Merge "gerrit: deploy 3.3.0"
diff --git a/WORKSPACE b/WORKSPACE
index 2c30246..36a26fe 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -157,11 +157,11 @@
)
container_pull(
- name = "gerrit-3.0.8",
+ name = "gerrit-3.3.0",
registry = "index.docker.io",
repository = "gerritcodereview/gerrit",
- tag = "3.0.8-ubuntu18",
- digest = "sha256:8f58236129e6547d92502a2e9d8f40129f45f15007beaeafb59fed4faffddb3e",
+ tag = "3.3.0-ubuntu20",
+ digest = "sha256:c7c43db7be19394a9a5f28a016d0063be2713144dc4bb815ceb698c895bc88d1",
)
# third_party/factorio
@@ -174,85 +174,15 @@
git_repository(
name = "com_googlesource_gerrit_bazlets",
remote = "https://gerrit.googlesource.com/bazlets",
- commit = "1d381f01c853e2c02ae35430a8e294e485635d62",
- shallow_since = "1559431096 -0400",
+ commit = "a511f3c90129d7de7ae67c0637001162980c08d5",
)
load("@com_googlesource_gerrit_bazlets//:gerrit_api.bzl", "gerrit_api")
gerrit_api()
-load("@com_googlesource_gerrit_bazlets//tools:maven_jar.bzl", gerrit_maven_jar = "maven_jar", "GERRIT")
-
-PROLOG_VERS = "1.4.3"
-
-JACKSON_VER = "2.9.7"
-
-gerrit_maven_jar(
- name = "scribe",
- artifact = "org.scribe:scribe:1.3.7",
- sha1 = "583921bed46635d9f529ef5f14f7c9e83367bc6e",
-)
-
-gerrit_maven_jar(
- name = "commons-codec",
- artifact = "commons-codec:commons-codec:1.4",
- sha1 = "4216af16d38465bbab0f3dff8efa14204f7a399a",
-)
-
-gerrit_maven_jar(
- name = "jackson-core",
- artifact = "com.fasterxml.jackson.core:jackson-core:" + JACKSON_VER,
- sha1 = "4b7f0e0dc527fab032e9800ed231080fdc3ac015",
-)
-
-gerrit_maven_jar(
- name = "jackson-databind",
- artifact = "com.fasterxml.jackson.core:jackson-databind:" + JACKSON_VER,
- sha1 = "e6faad47abd3179666e89068485a1b88a195ceb7",
-)
-
-gerrit_maven_jar(
- name = "jackson-annotations",
- artifact = "com.fasterxml.jackson.core:jackson-annotations:" + JACKSON_VER,
- sha1 = "4b838e5c4fc17ac02f3293e9a558bb781a51c46d",
-)
-
-gerrit_maven_jar(
- name = "jackson-dataformat-yaml",
- artifact = "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:" + JACKSON_VER,
- sha1 = "a428edc4bb34a2da98a50eb759c26941d4e85960",
-)
-
-gerrit_maven_jar(
- name = "snakeyaml",
- artifact = "org.yaml:snakeyaml:1.23",
- sha1 = "ec62d74fe50689c28c0ff5b35d3aebcaa8b5be68",
-)
-
-gerrit_maven_jar(
- name = "prolog-runtime",
- artifact = "com.googlecode.prolog-cafe:prolog-runtime:" + PROLOG_VERS,
- attach_source = False,
- repository = GERRIT,
- sha1 = "d5206556cbc76ffeab21313ffc47b586a1efbcbb",
-)
-
-gerrit_maven_jar(
- name = "prolog-compiler",
- artifact = "com.googlecode.prolog-cafe:prolog-compiler:" + PROLOG_VERS,
- attach_source = False,
- repository = GERRIT,
- sha1 = "f37032cf1dec3e064427745bc59da5a12757a3b2",
-)
-
-gerrit_maven_jar(
- name = "prolog-io",
- artifact = "com.googlecode.prolog-cafe:prolog-io:" + PROLOG_VERS,
- attach_source = False,
- repository = GERRIT,
- sha1 = "d02b2640b26f64036b6ba2b45e4acc79281cea17",
-)
+load("//devtools/gerrit/gerrit-oauth-provider:external_plugin_deps.bzl", gerrit_oauth_deps="external_plugin_deps")
+gerrit_oauth_deps(omit_commons_codec=False)
# minecraft spigot/bukkit deps
# this uses rules_jvm_external vs gerrit's maven_jar because we need SNAPSHOT support
@@ -312,9 +242,10 @@
git_repository(
name = "com_googlesource_gerrit_plugin_owners",
remote = "https://gerrit.googlesource.com/plugins/owners/",
- commit = "5e691e87b8c00a04d261a8dd313f4d16c54797e8",
- shallow_since = "1559729722 +0900",
+ commit = "17817c9e319073c03513f9d5177b6142b8fd567b",
)
+load("@com_googlesource_gerrit_plugin_owners//:external_plugin_deps_standalone.bzl", gerrit_owners_deps="external_plugin_deps_standalone")
+gerrit_owners_deps()
# Go image repos for Docker
diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix b/bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
index d6ed36a..c93048a 100644
--- a/bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf-hardware.nix
@@ -27,6 +27,7 @@
{ device = "/dev/disk/by-uuid/D8BA-345D";
fsType = "vfat";
};
+ hscloud.anchorvm.blkdev = "/dev/janusz-vg/ripeanchor";
swapDevices =
[ { device = "/dev/disk/by-uuid/5dadcff4-fcd4-4e8d-81f6-be68fb630396"; }
diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf.nix b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
index 1ff21fb..cf61bd9 100644
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@@ -22,7 +22,7 @@
imports = [
./modules/router.nix
-
+ ./modules/anchorvm.nix
# Private configuration data - notably, customer data.
./secrets/plain/edge01.waw.bgp.wtf-private.nix
];
@@ -129,9 +129,22 @@
ipv4.addresses = [ { address = "185.236.240.14"; prefixLength = 31; } ];
ipv6.addresses = [ { address = "2a0d:eb00:2137:1::a"; prefixLength = 127; } ];
};
+ # VM bridge
+ "br0" = {
+ ipv4.addresses = [ { address = "185.236.240.17"; prefixLength = 29; } ];
+ ipv6.addresses = [ { address = "2a0d:eb00:2137:3::1"; prefixLength = 64; } ];
+ };
# Extra interface configs contained in //bgpwtf/machines/secrets/plain/edge01.waw.bgp.wtf-private.nix
};
+ networking.bridges = {
+ "br0" = {
+ interfaces = [];
+ };
+ };
+ hscloud.anchorvm = {
+ bridge = "br0";
+ };
hscloud.routing.enable = true;
hscloud.routing.routerID = "185.236.240.1";
diff --git a/bgpwtf/machines/modules/anchorvm.nix b/bgpwtf/machines/modules/anchorvm.nix
new file mode 100644
index 0000000..9c7b17f
--- /dev/null
+++ b/bgpwtf/machines/modules/anchorvm.nix
@@ -0,0 +1,44 @@
+# This module runs the RIPE anchor VM in a bare qemu.
+# It's expected that a storage LV is created independently and passed as blkdev.
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+ cfg = config.hscloud.anchorvm;
+
+in {
+ options.hscloud.anchorvm = {
+ blkdev = mkOption {
+ type = types.str;
+ description = "Root block device";
+ };
+ bridge = mkOption {
+ type = types.str;
+ description = "bridge interface";
+ };
+ ram = mkOption {
+ type = types.int;
+ description = "memory allocated to the vm";
+ default = 2048;
+ };
+ };
+
+ config.systemd.services.anchorvm = {
+ wantedBy = [ "multi-user.target" ];
+ after = [
+ "network.target"
+ ];
+ serviceConfig = {
+ Type = "simple";
+ # spawn=allow needed for bridge helper
+ ExecStart = ''${pkgs.qemu}/bin/qemu-kvm \
+ -nographic -m ${toString cfg.ram} -smp 2 \
+ -drive file=${cfg.blkdev},if=virtio,cache=none,format=raw \
+ -nic bridge,br=${cfg.bridge},model=virtio-net-pci \
+ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=allow,resourcecontrol=deny
+ '';
+ Restart = "always";
+ };
+ };
+}
diff --git a/bgpwtf/machines/tests/edge01-waw.nix b/bgpwtf/machines/tests/edge01-waw.nix
index e0298d2..535418f 100644
--- a/bgpwtf/machines/tests/edge01-waw.nix
+++ b/bgpwtf/machines/tests/edge01-waw.nix
@@ -163,6 +163,17 @@
"e4-oob" = { virtual = true; virtualType = "tap"; };
"e7-dcsw" = { virtual = true; virtualType = "tap"; };
};
+ hscloud.anchorvm = {
+ blkdev = "/anchor.img";
+ ram = 32;
+ };
+ systemd.services.anchorTestImg = {
+ requiredBy = [ "anchorvm.service" ];
+ serviceConfig = {
+ Type = "oneshot";
+ ExecStart = "${pkgs.coreutils}/bin/truncate -s 128m /anchor.img";
+ };
+ };
};
speaker = mkBGPSpeaker;