Hi everyone, I wanted to share some information with you one why you can't login to Gerrit right now.
The new build server is behind a firewall which prevents outgoing connections so that -- in case of a security breach -- malicious content (such as exploit toolkits from GitHub) cannot be loaded onto the machine too easily. There are a few exceptions in that firewall as some outgoing connections are necessary for the services the build server should provide. There are two problems with the OAuth authentication we use for Gerrit: - GitHub's OAuth endpoint is not on a separate host, but shares the same IP with the content servers. Therefore, our IT won't add an exception to the firewall for GitHub. Ergo: OAuth via GitHub will no longer work for our Gerrit setup. - Google's OAuth endpoint is a separate host (accounts.google.com), so this work fine. But: There are several different IP addresses associated with this host name, and we don't have a full list of them. We just see that "host accounts.google.com" provides a different IP after a few minutes. The firewall configuration only works with IP addresses, not with host names. We've entered some IP addresses associated with that host, but obviously not all of them. This means that you might get lucky and your click on "Sign In" happens at a time when Gerrit resolves "accounts.google.com" to an IP address that is already in the exception list. This is really frustrating, I know. What you *can* do, however, is talk to Gerrit via SSH. You can upload changes and perform simple Reviews (as long as you don't want to write inline comments -- that's complicated!). Here's an example: $> ssh -o 29418 <username>@saros-build.imp.fu-berlin.de gerrit review --message "'This patch looks nice!'" --code-review +1 3045,5 This will add the comment "This patch looks nice!" to Patch Set 5 of Change 3045, and it will also add a "+1" for Code Review. $> ssh -o 29418 <username>@saros-build.imp.fu-berlin.de gerrit review --abandon 3045 This will abandon change 3045 (if you have the permission to do this). You can read more on Gerrit's SSH interface here: http://saros-build.imp.fu-berlin.de/gerrit/Documentation/cmd-index.html The "review" command is described here: http://saros-build.imp.fu-berlin.de/gerrit/Documentation/cmd-review.html Our IT will add more exceptions to the firewall, thus increasing your chances that your "Sign In" will work. (In fact, it just worked for me, yay!) Stay tuned, Franz ------------------------------------------------------------------------------ _______________________________________________ DPP-Devel mailing list DPP-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dpp-devel
