Last modified: 2014-11-18 00:11:01 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T37611, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 35611 - Remove port 29418 from cloning process
Remove port 29418 from cloning process
Status: PATCH_TO_REVIEW
Product: Wikimedia
Classification: Unclassified
Git/Gerrit (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: ops
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-30 14:15 UTC by Chad H.
Modified: 2014-11-18 00:11 UTC (History)
14 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Chad H. 2012-03-30 14:15:53 UTC 
It's been pointed out that remembering port 29418 to hit gerrit.wikimedia.org is kind of annoying at best and confusing at worst.

Tim suggested we get a second IP/host to forward port 22 to gerrit.wikimedia.org:29418.

Maybe git.wikimedia.org:22 -> gerrit.wikimedia.org:29418?
Comment 1 Chad H. 2012-03-30 14:16:44 UTC 
Somebody should fix the rt linker to operate on word boundaries so the word "port" doesn't link ;-)
Comment 2 Chad H. 2012-04-03 15:22:45 UTC 
This is also annoying when you're on a network that blocks unknown ports (such as 29418).
Comment 3 Tim Starling 2012-04-03 23:36:27 UTC 
I think you could do it on gerrit.wikimedia.org, without any need for a second hostname. If you wanted to log in to the actual host rather than the gerrit installation, you would use formey.wikimedia.org. The IP referred to by gerrit.wikimedia.org would basically be a service IP with Gerrit web on port 80 and Gerrit SSH on port 22.
Comment 4 Tim Starling 2012-04-03 23:41:31 UTC 
(In reply to comment #1)
> Somebody should fix the rt linker to operate on word boundaries so the word
> "port" doesn't link ;-)

xxxrt 22 RT #22 RT #22 ...RT #22... 

How's that?
Comment 5 Chad H. 2012-04-09 14:40:03 UTC 
Raising priority on this--we've had a couple of complaints of this already.
Comment 6 Andre Klapper 2013-07-22 13:51:59 UTC 
[Not high priority currently; plus it seems people got kind of used to it.]
Comment 7 Kunal Mehta (Legoktm) 2013-10-24 16:24:12 UTC 
How difficult would it be to do this? My school network blocks most ports above 200 so I'm kinda blocked by this.
Comment 8 MZMcBride 2014-02-18 00:33:02 UTC 
Andre: does this need/have an associated RT ticket?
Comment 9 Andre Klapper 2014-02-18 10:45:48 UTC 
Don't know. The Git/Gerrit folks might be able to tell you.
Comment 10 jeremyb 2014-09-02 10:08:58 UTC 
I didn't find an RT ticket.
Comment 11 Dereckson 2014-11-10 19:20:38 UTC 
I've created one, RT #8838.
Comment 12 Gerrit Notification Bot 2014-11-10 19:22:28 UTC 
Change 172313 had a related patch set uploaded by Dereckson:
Gerrit also listens on port 22

https://gerrit.wikimedia.org/r/172313
Comment 13 Merlijn van Deen (test) 2014-11-10 19:24:00 UTC 
As a workaround (which can still be useful if port 22 is also blocked), one can clone and push over https (the latter with the credentials provided in https://gerrit.wikimedia.org/r/#/settings/http-password )
Comment 14 Dereckson 2014-11-10 19:27:41 UTC 
(In reply to Merlijn van Deen from comment #13)
> As a workaround (which can still be useful if port 22 is also blocked), one
> can clone and push over https
This is not really a viable workaround if an user uses Gerrit intensively, as it would require to store https password on clear, or write it at each operation.
Comment 15 Gerrit Notification Bot 2014-11-12 20:07:26 UTC 
Change 172803 had a related patch set uploaded by Dzahn:
ssh server: make ListenAddress configurable

https://gerrit.wikimedia.org/r/172803
Comment 16 Gerrit Notification Bot 2014-11-14 22:13:39 UTC 
Change 172803 merged by Dzahn:
ssh server: make ListenAddress configurable

https://gerrit.wikimedia.org/r/172803
Comment 17 Dereckson 2014-11-15 01:57:20 UTC 
Status update: to achieve this, we first needed to have a dedicated IP for Gerrit (already done during a server migration) and to allow SSHD configuration in puppet (done by Dzahn in the previous merged change).

The prerequisites being all cleared, we can now take change 172313 in consideration.
Comment 18 Daniel Zahn 2014-11-18 00:11:01 UTC 
unfortunately more to do before we can. next we would need this or similar to make gerrit nodes setup a SSHD to listen only on the non-Gerrit IP:

https://gerrit.wikimedia.org/r/#/c/174015/

(now that we can even do that after the change before that)

and then we would have to _not_ include 'base' on that node, so that we don't get the default SSHD from there that listen on everything
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links