Gerrit at SAP

Introduction
Project Administration & Self-Services
Future Plans

Introduction

SAP AG

market leader in enterprise application software
more than 65.500 employees
more than 100.000 customers and 12 million users
office locations in more than 130 countries

Gerrit at SAP

Why is SAP using Gerrit?

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.
We believe in Code Review.

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.
We believe in Code Review.
Fosters Collaboration between Teams.

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.
We believe in Code Review.
Fosters Collaboration between Teams.
Highly Customizable Workflows
- Access Rights
- Prolog Submit Rules

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.
We believe in Code Review.
Fosters Collaboration between Teams.
Highly Customizable Workflows
Automatic Verifications of Open Changes
- Gerrit Trigger on Jenkins

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.
We believe in Code Review.
Fosters Collaboration between Teams.
Highly Customizable Workflows
Automatic Verifications of Open Changes
Easy Integration with other Tools
- REST API
- Stream Events
- Plugins

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.
We believe in Code Review.
Fosters Collaboration between Teams.
Highly Customizable Workflows
Automatic Verifications of Open Changes
Easy Integration with other Tools
Runs very stable + Low Administration Effort

Gerrit at SAP

Why is SAP using Gerrit?

We like Git.
We believe in Code Review.
Fosters Collaboration between Teams.
Highly Customizable Workflows
Automatic Verifications of Open Changes
Easy Integration with other Tools
Runs very stable + Low Administration Effort
Large Open Source Community, Friendly Licence, no Licence Fees

Gerrit at SAP

using Gerrit since 2010
2 Gerrit maintainers
multiple committers in JGit and EGit

Gerrit at SAP

Main instance (2.7)

mainly small projects
number of projects: > 5K (~70GB)
number of users: ~ 8K
number of changes: ~ 400K
virtual machine: 16 CPU, 64GB RAM

Special instance (2.5.2)

1 huge project (~15GB)
number of users: > 2K
hardware cluster, 80 CPU, 1TB RAM

Further Gerrit instances in preparation.

Project Administration & Self-Services

SAP Project Portal

Central index of all projects

Project Search

Quick Search

../../img/project-portal-search-1.png

Result

../../img/project-portal-search-2.png

Project Info

../../img/project-portal-project-info.png

Project Info

../../img/project-portal-project-info-about.png

Project Info

../../img/project-portal-project-info-project-team.png

Project Info

../../img/project-portal-project-info-links.png

Contribute to a project

find project in Project Portal
clone the Git repository
make a change and push to Gerrit for review

Contribute to a project

Everyone at SAP can contribute to any SAP project ➊!

Committer/Contributor model

_{➊ any project hosted in Gerrit}

Project Creation

Self-Service for creating new projects via SAP Project Portal

Skalli

../../img/skalli.png

Open Source project management tool
http://www.eclipse.org/skalli/
SAP Project Portal = Skalli + SAP specific extensions

Default Access Rights

The project creator becomes project owner

Default Access Rights

The project creator becomes project owner
The project owner group is self-owned

Default Access Rights

The project creator becomes project owner
The project owner group is self-owned
By default Project Owners can approve, verify, submit and push tags

Default Access Rights

The project creator becomes project owner
The project owner group is self-owned
By default Project Owners can approve, verify, submit and push tags
Everyone can push for review and forge authors

Default Access Rights

Project access rights

../../img/project-access-rights.png

Inherited default access rights

../../img/default-access-rights.png

Default Access Rights

Teams can start working without touching the access rights.

Default Access Rights

Teams can start working without touching the access rights.
Teams can adapt the access rights to their needs
- enables team specific workflows (e.g. bypass code review)

Default Access Rights

Teams can start working without touching the access rights.
Teams can adapt the access rights to their needs
- enables team specific workflows (e.g. bypass code review)
Teams can configure custom Prolog rules, e.g.:
- 2 teams collaborate on 1 project, core team has to approve changes in core files
- enforce 4-eyes-principle by prohibiting merging own changes

Default Access Rights

Best practices about which access rights should be assigned to which roles are documented.

Default Access Rights

Best practices about which access rights should be assigned to which roles are documented.
Everyone can create new groups in Gerrit.

Default Access Rights

Best practices about which access rights should be assigned to which roles are documented.
Everyone can create new groups in Gerrit.
refs/meta/config is readable for all
By default new groups are visible to all users:
gerrit.config
```
  [groups]
    newGroupsVisibleToAll = true
```

Decentralized Project Administration

maximal freedom for teams to customize their workflows
low central administration effort
2 admins spend a few hours per week on Gerrit administration

SAP Product Standards

Requirements for development infrastructures

security
traceability
etc.

SAP Product Standards

For each code change it must be possible to find the person that was doing the change.

Forge Committer is BLOCKED on All-Projects

SAP Product Standards

Traceability

ref logs never expire

GC script automatically sets:

  gc.reflogexpire = never
  gc.reflogexpireunreachable = never

reviewnotes plugin is used

SAP Product Standards

Every release build must be reproducable.

Every release build is tagged
Release tags must never be deleted
Force Push for release tags is BLOCKED on All-Projects

SAP Product Standards

Special processes are enforced for release branches:

code review mandatory
release notes for customers
custom review label in Gerrit with automated voting
etc.

Self-Service for Service User Creation

many teams use Jenkins with Gerrit Trigger Plugin for verification of open changes
for each Jenkins instance a new service user needs to be created
service users must not be able to push commits
serviceuser Plugin (Gerrit 2.9)

Configuration of serviceuser Plugin

../../img/service-user-plugin-administration.png

Configuration of serviceuser Plugin

../../img/service-user-plugin-administration-help-messages.png

Configuration of serviceuser Plugin

../../img/service-user-plugin-administration-email.png

Configuration of serviceuser Plugin

../../img/service-user-plugin-administration-git-notes.png

Observed misuses of Gerrit

storage of Linux ISO images
backup of database dumps
(unintentional) upload of heap dumps
usage as general purpose backup for arbitary files

Protect against misuse of Gerrit

Files larger than 20 MB cannot be pushed

  [receive]
    maxObjectSizeLimit = 20 m

Quota plugin
- limit max repository size

Administration Pain Points

project deletion
support to archive repositories is missing
project renaming
Project Owner confusion with Prolog
accidental removal of owner rights for project / group
configuration of periodical fetches for forked open source projects

Summary - Project Administration & Self-Services

decentralized project administration
- maximal freedom for teams to customize their workflows
- low central administration effort
enforcement of central requirements
- use BLOCK rules on access rights
Self-Services
- project creation via SAP Project Portal (Skalli)
- serviceuser plugin

Future Plans

Offer Gerrit as Git Service in the SAP HANA Cloud Platform.

Future Plans

Offer Gerrit as Git Service in the SAP HANA Cloud Platform.

SAP HANA Cloud Platform: SAP platform that enables customers and developers to build, extend and run applications on SAP HANA in the cloud.

Future Plans

Offer Gerrit as Git Service in the SAP HANA Cloud Platform.

SAP HANA Cloud Platform: SAP platform that enables customers and developers to build, extend and run applications on SAP HANA in the cloud.
SAP HANA is an in-memory, column-oriented, relational database management system

Helium

HTML5 applications
- static resources
- connect to existing backends via REST
applications are directly served from Git repositories
multiple versions can exist in parallel
online development in the cloud (Web IDE)
solution for SAP customers

../../img/helium.png

Requirements for Gerrit

must run on SAP HANA Cloud Platform
- enabling of service-to-service communication
- roles are assigned outside of Gerrit (e.g. Gerrit admin role)

Requirements for Gerrit

must run on SAP HANA Cloud Platform
isolation of Git repositories of different customers
- support for multi tenancy

Requirements for Gerrit

must run on SAP HANA Cloud Platform
isolation of Git repositories from different customers
protection against misuse
- enforcement of quotas per tenant

Requirements for Gerrit

must run on SAP HANA Cloud Platform
isolation of Git repositories from different customers
protection against misuse
metering

Requirements for Gerrit

must run on SAP HANA Cloud Platform
isolation of Git repositories of different customers
protection against misuse
metering
unattended installation and upgrade
- automatic schema and index upgrades
- automatic plugin installation
- packaging of different configuration and choosing one based on a system property

Multi Tenancy Support in Gerrit

Map tenant to top-level folder in Gerrit.

Multi Tenancy Support in Gerrit

Map tenant to top-level folder in Gerrit.

../../img/tenant-projects.png

Multi Tenancy Support in Gerrit

Tenant users must only see projects of their own tenant.

ProjectControl

  /** Can this user see this project exists? */
  public boolean isVisible() {
    if (user instanceof InternalUser && !isHidden()) {
      return true;
    }

    if (!canPerformOnAnyRef(Permission.READ) || isHidden()) {
      return false;
    }

    Project p = state.getProject();
    for (ProjectFilter e : visibilityExtensions) {
      if (!e.accept(p)) {
        return false;
      }
    }
    return true;
  }

ProjectFilter

  /**
   * An extension to the standard project visibility check
   */
  public interface ProjectFilter {
    public boolean accept(Project project);
  }

Tenant ProjectFilter

  class TenantAsTopLevelFolder implements ProjectFilter {
    private final Provider<CurrentUser> currentUser;
    private final DomainDbClient checker;

    @Inject
    public TenantAsTopLevelFolder(Provider<CurrentUser> currentUser,
        DomainDbClient checker) {
      this.currentUser = currentUser;
      this.checker = checker;
    }

    @Override
    public boolean accept(Project project) {
      if (currentUser.get().getCapabilities().canAdministrateServer()) {
        return true;
      }

      String projectName = project.getName();
      int n = projectName.indexOf('/');
      if (n == -1) {
        return false;
      }
      String tenant = projectName.substring(0, n);
      String userName = currentUser.get().getUserName();
      return checker.hasGitAccess(userName, tenant);
     }
  }

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Introduction

SAP AG

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Gerrit at SAP

Main instance (2.7)

Special instance (2.5.2)

Project Administration & Self-Services

SAP Project Portal

Project Search

Project Info

Project Info

Project Info

Project Info

Contribute to a project

Contribute to a project

Project Creation

Skalli

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Default Access Rights

Decentralized Project Administration

SAP Product Standards

SAP Product Standards

SAP Product Standards

SAP Product Standards

SAP Product Standards

Self-Service for Service User Creation

Configuration of serviceuser Plugin

Configuration of serviceuser Plugin

Configuration of serviceuser Plugin

Configuration of serviceuser Plugin

Configuration of serviceuser Plugin

Observed misuses of Gerrit

Protect against misuse of Gerrit

Administration Pain Points

Summary - Project Administration & Self-Services

Future Plans

Future Plans

Future Plans

Future Plans

Helium

Requirements for Gerrit

Requirements for Gerrit

Requirements for Gerrit

Requirements for Gerrit

Requirements for Gerrit

Multi Tenancy Support in Gerrit

Multi Tenancy Support in Gerrit

Multi Tenancy Support in Gerrit

Questions?