Gitolite charm

Bug #906176 reported by Chris Hardee on 2011-12-19
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Juju Charms Collection
Marco Ceppi

Bug Description


Initial working charm for Gitolite, has limited functionality at the moment but can create repositories and administer users.

Provides a server interface: gitolite

Nick Barcet (nijaba) wrote :

Thanks a lot for this new charm, it's a great idea!

I am not an "official" reviewer, but here are a few remarks from my point of view:

[1] shared fs backend:
due to the ephemeral nature of instances, it might make sense to propose to use a shared file systems where the git repository are stored. I would suggest, to use a ceph or nfs relation to share the files (charms already exist for both). This would also allow to use "add-unit" to increase the number of unit while publishing the same repositority, which is the whole point of juju, IMHO. It also would prevent from loosing all the repo if the instance this is running on was to die.

[2] readme:
It is a good practice (not a requirement) to place a readme file in the charm's directory to explain how to use your charm, give caveats, examples etc...

[3] chmod 777 "$KEY_FILE"
are you sure you want to make your key read/write/execute to the world? 660 would seem more appropriate.

[4] config-changed hook
it would be nice to implement config-changed event to allow for a change of the keys

[5] start/stop hook
need to be implemented. A simple 'service <service-name> [restart|stop] is generally enough.

Thanks again for your work. This is only my 2 cents review as a community charmer.

Chris Hardee (shazzner) wrote :

Hey Nick, thanks for your feedback that's exactly what I was looking for. The shared fs backend was something I hadn't thought about and makes a lot of sense. I'll continue to work on this, thanks! :)

Mark Mims (mark-mims) wrote :

please update this bug status when you want another round of review

Changed in charm:
status: New → In Progress
Changed in charms:
importance: Undecided → Wishlist
assignee: nobody → shazzner (shazzner)
Jorge Castro (jorge) wrote :

This might be interesting as an option (not sure if it should be a separate charm or not though)

Chris Hardee (shazzner) wrote :

Thanks Jorge, I need to get back and finish this.

Jorge Castro (jorge) wrote :

Nice! When you need a review just tack 'new-charm' as a tag on this bug, thanks!

Jorge Castro (jorge) wrote :

Oh whoops, I see you did that already. Do you need a review on this now?

Chris Hardee (shazzner) wrote :

Not yet! Need to finish some items, it should be ready to review before Friday though. Thanks!

tags: removed: new-charm
Chris Hardee (shazzner) wrote :

Finished most items, Gitlab will be moved to a separate charm since gitolite doesn't really exist independently from it. I'd like to add theme configuration and some additional Gitweb options in the future.

tags: added: new-charm
Jorge Castro (jorge) wrote :

Marking committed so we can get this in review, thanks shazzner!

Changed in charms:
status: In Progress → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Hi shazzner. This is almost ready for promulgation. The only blocker is that the 'provides' listed in the metadata.yaml do not actually provide anything. At the very least, the website/http relation needs to have a 'website-relation-joined' hook that does

relation-set hostname=`unit-get private-address` port=80

The server side is less important since I don't see any 'requires' in the charm store for gitolite.

Fix those relations so they perform some function, or remove them from metadata.yaml.

Another blocker, you have a predictable file creation in /tmp, which is a security problem since a user could create a symlink to a file which they can then cause you to overwrite. Its super minor, but a well known problem and could cause issues later:

KEY_NAME=`config-get pub-key-name`

juju-log "Created: $KEY_FILE"
PUB_KEY=`config-get pub-key`
echo "$PUB_KEY" >> "$KEY_FILE"

This might be ok since its only during install, but it would be MUCH better and simple to use mktemp to create a random filename:

KEY_FILE=`mktemp /tmp/$`

Some other minors (fix these at your leisure, they are not blockers for the charm store):

* indent the gitweb sed's at the end of install

* consider moving almost all of the install bits that use config-get to a config-changed hook. This will allow the service to be changed after initial deploy, and shouldn't require any logic changes.

* Perhaps also consider locking SSH down by disabling password logins. Since you'll be exposing port 22.. its important to make sure the brute forcers never succeed.

Changed in charms:
status: Fix Committed → Incomplete
Chris Hardee (shazzner) wrote :

Updated the Gitolite charm with Clints suggestions, thanks for you feedback :)

Changed in charms:
status: Incomplete → Fix Committed
Clint Byrum (clint-fewbar) wrote :

Hi shazzner. Thanks for the updates.

Unfortunately, this fails to deploy on precise, which is the new target for charms (I did not test on oneiric):

2012-04-19 06:05:58,554: hook.output@ERROR: /tmp/ must end in .pub

I think thats just a matter of changing the mktemp to be

There are a few more minors:

* 'hostname -f' is not reliable, and should not be used. I'll go ahead and fix since its such a minor thing. In the future, use 'unit-get private-address'.

* You've duplicated the config-changed logic in install. config-changed is always run directly after install. So there should never be a reason to do that.

* install is not idempotent. It will try to add the gitolite user and group again. This is important if there is a transient error and you need to use 'juju resolved gitolite/0 --retry' You can fix that by making gitolite a system user, and just using adduser:

adduser --system --group gitolite

However I'm not sure if you want gitolite to be a system user because of the ssh integration.

Which will not throw errors if the group or user exists.

* config-changed is not idempotent. Here:

  if [ "$installgitweb" = "true" ] ; then
        usermod -a -G gitolite www-data
        mkdir /var/www/gitweb

        ln -s /usr/share/gitweb/* /var/www/gitweb/.

        service apache2 restart

The mkdir should have '-p' so that it won't fail if the directory exists. The ln should also have a '-f' so it will not error out because the links exist already. This is important because it will be run every time any config options are changed.

* PasswordAuthentication is turned off in the config file, but you need to reload the ssh service to make that take effect.

Anyway, thanks for sticking with this. I am excited for the charm to be in the charm store!

Changed in charms:
status: Fix Committed → Incomplete
Chris Hardee (shazzner) wrote :

Thanks Clint, let me get this working. :)

Chris Hardee (shazzner) on 2012-05-09
Changed in charms:
assignee: shazzner (shazzner) → nobody
Marco Ceppi (marcoceppi) on 2012-05-09
Changed in charms:
assignee: nobody → Marco Ceppi (marcoceppi)
Marco Ceppi (marcoceppi) on 2012-05-10
Changed in charms:
status: Incomplete → Fix Committed
Juan L. Negron (negronjl) wrote :

Reviewing this now.


Juan L. Negron (negronjl) wrote :

The changes suggested by Clint above have not been applied yet so, at this point, the charm still needs to be revised.


Changed in charms:
status: Fix Committed → Incomplete
Marco Ceppi (marcoceppi) wrote :

Juan, did you review the shazzner or the marcoceppi branch?

Jorge Castro (jorge) on 2012-11-19
tags: removed: new-charm
Jorge Castro (jorge) wrote :

Is anyone working on this?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers