settingsLogin | Registersettings

[openstack-dev] Looking for help getting git-review to work over https

0 votes

I could use some help with setting up git-review in a slightly unfriendly firewall situation.

I'm trying to set up git-review on my CentOS7 VM, and our firewall blocks the non-standard ssh port. I'm following the instructions at http://docs.openstack.org/infra/manual/developers.html#accessing-gerrit-over-https , for configuring git-review to use https on port 443, but this still isn't working (times out with "Could not connect to gerrit"). I've confirmed that I can reach other external sites on port 443.

Can someone give me a hand with this?


David M. Karr | AT&T | Service Standards - Open Platform for Network Function Virtualization
(425) 580-4547 work
(206) 909-0664 cell
(425) 892-5432 cell


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
asked Jun 11, 2015 in openstack-dev by KARR,_DAVID (760 points)   1

32 Responses

0 votes

In our environment we're using SOCKS proxy to bypass firewall. Maybe it's an option for you? I just execute tsocks git-review instead of plain git-review and it seem to work.

I've just tried solution you've mentioned and it doesn't help in my case.

-----Original Message-----
From: KARR, DAVID [mailto:dk068x@att.com]
Sent: Thursday, June 11, 2015 5:00 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: [openstack-dev] Looking for help getting git-review to work over
https

I could use some help with setting up git-review in a slightly unfriendly
firewall situation.

I'm trying to set up git-review on my CentOS7 VM, and our firewall blocks the
non-standard ssh port. I'm following the instructions at
http://docs.openstack.org/infra/manual/developers.html#accessing-gerrit-
over-https , for configuring git-review to use https on port 443, but this still
isn't working (times out with "Could not connect to gerrit"). I've confirmed
that I can reach other external sites on port 443.

Can someone give me a hand with this?


David M. Karr | AT&T | Service Standards - Open Platform for Network
Function Virtualization
(425) 580-4547 work
(206) 909-0664 cell
(425) 892-5432 cell



OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-
request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jun 11, 2015 by Dulko,_Michal (4,760 points)   2 3 6
0 votes

On Thu, Jun 11, 2015, 18:09 KARR, DAVID dk068x@att.com wrote:

I could use some help with setting up git-review in a slightly unfriendly
firewall situation.

I'm trying to set up git-review on my CentOS7 VM, and our firewall blocks
the non-standard ssh port. I'm following the instructions at
http://docs.openstack.org/infra/manual/developers.html#accessing-gerrit-over-https
, for configuring git-review to use https on port 443, but this still isn't
working (times out with "Could not connect to gerrit"). I've confirmed
that I can reach other external sites on port 443.

Can someone give me a hand with this?

Hello.

responded Jun 11, 2015 by Yuriy_Taraday (4,840 points)   1 2 4
0 votes

Thanks for replying.

% git review -vs
2015-06-11 09:30:38.396076 Running: git log --color=never --oneline HEAD^1..HEAD
2015-06-11 09:30:38.399021 Running: git remote
2015-06-11 09:30:38.401033 Running: git config --get gitreview.username
No remote set, testing ssh://dk068x@review.openstack.org:29418/openstack/horizon.git
2015-06-11 09:30:38.402988 Running: git push --dry-run ssh://dk068x@review.openstack.org:29418/openstack/horizon.git --all
ssh://dk068x@review.openstack.org:29418/openstack/horizon.git did not work.
Could not connect to gerrit.
Enter your gerrit username:

This output is interesting, because I followed the instructions to set the scheme and port to https and 443, which can be seen from:
% git config --global -l
user.name=David Karr
user.email=dk068x@att.com
gitreview.scheme=https
gitreview.port=443

Concerning the question ‘Do you have "gerrit" remote already configured?’, I guess I’d have to say I don’t know. I’ve followed instructions for setting up my pub key, but I’m not sure exactly what is entailed in “gerrit remote”.

I can get to https://review.openstack.org/ from my browser and from the command line with curl.

The “ls-remote” command returns without error (or any other output).

From: Yuriy Taraday [mailto:yorik.sar@gmail.com]
Sent: Thursday, June 11, 2015 9:19 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Looking for help getting git-review to work over https

On Thu, Jun 11, 2015, 18:09 KARR, DAVID dk068x@att.com wrote:

I could use some help with setting up git-review in a slightly unfriendly firewall situation.

I'm trying to set up git-review on my CentOS7 VM, and our firewall blocks the non-standard ssh port. I'm following the instructions at http://docs.openstack.org/infra/manual/developers.html#accessing-gerrit-over-https , for configuring git-review to use https on port 443, but this still isn't working (times out with "Could not connect to gerrit"). I've confirmed that I can reach other external sites on port 443.

Can someone give me a hand with this?

Hello.

responded Jun 11, 2015 by KARR,_DAVID (760 points)   1
0 votes

On Thu, 2015-06-11 at 16:42 +0000, KARR, DAVID wrote:
Concerning the question ‘Do you have "gerrit" remote already
configured?’, I guess I’d have to say I don’t know. I’ve followed
instructions for setting up my pub key, but I’m not sure exactly what
is entailed in “gerrit remote”.

The "git review" command does its magic, in part, through configuring a
"git remote" on the repository. Go to the repository and do a "git
remote -v" and look for any lines beginning with "gerrit"; they probably
have the SSH URL instead of the https URL. You should be able to use
"git remote remove gerrit" and re-run the "git review -s" to get that
all fixed up. (Could also use "git remote set-url", FYI, but I figured
starting from scratch may be easier for you…)
--
Kevin L. Mitchell kevin.mitchell@rackspace.com
Rackspace


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jun 11, 2015 by Kevin_L._Mitchell (4,550 points)   1 2 2
0 votes

Do you know if you have SSH access to the outside world through the
firewall?

Did you setup a proxy? I setup 'corkscrew' under Ubuntu. After installing,
created a .ssh/config file with:

Host review.openstack.org
ProxyCommand corkscrew 80 %h %p

The proxy host is one that allows HTTP/HTTPS to outside world and corkscrew
tunnels the SSH through to port 80.

HTHs,

PCM

On Thu, Jun 11, 2015 at 12:44 PM KARR, DAVID dk068x@att.com wrote:

Thanks for replying.

% git review -vs

2015-06-11 09:30:38.396076 Running: git log --color=never --oneline
HEAD^1..HEAD

2015-06-11 09:30:38.399021 Running: git remote

2015-06-11 09:30:38.401033 Running: git config --get gitreview.username

No remote set, testing ssh://
dk068x@review.openstack.org:29418/openstack/horizon.git

2015-06-11 09:30:38.402988 Running: git push --dry-run ssh://
dk068x@review.openstack.org:29418/openstack/horizon.git --all

ssh://dk068x@review.openstack.org:29418/openstack/horizon.git did not
work.

Could not connect to gerrit.

Enter your gerrit username:

This output is interesting, because I followed the instructions to set the
scheme and port to https and 443, which can be seen from:

% git config --global -l

user.name=David Karr

user.email=dk068x@att.com

gitreview.scheme=https

gitreview.port=443

Concerning the question ‘Do you have "gerrit" remote already configured?’,
I guess I’d have to say I don’t know. I’ve followed instructions for
setting up my pub key, but I’m not sure exactly what is entailed in “gerrit
remote”.

I can get to https://review.openstack.org/ from my browser and from the
command line with curl.

The “ls-remote” command returns without error (or any other output).

From: Yuriy Taraday [mailto:yorik.sar@gmail.com]
Sent: Thursday, June 11, 2015 9:19 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Looking for help getting git-review to
work over https

On Thu, Jun 11, 2015, 18:09 KARR, DAVID dk068x@att.com wrote:

I could use some help with setting up git-review in a slightly unfriendly
firewall situation.

I'm trying to set up git-review on my CentOS7 VM, and our firewall blocks
the non-standard ssh port. I'm following the instructions at
http://docs.openstack.org/infra/manual/developers.html#accessing-gerrit-over-https
, for configuring git-review to use https on port 443, but this still isn't
working (times out with "Could not connect to gerrit"). I've confirmed
that I can reach other external sites on port 443.

Can someone give me a hand with this?

Hello.


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jun 11, 2015 by Paul_Michali (4,520 points)   1 5 8
0 votes

-----Original Message-----
From: Kevin L. Mitchell [mailto:kevin.mitchell@rackspace.com]
Sent: Thursday, June 11, 2015 10:46 AM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] Looking for help getting git-review to
work over https

On Thu, 2015-06-11 at 16:42 +0000, KARR, DAVID wrote:

Concerning the question ‘Do you have "gerrit" remote already
configured?’, I guess I’d have to say I don’t know. I’ve followed
instructions for setting up my pub key, but I’m not sure exactly
what
is entailed in “gerrit remote”.

The "git review" command does its magic, in part, through
configuring a
"git remote" on the repository. Go to the repository and do a "git
remote -v" and look for any lines beginning with "gerrit"; they
probably
have the SSH URL instead of the https URL. You should be able to
use
"git remote remove gerrit" and re-run the "git review -s" to get
that
all fixed up. (Could also use "git remote set-url", FYI, but I
figured
starting from scratch may be easier for you…)

Ok, the output from "git remote -v" is this:


origin https://github.com/openstack/horizon.git (fetch)
origin https://github.com/openstack/horizon.git (push)

So there's obviously nothing to remove. As usual, running "git review -sv" times out on the ssh:29418 request. Are the "gitreview.scheme" and "gitreview.port" properties completely ignored here?


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jun 11, 2015 by KARR,_DAVID (760 points)   1
0 votes

I don’t know if ssh is general is blocked. I’ve been hearing about Corkscrew. I guess I’ll try installing it on my CentOS7 VM. Does anyone know if this page is accurate: http://www.confignotes.com/2013/10/corkscrew/ ?

From: Paul Michali [mailto:pc@michali.net]
Sent: Thursday, June 11, 2015 11:09 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Looking for help getting git-review to work over https

Do you know if you have SSH access to the outside world through the firewall?

Did you setup a proxy? I setup 'corkscrew' under Ubuntu. After installing, created a .ssh/config file with:

Host review.openstack.org
ProxyCommand corkscrew 80 %h %p

The proxy host is one that allows HTTP/HTTPS to outside world and corkscrew tunnels the SSH through to port 80.

HTHs,

PCM

On Thu, Jun 11, 2015 at 12:44 PM KARR, DAVID dk068x@att.com wrote:
Thanks for replying.

% git review -vs
2015-06-11 09:30:38.396076 Running: git log --color=never --oneline HEAD^1..HEAD
2015-06-11 09:30:38.399021 Running: git remote
2015-06-11 09:30:38.401033 Running: git config --get gitreview.username
No remote set, testing ssh://dk068x@review.openstack.org:29418/openstack/horizon.git
2015-06-11 09:30:38.402988 Running: git push --dry-run ssh://dk068x@review.openstack.org:29418/openstack/horizon.git --all
ssh://dk068x@review.openstack.org:29418/openstack/horizon.git did not work.
Could not connect to gerrit.
Enter your gerrit username:

This output is interesting, because I followed the instructions to set the scheme and port to https and 443, which can be seen from:
% git config --global -l
user.name=David Karr
user.email=dk068x@att.com
gitreview.scheme=https
gitreview.port=443

Concerning the question ‘Do you have "gerrit" remote already configured?’, I guess I’d have to say I don’t know. I’ve followed instructions for setting up my pub key, but I’m not sure exactly what is entailed in “gerrit remote”.

I can get to https://review.openstack.org/ from my browser and from the command line with curl.

The “ls-remote” command returns without error (or any other output).

From: Yuriy Taraday [mailto:yorik.sar@gmail.com]
Sent: Thursday, June 11, 2015 9:19 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Looking for help getting git-review to work over https

On Thu, Jun 11, 2015, 18:09 KARR, DAVID dk068x@att.com wrote:

I could use some help with setting up git-review in a slightly unfriendly firewall situation.

I'm trying to set up git-review on my CentOS7 VM, and our firewall blocks the non-standard ssh port. I'm following the instructions at http://docs.openstack.org/infra/manual/developers.html#accessing-gerrit-over-https , for configuring git-review to use https on port 443, but this still isn't working (times out with "Could not connect to gerrit"). I've confirmed that I can reach other external sites on port 443.

Can someone give me a hand with this?

Hello.

responded Jun 11, 2015 by KARR,_DAVID (760 points)   1
0 votes

On 2015-06-11 19:53:25 +0000 (+0000), KARR, DAVID wrote:
Ok, the output from "git remote -v" is this:


origin https://github.com/openstack/horizon.git (fetch)
origin https://github.com/openstack/horizon.git (push)

So there's obviously nothing to remove. As usual, running "git
review -sv" times out on the ssh:29418 request. Are the
"gitreview.scheme" and "gitreview.port" properties completely
ignored here?

I don't recall seeing what git-review version you're running, but
keep in mind that HTTPS Gerrit support only really showed up in
git-review 1.24 (the latest release on pypi.python.org) so if you're
running an older version that that it's probably not going to do
what you want here regardless. There are also I think some further
improvements for it in the master Git branch since the last release
(we're long overdue to tag another one) so you might consider giving
that a try too.
--
Jeremy Stanley


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jun 11, 2015 by Jeremy_Stanley (56,700 points)   3 5 7
0 votes

-----Original Message-----
From: Jeremy Stanley [mailto:fungi@yuggoth.org]
Sent: Thursday, June 11, 2015 1:11 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Looking for help getting git-review to
work over https

On 2015-06-11 19:53:25 +0000 (+0000), KARR, DAVID wrote:

Ok, the output from "git remote -v" is this:

origin https://github.com/openstack/horizon.git (fetch)
origin https://github.com/openstack/horizon.git (push)


So there's obviously nothing to remove. As usual, running "git
review -sv" times out on the ssh:29418 request. Are the
"gitreview.scheme" and "gitreview.port" properties completely
ignored here?

I don't recall seeing what git-review version you're running, but
keep in mind that HTTPS Gerrit support only really showed up in
git-review 1.24 (the latest release on pypi.python.org) so if
you're
running an older version that that it's probably not going to do
what you want here regardless. There are also I think some further
improvements for it in the master Git branch since the last release
(we're long overdue to tag another one) so you might consider
giving
that a try too.

I have version 1.24.


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Jun 11, 2015 by KARR,_DAVID (760 points)   1
0 votes

I followed the instructions for installing and configuring corkscrew, similar to what you provided here. The result seems to indicate it did something, but the overall result is the same:
2015-06-11 13:07:25.866568 Running: git log --color=never --oneline HEAD^1..HEAD
2015-06-11 13:07:25.869309 Running: git remote
2015-06-11 13:07:25.872742 Running: git config --get gitreview.username
No remote set, testing ssh://dk068x@review.openstack.org:29418/openstack/horizon.git
2015-06-11 13:07:25.874869 Running: git push --dry-run ssh://dk068x@review.openstack.org:29418/openstack/horizon.git --all
The authenticity of host '[review.openstack.org]:29418 ()' can't be established.
RSA key fingerprint is 28:c6:42:b7:44:d2:48:64:c1:3f:31:d8:1b:6e:3b:63.
Are you sure you want to continue connecting (yes/no)? yes
ssh://dk068x@review.openstack.org:29418/openstack/horizon.git did not work.
Could not connect to gerrit.
Enter your gerrit username:

From: Paul Michali [mailto:pc@michali.net]
Sent: Thursday, June 11, 2015 11:09 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Looking for help getting git-review to work over https

Do you know if you have SSH access to the outside world through the firewall?

Did you setup a proxy? I setup 'corkscrew' under Ubuntu. After installing, created a .ssh/config file with:

Host review.openstack.org
ProxyCommand corkscrew 80 %h %p

The proxy host is one that allows HTTP/HTTPS to outside world and corkscrew tunnels the SSH through to port 80.

HTHs,

PCM

On Thu, Jun 11, 2015 at 12:44 PM KARR, DAVID dk068x@att.com wrote:
Thanks for replying.

% git review -vs
2015-06-11 09:30:38.396076 Running: git log --color=never --oneline HEAD^1..HEAD
2015-06-11 09:30:38.399021 Running: git remote
2015-06-11 09:30:38.401033 Running: git config --get gitreview.username
No remote set, testing ssh://dk068x@review.openstack.org:29418/openstack/horizon.git
2015-06-11 09:30:38.402988 Running: git push --dry-run ssh://dk068x@review.openstack.org:29418/openstack/horizon.git --all
ssh://dk068x@review.openstack.org:29418/openstack/horizon.git did not work.
Could not connect to gerrit.
Enter your gerrit username:

This output is interesting, because I followed the instructions to set the scheme and port to https and 443, which can be seen from:
% git config --global -l
user.name=David Karr
user.email=dk068x@att.com
gitreview.scheme=https
gitreview.port=443

Concerning the question ‘Do you have "gerrit" remote already configured?’, I guess I’d have to say I don’t know. I’ve followed instructions for setting up my pub key, but I’m not sure exactly what is entailed in “gerrit remote”.

I can get to https://review.openstack.org/ from my browser and from the command line with curl.

The “ls-remote” command returns without error (or any other output).

From: Yuriy Taraday [mailto:yorik.sar@gmail.com]
Sent: Thursday, June 11, 2015 9:19 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] Looking for help getting git-review to work over https

On Thu, Jun 11, 2015, 18:09 KARR, DAVID dk068x@att.com wrote:

I could use some help with setting up git-review in a slightly unfriendly firewall situation.

I'm trying to set up git-review on my CentOS7 VM, and our firewall blocks the non-standard ssh port. I'm following the instructions at http://docs.openstack.org/infra/manual/developers.html#accessing-gerrit-over-https , for configuring git-review to use https on port 443, but this still isn't working (times out with "Could not connect to gerrit"). I've confirmed that I can reach other external sites on port 443.

Can someone give me a hand with this?

Hello.

responded Jun 11, 2015 by KARR,_DAVID (760 points)   1
...