scheduler should set private key for gerrit jobs

Author: ib-steffen

deploy/infrabox/templates/_helpers.tpl

@@ -95,11 +95,13 @@ https://{{- required "host is required" .Values.host -}}:{{- .Values.port -}}
 {{ end }}
 
 {{ define "mounts_gerrit" }}
+{{ if .Values.gerrit.enabled }}
 -
     name: gerrit-ssh
     mountPath: /tmp/gerrit
     readOnly: true
 {{ end }}
+{{ end }}
 
 {{ define "volumes_gerrit" }}
 {{ if .Values.gerrit.enabled }}

deploy/infrabox/templates/function_crd.yaml

@@ -15,7 +15,6 @@ spec:
             memory: 1Gi
     env:
     {{ include "env_general" . | indent 4 }}
-    {{ include "env_gerrit" . | indent 4 }}
     -
         name: INFRABOX_JOB_STORAGE_DRIVER
         value: {{ .Values.job.storage_driver }}

deploy/infrabox/templates/scheduler/deployment.yaml

@@ -35,6 +35,8 @@ spec:
                     value: "443"
                 volumeMounts:
                 {{ include "mounts_rsa_private" . | indent 16 }}
+                {{ include "mounts_gerrit" . | indent 16 }}
             volumes:
                 {{ include "volumes_database" . | indent 16 }}
                 {{ include "volumes_rsa" . | indent 16 }}
+                {{ include "volumes_gerrit" . | indent 16 }}

src/scheduler/kubernetes/scheduler.py

@@ -542,7 +542,7 @@ def kube_delete_job(self, job_id):
         except:
             pass
 
-    def kube_job(self, job_id, cpu, mem, private_key, services=None):
+    def kube_job(self, job_id, cpu, mem, services=None):
         h = {'Authorization': 'Bearer %s' % self.args.token}
 
         job_token = encode_job_token(job_id).decode()
@@ -561,7 +561,33 @@ def kube_job(self, job_id, cpu, mem, private_key, services=None):
             'value': str(cpu)
         }]
 
-        if private_key:
+        # Get ssh key for private repos
+        cursor = self.conn.cursor()
+        cursor.execute('''
+            SELECT p.type, p.id
+            FROM project p
+            JOIN job j
+            ON j.project_id = p.id
+            WHERE j.id = %s
+        ''', [job_id])
+        result = cursor.fetchone()
+        cursor.close()
+
+        project_type = result[0]
+        project_id = result[1]
+
+        private_key = None
+        if project_type == 'github':
+            cursor = self.conn.cursor()
+            cursor.execute('''
+                SELECT r.private_key
+                FROM repository r
+                WHERE r.project_id = %s
+            ''', [project_id])
+            result = cursor.fetchone()
+            cursor.close()
+            private_key = result[0]
+
             env += [{
                 'name': 'INFRABOX_GIT_PORT',
                 'value': '443'
@@ -572,6 +598,18 @@ def kube_job(self, job_id, cpu, mem, private_key, services=None):
                 'name': 'INFRABOX_GIT_PRIVATE_KEY',
                 'value': private_key
             }]
+        elif project_type == 'gerrit':
+            with open(os.environ['INFRABOX_GERRIT_KEY_FILENAME']) as key:
+                env += [{
+                    'name': 'INFRABOX_GIT_PORT',
+                    'value': os.environ['INFRABOX_GERRIT_PORT']
+                }, {
+                    'name': 'INFRABOX_GIT_HOSTNAME',
+                    'value': os.environ['INFRABOX_GERRIT_HOSTNAME']
+                }, {
+                    'name': 'INFRABOX_GIT_PRIVATE_KEY',
+                    'value': key.read()
+                }]
 
         root_url = os.environ['INFRABOX_ROOT_URL']
 
@@ -634,34 +672,7 @@ def schedule_job(self, job_id, cpu, memory):
         if definition and 'services' in definition:
             services = definition['services']
 
-        # Get ssh key for private repos
-        cursor = self.conn.cursor()
-        cursor.execute('''
-            SELECT p.type, p.id
-            FROM project p
-            JOIN job j
-            ON j.project_id = p.id
-            WHERE j.id = %s
-        ''', [job_id])
-        result = cursor.fetchone()
-        cursor.close()
-
-        project_type = result[0]
-        project_id = result[1]
-
-        private_key = None
-        if project_type == 'github':
-            cursor = self.conn.cursor()
-            cursor.execute('''
-                SELECT r.private_key
-                FROM repository r
-                WHERE r.project_id = %s
-            ''', [project_id])
-            result = cursor.fetchone()
-            cursor.close()
-            private_key = result[0]
-
-        if not self.kube_job(job_id, cpu, memory, private_key, services=services):
+        if not self.kube_job(job_id, cpu, memory, services=services):
             return
 
         cursor = self.conn.cursor()