrase)) {\r
+ logger.warn("Federation passphrase is blank! This server can not be PULLED from.");\r
+ validPassphrase = false;\r
}\r
- if (validUuid) {\r
+ if (validPassphrase) {\r
for (FederationToken tokenType : FederationToken.values()) {\r
logger.info(MessageFormat.format("Federation {0} token = {1}", tokenType.name(),\r
getFederationToken(tokenType)));\r
if (federationRegistrations.isEmpty()) {\r
List<String> keys = settings.getAllKeys(Keys.federation._ROOT);\r
keys.remove(Keys.federation.name);\r
- keys.remove(Keys.federation.uuid);\r
+ keys.remove(Keys.federation.passphrase);\r
keys.remove(Keys.federation.allowProposals);\r
keys.remove(Keys.federation.proposalsFolder);\r
keys.remove(Keys.federation.defaultFrequency);\r
} else if (setting.equals("folder")) {\r
// destination folder of the pull operation\r
federatedModels.get(server).folder = settings.getString(key, "");\r
+ } else if (setting.equals("freeze")) {\r
+ // set the repository to read-only after pull\r
+ federatedModels.get(server).freeze = settings.getBoolean(key, true);\r
} else if (setting.equals("mergeAccounts")) {\r
// merge remote accounts into local accounts\r
federatedModels.get(server).mergeAccounts = settings.getBoolean(key, false);\r
* @return a federation token\r
*/\r
public String getFederationToken(FederationToken type) {\r
- String uuid = settings.getString(Keys.federation.uuid, "");\r
- return StringUtils.getSHA1(uuid + "-" + type.name());\r
+ String passphrase = settings.getString(Keys.federation.passphrase, "");\r
+ return StringUtils.getSHA1(passphrase + "-" + type.name());\r
}\r
\r
/**\r
\r
public String folder;\r
\r
+ public boolean freeze;\r
+\r
public boolean mergeAccounts;\r
\r
public boolean sendStatus;\r
projects / gitblit.git / commitdiff