All projects and users info is gone after upgrade from 2.13.5 to 2.13.6

58 views
Skip to first unread message

Nicholas Woodward

unread,
Jun 28, 2017, 1:57:39 AM6/28/17
to Repo and Gerrit Discussion
Hello all,
I upgraded our instance of Gerrit like I always do by stopping it and running
java -jar gerrit.war init -d site_path

and
java -jar gerrit.war reindex -d site_path

and restarting Gerrit. The index process seemed to work fine:
Reindexing accounts:    100% (14/14)
Reindexed 14 documents in accounts index in 3.8s (3.6/s)
Collecting projects:    42
Reindexing changes: projects: 100% (42/42), 100% (6/6), done    
Reindexed 6 documents in changes index in 3.9s (1.6/s)

After the restart the config in site_path/etc/gerrit.config was the same as the previous version. And the site_path/git folder still contains all of our projects, including All-Projects and All-Users. But when I successfully logged in with OAuth via Google all of the projects except for All-Users and one other are gone. And when I go to my user's settings the username, public key, HTTP password, etc. are all gone. And all of the other users appear to be gone.

I'm really confused as to why everything is gone in the GUI, even though it appears to be on the filesystem and in the index. After backing them up, I removed site_path/cache and site_path/tmp and restarted Gerrit again, but this didn't change anything. We use the default H2 database. Does anyone have any suggestions?


Thanks,
Nick
 

Sven Selberg

unread,
Jun 28, 2017, 6:13:38 AM6/28/17
to Repo and Gerrit Discussion
Without having a clear idea of how the rights are set up on your gerrit instance, it could be that you are not recognized as yourself and you are logged in as another user that cannot see all projects.
If you have db access you can check the accounts and accounts_external_ids tables and see if you find anything suspicious.

/Sven

Nicholas Woodward

unread,
Jun 29, 2017, 11:19:56 AM6/29/17
to Repo and Gerrit Discussion
Thanks for your response. You were correct. We use OAuth with Google as a provider for authentication, and after the upgrade new user information got created upon the first login. I removed that user's info from the accounts_external_ids table so that the original account would be the one that gets logged in. 

The problem is that the latest version of the OAuth plugin added a prefix to the ID, so after I set fix-legacy-user_id to true I get the following in error_logs:

[2017-06-28 09:56:28,926] [HTTP-69] INFO  com.google.gerrit.httpd.auth.oauth.OAuthSession : OAuth2: linking claimed identity to [USER_ID]
[2017-06-28 09:56:28,932] [HTTP-69] ERROR com.google.gerrit.httpd.auth.oauth.OAuthSession : Cannot link: google-oauth:[GOOGLE_ID] to user identity:
 
Claimed ID: [USER_ID] is [GOOGLE_ID]

I cleared my browser cache, but got the same results. I can't tell why the claimed ID doesn't contain the "google-oauth:" prefix. I don't know if the reindex after init didn't actually update something or if when I try to log in my browser is still sending the id without the prefix.


Nick

Matthew Webber

unread,
Jun 29, 2017, 12:08:31 PM6/29/17
to Repo and Gerrit Discussion
I'm not sure whether the following is relevant to your case or not (I just took a very quick glance at it), but anyhow:

The was a problem at one point with the OAuth plugin, when it didn't add the prefix - see https://github.com/davido/gerrit-oauth-provider/issues/82
See also https://github.com/davido/gerrit-oauth-provider/releases where it says "To migrate the legacy user id, fix-legacy-user-id property must be set to true for all providers"

Matthew


Nicholas Woodward

unread,
Jun 30, 2017, 10:34:21 AM6/30/17
to Repo and Gerrit Discussion
Yeah, I set that parameter to true during the upgrade, and now the login process doesn't work. In the logs I posted above it looks like only one side of the equation has the prefix appended to the front of the ID. I've already confirmed that it's there in the accounts_external_ids table, so I'm not sure where the plain id (without the prefix) still exists.

Nick
Reply all
Reply to author
Forward
0 new messages