From d7fb202c122faa90a75717cbd66791d3879b5776 Mon Sep 17 00:00:00 2001 From: James Moger Date: Mon, 26 Sep 2011 08:50:04 -0400 Subject: [PATCH] Bare option for federation pull registrations. Documentation. --- docs/02_federation.mkd | 59 +++++++++++-------- src/com/gitblit/FederationPullExecutor.java | 2 +- src/com/gitblit/GitBlit.java | 3 + src/com/gitblit/models/FederationModel.java | 2 + src/com/gitblit/utils/JGitUtils.java | 9 +-- .../wicket/pages/ReviewProposalPage.java | 1 + 6 files changed, 48 insertions(+), 28 deletions(-) diff --git a/docs/02_federation.mkd b/docs/02_federation.mkd index fbcb5b03..e5cc797f 100644 --- a/docs/02_federation.mkd +++ b/docs/02_federation.mkd @@ -2,9 +2,12 @@ *SINCE 0.6.0* -A Gitblit federation is basically an automated backup solution from one Gitblit instance to another. If you are/were a Subversion user you might think of this as [svn-sync](http://svnbook.red-bean.com/en/1.5/svn.ref.svnsync.html), but better. +A Gitblit federation is a mechanism to clone repositories and keep them in sync from one Gitblit instance to another. Federation can be used for automated backup of your repositories or may be used to initially clone groups of repositories to developer workstations. If you are/were a Subversion user you might think of this as [svn-sync](http://svnbook.red-bean.com/en/1.5/svn.ref.svnsync.html), but better. -If your Gitblit instance allows federation and it is properly registered with another Gitblit instance, each of the *non-excluded* repositories of your Gitblit instance can be mirrored, in their entirety, to the pulling Gitblit instance. You may optionally allow pulling of user accounts and server settings. +If your Gitblit instance allows federation and it is properly registered with another Gitblit instance, each of the *non-excluded* repositories of your Gitblit instance can be mirrored, in their entirety, to the pulling Gitblit instance. You may optionally allow pulling of user accounts and backup of server settings. + +The federation feature should be considered a security backdoor and enabled or disabled as appropriate for your installation.
+Please review all the documentation to understand how it works and its limitations. ### Origin Gitblit Instance Requirements @@ -51,23 +54,25 @@ If *federation.passphrase* has a non-empty value, the federation tokens are disp #### Federation Sets -Federation Sets (*federation.sets*) are named groups of repositories. The Federation Sets are available for selection in the repository settings page. You can assign a repository to one or more sets and then distribute the token for the set. This allows you to grant federation pull access to a subset of your available repositories. Tokens for federation sets only grant pull access for the member repositories. +Federation Sets (*federation.sets*) are named groups of repositories. The Federation Sets are defined in `gitblit.properties` and are available for selection in the repository settings page. You can assign a repository to one or more sets and then distribute the token for the set. This allows you to grant federation pull access to a subset of your available repositories. Tokens for federation sets only grant pull access for the member repositories. ### Federation Proposals (Origin Gitblit Instance) Once you have properly setup your passphrase and can see your federation tokens, you are ready to share them with a pulling Gitblit instance. -The registration process can be partially automated by sending a *federation proposal* to another Gitblit instance.
+The registration process can be partially automated by sending a *federation proposal* to the pulling Gitblit instance.
To send a proposal: 1. Login to your Gitblit instance as an administrator -2. Select and click the *send proposal* link for the appropriate token at the bottom of the repositories page -3. Enter the url of the Gitblit instance you want to federate with -4. Click submit +2. Select and click the *propose* link for the appropriate token at the bottom of the repositories page +3. Confirm the publicly accessible url of your (origin) Gitblit instance +4. Enter the url of the pulling Gitblit instance you want to federate with +5. Optionally enter a message for the administrators +6. Click *propose* Not all Gitblit instances accept *federation proposals*, there is a setting which allows Gitblit to outright reject them. In this case an email or instant message to the administrator of the other Gitblit instance is required. :) -If your proposal is accepted, the proposal is cached to disk on the remote Gitblit server and, if properly configured, the administrators of that Gitblit server will receive an email notification of your proposal. +If your proposal is accepted, the proposal is cached to disk on the pulling Gitblit server and, if properly configured, the administrators of that Gitblit server will receive an email notification of your proposal. Your proposal includes: @@ -75,18 +80,18 @@ Your proposal includes: 2. the federation token you selected and its type 3. the list of your *non-excluded* repositories, and their configuration details, that you propose to share -Submitting a proposal does not automatically register your server with the remote Gitblit instance.
+Submitting a proposal does not automatically register your server with the pulling Gitblit instance.
Registration is a manual process for an administrator. ### Federation Proposals (Pulling Gitblit Instance) If your Giblit instance has received a *federation proposal*, you will be alerted to that information the next time you login to Gitblit as an administrator. -You may view the details of a proposal from scrolling down to the bottom of the repositories page and selecting a proposal. Sample registration settings will be generated for you that you may copy & paste into either your `gitblit.properties` file or your `web.xml` file. +You may view the details of a proposal by scrolling down to the bottom of the repositories page and selecting a proposal. Sample registration settings will be generated for you that you may copy & paste into either your `gitblit.properties` file or your `web.xml` file. ### Excluding Repositories (Origin Gitblit Instance) -You may exclude a repository from being pulled by a federated Gitblit instance by setting its *federation strategy* in the repository's settings page. +You may exclude a repository from being pulled by a federated Gitblit instance by setting its *federation strategy* to EXCLUDE in the repository's settings page. ### Excluding Repositories (Pulling Gitblit Instance) @@ -120,8 +125,6 @@ The federation process executes using an internal administrator account, *$gitbl While the *$gitblit* account has access to all repositories, server settings, and user accounts, it is prohibited from accessing the web ui and it is disabled if *federation.passphrase* is empty. -The federation feature should be considered a backdoor and enabled or disabled as appropriate for your installation. - ### How does it work? (Pulling Gitblit Instances) Federated repositories defined in `gitblit.properties` are checked after Gitblit has been running for 1 minute. The next registration check is scheduled at the completion of the current registration check based on the registration's specified frequency. @@ -140,7 +143,7 @@ If they do not match, the repository is skipped and this is indicated in the log #### User Accounts -By default all user accounts except the *admin* account are automatically pulled when using the *ALL* token or the *USERS_AND_REPOSITORIES* token. You may exclude a user account form being pulled by a federated Gitblit instance by checking *exclude from federation* in the edit user page. +By default all user accounts except the *admin* account are automatically pulled when using the *ALL* token or the *USERS_AND_REPOSITORIES* token. You may exclude a user account from being pulled by a federated Gitblit instance by checking *exclude from federation* in the edit user page. The pulling Gitblit instance will store a registration-specific `users.properties` file for the pulled user accounts and their repository permissions. This file is stored in the *federation.N.folder* folder. @@ -148,11 +151,11 @@ If you specify *federation.N.mergeAccounts=true*, then the user accounts from th **NOTE:**
Upgrades from older Gitblit versions will not have the *#notfederated* role assigned to the *admin* account. Without that role, your admin account WILL be transferred with an *ALL* or *USERS_AND_REPOSITORIES* token.
-Please consider setting that flag! +Please consider adding the *#notfederated* role to your admin account! #### Server Settings -Server settings are automatically pulled when using the *ALL* token. +Server settings are only pulled when using the *ALL* token. The pulling Gitblit instance will store a registration-specific `gitblit.properties` file for all pulled settings. This file is stored in the *federation.N.folder* folder. @@ -189,6 +192,11 @@ By default, federated repositories can not be pushed to, they are read-only by t the destination folder, relative to *git.repositoriesFolder*, for these repositories.
default is *git.repositoriesFolder* +federation.N.bare +boolean +if **true** *(default)*, each repository is cloned as a bare repository (i.e. no working folder). + + federation.N.mirror boolean if **true** *(default)*, each repository HEAD is reset to *origin/master* after each pull. The repository is flagged *isFrozen* after the initial clone.

If **false**, each repository HEAD will point to the FETCH_HEAD of the initial clone from the origin until pushed to or otherwise manipulated. @@ -226,51 +234,56 @@ These examples would be entered into the `gitblit.properties` file of the pullin #### (Nearly) Perfect Mirror Example -This assumes that the *token* is the *ALL* token from the origin gitblit instance.
-The repositories, example1_users.properties, and example1_gitblit.properties will be put in *git.repositoriesFolder* and the origin user accounts will be merged into the local user accounts, including passwords and administrator status. The mirror instance will also send a status acknowledgment at the end of the pull operation which will include the state of each repository pull (EXCLUDED, SKIPPED, PULLED). This way the origin Gitblit instance can monitor the health of its mirrors. +This assumes that the *token* is the *ALL* token from the origin gitblit instance. + +The repositories, example1_users.properties, and example1_gitblit.properties will be put in *git.repositoriesFolder* and the origin user accounts will be merged into the local user accounts, including passwords and all roles. The Gitblit instance will also send a status acknowledgment to the origin Gitblit instance at the end of the pull operation. The status report will include the state of each repository pull (EXCLUDED, SKIPPED, NOCHANGE, PULLED, MIRRORED). This way the origin Gitblit instance can monitor the health of its mirrors. -This example is considered *nearly* perfect because while the remote Gitblit's server settings are pulled and saved locally, they are not merged with your server settings so its not a true mirror, but its likely the mirror you'd want to configure. +This example is considered *nearly* perfect because while the origin Gitblit's server settings are pulled and saved locally, they are not merged with your server settings so its not a true mirror, but its likely the mirror you'd want to configure. federation.example1.url = https://go.gitblit.com federation.example1.token = 6f3b8a24bf970f17289b234284c94f43eb42f0e4 federation.example1.frequency = 120 mins - federation.example1.folder = + federation.example1.folder = + federation.example1.bare = true federation.example1.mirror = true federation.example1.mergeAccounts = true federation.example1.sendStatus = true #### Just Repositories Example -This assumes that the *token* is the *REPOSITORIES* token from the remote gitblit instance.
+This assumes that the *token* is the *REPOSITORIES* token from the origin gitblit instance.
The repositories will be put in *git.repositoriesFolder*/example2. federation.example2.url = https://tomcat.gitblit.com/gitblit federation.example2.token = 6f3b8a24bf970f17289b234284c94f43eb42f0e4 federation.example2.frequency = 120 mins federation.example2.folder = example2 + federation.example2.bare = true federation.example2.mirror = true #### All-but-One Repository Example -This assumes that the *token* is the *REPOSITORIES* token from the remote gitblit instance.
+This assumes that the *token* is the *REPOSITORIES* token from the origin gitblit instance.
The repositories will be put in *git.repositoriesFolder*/example3. federation.example3.url = https://tomcat.gitblit.com/gitblit federation.example3.token = 6f3b8a24bf970f17289b234284c94f43eb42f0e4 federation.example3.frequency = 120 mins federation.example3.folder = example3 + federation.example3.bare = true federation.example3.mirror = true federation.example3.exclude = somerepo.git #### Just One Repository Example -This assumes that the *token* is the *REPOSITORIES* token from the remote gitblit instance.
+This assumes that the *token* is the *REPOSITORIES* token from the origin gitblit instance.
The repositories will be put in *git.repositoriesFolder*/example4. federation.example4.url = https://tomcat.gitblit.com/gitblit federation.example4.token = 6f3b8a24bf970f17289b234284c94f43eb42f0e4 federation.example4.frequency = 120 mins federation.example4.folder = example4 + federation.example4.bare = true federation.example4.mirror = true federation.example4.exclude = * federation.example4.include = somerepo.git \ No newline at end of file diff --git a/src/com/gitblit/FederationPullExecutor.java b/src/com/gitblit/FederationPullExecutor.java index 50099861..f27ea3c2 100644 --- a/src/com/gitblit/FederationPullExecutor.java +++ b/src/com/gitblit/FederationPullExecutor.java @@ -182,7 +182,7 @@ public class FederationPullExecutor implements Runnable { logger.info(MessageFormat.format("Pulling federated repository {0} from {1} @ {2}", repository.name, registration.name, registration.url)); CloneResult result = JGitUtils.cloneRepository(registrationFolderFile, repository.name, - cloneUrl, credentials); + cloneUrl, registration.bare, credentials); Repository r = GitBlit.self().getRepository(repositoryName); RepositoryModel rm = GitBlit.self().getRepositoryModel(repositoryName); repository.isFrozen = registration.mirror; diff --git a/src/com/gitblit/GitBlit.java b/src/com/gitblit/GitBlit.java index f3ad3634..c2b214b4 100644 --- a/src/com/gitblit/GitBlit.java +++ b/src/com/gitblit/GitBlit.java @@ -872,6 +872,9 @@ public class GitBlit implements ServletContextListener { } else if (setting.equals("folder")) { // destination folder of the pull operation federatedModels.get(server).folder = settings.getString(key, ""); + } else if (setting.equals("bare")) { + // whether pulled repositories should be bare + federatedModels.get(server).bare = settings.getBoolean(key, true); } else if (setting.equals("mirror")) { // are the repositories to be true mirrors of the origin federatedModels.get(server).mirror = settings.getBoolean(key, true); diff --git a/src/com/gitblit/models/FederationModel.java b/src/com/gitblit/models/FederationModel.java index 39051909..efb1b322 100644 --- a/src/com/gitblit/models/FederationModel.java +++ b/src/com/gitblit/models/FederationModel.java @@ -45,6 +45,8 @@ public class FederationModel implements Serializable, Comparable