Configure Gerrit for SSH

Set up the SSH keys

Important

The target repo must NOT already exist in Helix Core Server.

The source repo must not be empty.

  1. On the Git Connector server, log in as the root user.

  2. Create a .ssh directory:

    mkdir /var/www/.ssh

  3. Assign the owner of the directory to be the web-service-user:

    chown web-service-user:gconn-auth /var/www/.ssh

  4. Switch user from root to the web-service-user:

    Ubuntu CentOS
    su -s /bin/bash - www-data su -s /bin/bash - apache

    and generate the public and private SSH keys for the Git Connector instance:

    ssh-keygen -t rsa -b 4096 -C web-service-user@gitConnector.com

    then follow the prompts.

  5. Locate the public key:

    /var/www/.ssh/id_rsa.pub

  6. Copy this public key to the Gerrit server and add /var/www/.ssh/id_rsa.pub to the user account (helix-user) that performs clone and fetch for mirroring.
  7. Configure the webhook for mirroring:
    1. Set the environment variable GCONN_CONFIG to the absolute path to the gconn.conf file:

      export GCONN_CONFIG=/opt/perforce/git-connector/gconn.conf

    2. Add the web hook:

      gconn --mirrorhooks add graphDepotName/repoName ssh://helix-user@GerritHost.com/repoName.git

  8. Save the secret token that the --mirrorhooks command generates.

    Tip

    The secret token is also stored in /opt/perforce/git-connector/repos/graphDepotName/repoName.git/.mirror.config.

On the Gerrit server

Update the configuration file for the Gerrit repository in the GERRIT_SITE/git/repoName/config file,

where GERRIT_SITE represents the root directory of your Gerrit server.

[gconn]
mirror-url = https://GitConnector.com/mirrorhooks
token = <secret_token from /opt/perforce/git-connector/repos/graphDepot/repoName.git/.mirror.config>
git-ssh-url = <upstream_url from /opt/perforce/git-connector/repos/graphDepot/repoName.git/.mirror.config>
[gconn "http"]
sslverify = false

Next step

Testing the mirror hook