Gerrit Mirror and Master

[Sassy Natan]

Hi Group,

Consider the following:

I have setup a Gerrit Topology with one server as Master and the other one as Mirror (using the --slave option).

I now doing get clone from the mirror as following:

# git clone g...@gerritmirror.domain.local/foo.git

I then change mycode, add a new file to the repo and finally committing it as following:

# echo Test > ./Test

# git add Test

# git commit -m "Test" 

I now want to push the code. If I will do:

# git push origin HEAD:refs/for/master

I will get an error as I'm trying to push to the mirror repo which is a read only mode.

If I will add a new server address using:

# git remote add gerrit_master g...@gerritmaster.domain.local:/foo.git

and then push to it with:

# git push  gerrit_master  HEAD:refs/for/master

I will be able to able to push successfully.

Is there any way to create a magic command so my users will be able to push to the master, but clone from the mirror without need to provide the origin param to the git command? 

In other words is it possible that my git config will have both url (gerrit_mirror as the origin and gerrit_master) where command such as git clone will work via the Mirror address (the origin) and git push will work via the Master address automatically ?

We have a huge CI setup with more than 14000 slaves, and the Gerrit server is under high load > 3000MB/s . So we add few Mirrors to the Gerrit Deployment and put then up front  of a HAProxy LB with Round Robin. We than configured Bind9 with DNS views, so CI slaves will resolve the LB IP address without chaining the canonical name of the Gerrit Master server we already have hardcoded in 10,000 CI job. 

Now, Since SSH request can't be divided to RW / RO (compare to HTTP/S - RW(Post, Patch, Delete) or RO(GET)), Mirroring was our only valid. But then we hitting the issue if one of the CI want to push the code back to the Gerrit and then get error as this goes to the mirror servers.

I know version > 3 can support Multi Master Site and Cross site topology with the help of Gerrit global ref-db which solve the SSH limitation - but we are still running with version 2.14 :-(

Thanks Sassy 

[Matthias Sohn]

On Fri, Dec 2, 2022 at 5:32 PM Sassy Natan <sas...@gmail.com> wrote:

Hi Group,

Consider the following:

I have setup a Gerrit Topology with one server as Master and the other one as Mirror (using the --slave option).

I now doing get clone from the mirror as following:

# git clone g...@gerritmirror.domain.local/foo.git

I then change mycode, add a new file to the repo and finally committing it as following:

# echo Test > ./Test

# git add Test

# git commit -m "Test" 

I now want to push the code. If I will do:

# git push origin HEAD:refs/for/master

I will get an error as I'm trying to push to the mirror repo which is a read only mode.

If I will add a new server address using:

# git remote add gerrit_master g...@gerritmaster.domain.local:/foo.git

and then push to it with:

# git push  gerrit_master  HEAD:refs/for/master

I will be able to able to push successfully.

Is there any way to create a magic command so my users will be able to push to the master, but clone from the mirror without need to provide the origin param to the git command? 

In other words is it possible that my git config will have both url (gerrit_mirror as the origin and gerrit_master) where command such as git clone will work via the Mirror address (the origin) and git push will work via the Master address automatically ?

you can configure the git client to use different URLs for fetch and push:

remote.<name>.url        https://git-scm.com/docs/git-config#Documentation/git-config.txt-remoteltnamegturl

remote.<name>.pushurl  https://git-scm.com/docs/git-config#Documentation/git-config.txt-remoteltnamegtpushurl

The other option is to use http protocol and a proxy, e.g. haproxy. This allows transparent layer 7 load balancing.
You can configure the proxy to route git fetch/clone requests to a replica and push/rest API requests to the primary.

 

We have a huge CI setup with more than 14000 slaves, and the Gerrit server is under high load > 3000MB/s . So we add few Mirrors to the Gerrit Deployment and put then up front  of a HAProxy LB with Round Robin. We than configured Bind9 with DNS views, so CI slaves will resolve the LB IP address without chaining the canonical name of the Gerrit Master server we already have hardcoded in 10,000 CI job. 

Now, Since SSH request can't be divided to RW / RO (compare to HTTP/S - RW(Post, Patch, Delete) or RO(GET)), Mirroring was our only valid. But then we hitting the issue if one of the CI want to push the code back to the Gerrit and then get error as this goes to the mirror servers.

I know version > 3 can support Multi Master Site and Cross site topology with the help of Gerrit global ref-db which solve the SSH limitation - but we are still running with version 2.14 :-(

Thanks Sassy 

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/636a67e4-6655-489c-ae98-e262f2aca8cfn%40googlegroups.com.

[Sassy Natan]

Hi,

So it seems git has a way to configure different URL to  different operation mode.

For example:

git remote -v

origin  ssh://gerritmirror.domain.local/FOO (fetch)
origin  ssh://gerrit.domain.local:29418/FOO (push)

Here is my .gitconfig file

[user]
        email = sna...@domain.local
        name = Sassy Natan
[push]
        default = matching

[url "ssh://gerrit.domain.local"]
        pushInsteadOf = ssh://gerrit.domain.local

[url "ssh://gerritmirror. domain.local"]
        InsteadOf = ssh://gerrit.domain.local

In this way when I clone from gerrit.domain.local I do it from the gerritmirror. domain.local 

But when I push I do it to the gerrit.domain.local

Amazing!

Thanks