Last modified: 2014-11-18 00:11:01 UTC
It's been pointed out that remembering port 29418 to hit gerrit.wikimedia.org is kind of annoying at best and confusing at worst. Tim suggested we get a second IP/host to forward port 22 to gerrit.wikimedia.org:29418. Maybe git.wikimedia.org:22 -> gerrit.wikimedia.org:29418?
Somebody should fix the rt linker to operate on word boundaries so the word "port" doesn't link ;-)
This is also annoying when you're on a network that blocks unknown ports (such as 29418).
I think you could do it on gerrit.wikimedia.org, without any need for a second hostname. If you wanted to log in to the actual host rather than the gerrit installation, you would use formey.wikimedia.org. The IP referred to by gerrit.wikimedia.org would basically be a service IP with Gerrit web on port 80 and Gerrit SSH on port 22.
(In reply to comment #1) > Somebody should fix the rt linker to operate on word boundaries so the word > "port" doesn't link ;-) xxxrt 22 RT #22 RT #22 ...RT #22... How's that?
Raising priority on this--we've had a couple of complaints of this already.
[Not high priority currently; plus it seems people got kind of used to it.]
How difficult would it be to do this? My school network blocks most ports above 200 so I'm kinda blocked by this.
Andre: does this need/have an associated RT ticket?
Don't know. The Git/Gerrit folks might be able to tell you.
I didn't find an RT ticket.
I've created one, RT #8838.
Change 172313 had a related patch set uploaded by Dereckson: Gerrit also listens on port 22 https://gerrit.wikimedia.org/r/172313
As a workaround (which can still be useful if port 22 is also blocked), one can clone and push over https (the latter with the credentials provided in https://gerrit.wikimedia.org/r/#/settings/http-password )
(In reply to Merlijn van Deen from comment #13) > As a workaround (which can still be useful if port 22 is also blocked), one > can clone and push over https This is not really a viable workaround if an user uses Gerrit intensively, as it would require to store https password on clear, or write it at each operation.
Change 172803 had a related patch set uploaded by Dzahn: ssh server: make ListenAddress configurable https://gerrit.wikimedia.org/r/172803
Change 172803 merged by Dzahn: ssh server: make ListenAddress configurable https://gerrit.wikimedia.org/r/172803
Status update: to achieve this, we first needed to have a dedicated IP for Gerrit (already done during a server migration) and to allow SSHD configuration in puppet (done by Dzahn in the previous merged change). The prerequisites being all cleared, we can now take change 172313 in consideration.
unfortunately more to do before we can. next we would need this or similar to make gerrit nodes setup a SSHD to listen only on the non-Gerrit IP: https://gerrit.wikimedia.org/r/#/c/174015/ (now that we can even do that after the change before that) and then we would have to _not_ include 'base' on that node, so that we don't get the default SSHD from there that listen on everything