Well, that was a hard piece of work, but Gerrit 2.11 is up and running (yes, they actually reached the next minor version in the meantime).
More specific: * Instead of OpenID, our setup now relies on OpenAuth. Currently, only the Google provider is installed. The next time you log in, your existing OpenID account should be mapped to the OpenAuth account. (If something goes wrong and you get a new account instead, don't worry: It's possible -- though somewhat cumbersome -- to merge them.) * GitHub can be installed as a second OpenAuth provider. Those in favor say 'yay GitHub!' * OpenID registration can be re-enabled in addition to OpenAuth (for other providers like Yahoo). Those in favor say 'yay OpenID!' A few amendments: * I installed the Gravatar plugin (3 Kbyte!), so every Gerrit user is presented with his/her picture. * I configured a regex [1] that looks for " #[0-9]+" and creates a link to our sourceforge bugtracker. This works in all comments as well as the commit messages (eg. http://saros-build.imp.fu-berlin.de/gerrit/2195) The current setup: * Gerrit is not running inside the Tomcat application server anymore, but on its own on "localhost:8010". * The former Apache rule that passed calls on "/gerrit" to "ajp://localhost:8009/gerrit" (Tomcat) now passes them to "http://localhost:8010/gerrit";. Why it took so long: * Upgrading Gerrit to 2.11 and have it running, was easy and (relatively) fast. * However, signing in did not work. * First, because the Apache directive AllowEncodedSlashes was not set to "On" and it took me several hours to figure out that this directive is ineffective when VirtualHosts are involved. As it turned out, we do have exactly one VirtualHost. I put the directive inside that one VirtualHost section: it works. * Second, even with the URLs being correctly understood, the Google login page did appear correctly, but upon returning to Gerrit, no login actually happened. Since it was possible to use Google's OAuth when accessing Gerrit directly on the (non-public) way http://saros-build.imp.fu-berlin.de:8010, I figured there had to be a proxy problem. That was really strange because I went the official Gerrit way [2] -- except for a tiny detail. I saw no reason to let Gerrit run as "http://localhost:8010/gerrit"; (or "http://localhost:8010/r"; as in the documentation) and thought that "http://localhost:8010"; would suffice (just as "http://saros-build.imp.fu-berlin.de:8010"; did). But obviously, in our OAuth-behind-proxy-setting, that URL part does play a role. Only after adding it the login (and logout) worked. Cheers, Franz [1] http://saros-build.imp.fu-berlin.de/gerrit/Documentation/config-gerrit.html#commentlink [2] http://saros-build.imp.fu-berlin.de/gerrit/Documentation/config-reverseproxy.html -----Original Message----- From: Zieris, Franz [mailto:franz.zie...@fu-berlin.de] Sent: Tuesday, April 21, 2015 11:10 AM To: dpp-devel@lists.sourceforge.net Subject: Re: [DPP-Devel] Gerrit authentication, OpenID As of now, logging into Gerrit with OpenID via Google still seems to work. But since I really don't want to rely on that, I'll try to upgrade to Gerrit 2.10.2 again. (Since it was possible to run Gerrit as a stand-alone service on localhost:8009, another rule in the Apache config should do the trick, and we don't need the Tomcat for that.) So expect some downtime of both Gerrit and Jenkins, starting now. I'll keep you posted. Franz -----Original Message----- From: Zieris, Franz [mailto:franz.zie...@fu-berlin.de] Sent: Wednesday, April 15, 2015 10:39 PM To: dpp-devel@lists.sourceforge.net Subject: Re: [DPP-Devel] Gerrit authentication, OpenID Well, I was not able to install Gerrit 2.10.2 on saros-build, so I had no chance to try the plugin. Tomcat was not able to properly start the new gerrit.war (see below). I was able to run Gerrit as a stand-alone service (verified by "lynx http://localhost:8009";), but not inside Tomcat. So I went back to Gerrit 2.8.6.1 and replayed the database dump. In case anyone else wants to try: As soon as Gerrit 2.10.2 is running, you can continue with this [2] guide. But instead of compiling the plugin yourself, try this one first "/home/administrator/gerrit-oauth-provider.jar" (that's the one I built myself). *Sigh*, enough for today. Franz [2] http://www.sgvulcan.com/2015/04/09/migrating-gerrit-to-google-oauth-from-google-openid/ [...] ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ DPP-Devel mailing list DPP-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dpp-devel ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ DPP-Devel mailing list DPP-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dpp-devel
