[Question] How to create initial (admin) user in Gerrit?

[tivaliy]

Hi @thinkernel
I have some problems. I was trying to use openfrontier/gerrit images to setup gerrit. All works fine. But now I want to create an initial (admin) user during gerrit installation process. So I'm trying to find solution also in your repos, but without any success. Can you bring me any idea about how to create initial (admin) Gerrit user exact in openfrontier/gerrit:latest -> 2.13.5?

[thinkernel]

Hi there. Sorry for the late response since I just came back from a personal leave.
As your question, I think it depends on what kind of authorization type you want to use.
By default, the first sign-in user will become the administrator automatically.
So the only thing you need to do is to add a script with nohup suffix and wirte some curl commands to access the login url of the Gerrit then put it under the /docker-entrypoint-init.d directory. But you do have to have an idm system like openldap or openid which can be used to authorize the sign-in process.
Here's an docker extension I use in my ci-compose project. The dockerfile and gerrit-create-user.sh might be an example for what you want to accomplish.

[SergK]

@thinkernel So let me summarize:
But you do have to have an idm system like openldap or openid
So one MUST have openldap or openid to create first user. Am I correct?

[thinkernel]

Yes. Here is the auth types which are supported by the Gerrit. As you can see that OpenID, HTTP, LDAP, OAUTH , all of them need somewhere else to store your user information.

[electrofelix]

@tivaliy What we've resorted to doing is adding an additional entrypoint to wrap the one container within this repo to bring up gerrit hardcoded to DEVELOPMENT_BECOME_ANY_AUTH, then create a user account and password passed in via the environment (including setting the http.password), and then kill the gerrit process and bring it back up with the externally specified settings and attached to the correct interfaces to allow external communication.

This allows us to create a dedicated admin user/password that can be easily controlled on a per environment basis as part of the bootstrap process. I think there is likely enough benefit to be able to do this that it might be worth chiming in on the google group mail where I raised this as a solution to our problem in bootstrapping: https://groups.google.com/forum/#!topic/repo-discuss/6LzcZoc77-8

[emichaf]

Any way of creating admin with http psw at initial container startup without idm system like ldap ?

[thinkernel]

You can use auth.type=HTTP then configure your reverse proxy to provide a basic authentication.

[WisperDin]

“Any way of creating admin with http psw at initial container startup without idm system like ldap ?”

I have the same problem. My auth type is DEVELOPMENT_BECOME_ANY_ACCOUNT .
I want to call the restful api such as create account automatic when the gerrit startup (in docker), But I have only one default admin user: admin, and I have no password for this user

@thinkernel @electrofelix

[thinkernel]

@WisperDin
Thanks for trying this project. However, DEVELOPMENT_BECOME_ANY_ACCOUNT is for developers only. I have to say that how to use this docker as a development environment is out of the original purpose of this project. My wonder if you could throw this question to the Gerrit developers' group.

[jgse]

@WisperDin @thinkernel @electrofelix , I am also looking for “Any way of creating admin with http psw at initial container startup without idm system like ldap ?”

Do you have new best practice?

[thinkernel]

@jgse You can use OpenID.
https://gerrit-review.googlesource.com/Documentation/config-sso.html

[jgse]

Hi @thinkernel
I wanted to have local development setup without need to access external IDM services, a.k.a a way to set a initial admin user and password before starting a local gerrit server