oAuth implementation on k8s gerrit
298 views
Skip to first unread message
Aankhi Talukdar
May 20, 2024, 10:54:44 AMMay 20
to Repo and Gerrit Discussion
Hi Team,
We have a requirement to implement github oAuth for authentication in k8s Gerrit.
Is it possible to implement github oAuth in k8s Gerrit? If so, can you please let me know the procedure for the same?
Is it possible to implement github oAuth in k8s Gerrit? If so, can you please let me know the procedure for the same?
Thanks
Aankhi
Aankhi Talukdar
May 21, 2024, 2:39:58 AMMay 21
to Repo and Gerrit Discussion
Any Update on this please?
Dzintars Klavins
May 21, 2024, 3:17:38 AMMay 21
to Repo and Gerrit Discussion
Hi,
I had never implemented GitHub OAuth directly, but you might want to look into Gerrit OAuth plugin.
https://gerrit.googlesource.com/plugins/oauth/
You need to get artifact or to build it and to place it into /var/gerrit/plugins directory.
Then you need to configure/enable it. In case of Keycloak it looks like this:
```
[plugin "gerrit-oauth-provider-keycloak-oauth"]
root-url = https://sso.example.com
realm = external
client-id = gerrit
client-secret = your-secret
```
Might be similar to the GitHub.
In general you want to follow the documentation. I found it pretty complete to get it up and running.
You can also use GitHub Search to find the relevant config examples.
https://gerrit.googlesource.com/plugins/oauth/
You need to get artifact or to build it and to place it into /var/gerrit/plugins directory.
Then you need to configure/enable it. In case of Keycloak it looks like this:
```
[plugin "gerrit-oauth-provider-keycloak-oauth"]
root-url = https://sso.example.com
realm = external
client-id = gerrit
client-secret = your-secret
```
Might be similar to the GitHub.
In general you want to follow the documentation. I found it pretty complete to get it up and running.
You can also use GitHub Search to find the relevant config examples.
Aankhi Talukdar
May 21, 2024, 5:45:26 AMMay 21
to Repo and Gerrit Discussion
On Tuesday, May 21, 2024 at 12:47:38 PM UTC+5:30 Dzintars Klavins wrote:
Hi,I had never implemented GitHub OAuth directly, but you might want to look into Gerrit OAuth plugin.
https://gerrit.googlesource.com/plugins/oauth/
You need to get artifact or to build it and to place it into /var/gerrit/plugins directory.
Then you need to configure/enable it. In case of Keycloak it looks like this:
```
[plugin "gerrit-oauth-provider-keycloak-oauth"]
root-url = https://sso.example.com
realm = external
client-id = gerrit
client-secret = your-secret
```
Might be similar to the GitHub.
In general you want to follow the documentation. I found it pretty complete to get it up and running.
You can also use GitHub Search to find the relevant config examples.
Hi,
We are following the same plugin doc for oauth implementation. But as we are implementing on k8s Gerrit, we cannot copy the plugin to the pod itself as this is not recommendable. If the pod crashes, the plugin might not be present in the pod, and we have to reconfigure it again. Moreover, the config file inside the /var/gerrit/plugins directory is a read-only file. We cannot update the file from our end. So, we need to invoke the plugin details in the gerrit-cluster.yaml file so that when the Gerrit cluster gets implemented, it is implemented with the plugin configuration itself and the same gets updated in the /var/gerrit/plugins directory of the pod.
Thomas/ Matthias, can you please help us on this?
Thanks
AankhiThomas/ Matthias, can you please help us on this?
Thanks
Dzintars Klavins
May 21, 2024, 5:51:53 AMMay 21
to Repo and Gerrit Discussion
Is it possible for you to "bake" an "golden image" with all required plugins already there? You can also use K8s volumes to mount the plugins directory.
Thomas Dräbing
May 22, 2024, 8:18:40 AMMay 22
to Dzintars Klavins, Repo and Gerrit Discussion
On Tue, May 21, 2024, 11:52 Dzintars Klavins <dzintars...@gmail.com> wrote:
Is it possible for you to "bake" an "golden image" with all required plugins already there? You can also use K8s volumes to mount the plugins directory.On Tuesday, May 21, 2024 at 12:45:26 PM UTC+3 Aankhi Talukdar wrote:On Tuesday, May 21, 2024 at 12:47:38 PM UTC+5:30 Dzintars Klavins wrote:Hi,I had never implemented GitHub OAuth directly, but you might want to look into Gerrit OAuth plugin.
https://gerrit.googlesource.com/plugins/oauth/
You need to get artifact or to build it and to place it into /var/gerrit/plugins directory.
Then you need to configure/enable it. In case of Keycloak it looks like this:
```
[plugin "gerrit-oauth-provider-keycloak-oauth"]
root-url = https://sso.example.com
realm = external
client-id = gerrit
client-secret = your-secret
```
Might be similar to the GitHub.
In general you want to follow the documentation. I found it pretty complete to get it up and running.
You can also use GitHub Search to find the relevant config examples.Hi,We are following the same plugin doc for oauth implementation. But as we are implementing on k8s Gerrit, we cannot copy the plugin to the pod itself as this is not recommendable. If the pod crashes, the plugin might not be present in the pod, and we have to reconfigure it again. Moreover, the config file inside the /var/gerrit/plugins directory is a read-only file. We cannot update the file from our end. So, we need to invoke the plugin details in the gerrit-cluster.yaml file so that when the Gerrit cluster gets implemented, it is implemented with the plugin configuration itself and the same gets updated in the /var/gerrit/plugins directory of the pod.
You can install the plugin in the Gerrit cluster resource under spec.gerrits[].spec.plugins. since the oath plugin is not a core plugin, you will have to provide an URL and sha sum. In that case k8sgerrit will download it on startup. If the plugin has a config file, it should be put into the site's etc directory. That can be done by adding the file as another map entry to spec.gerrits[].spec.configFiles.
Does that help? I am not using the oath plugin, so can't help with the specifics.
Aankhi
Thomas/ Matthias, can you please help us on this?
Thanks
On Tuesday, May 21, 2024 at 9:39:58 AM UTC+3 Aankhi Talukdar wrote:On Monday, May 20, 2024 at 8:24:44 PM UTC+5:30 Aankhi Talukdar wrote:Hi Team,We have a requirement to implement github oAuth for authentication in k8s Gerrit.
Is it possible to implement github oAuth in k8s Gerrit? If so, can you please let me know the procedure for the same?ThanksAankhi
Any Update on this please?
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/df5d6375-0300-4d4c-bd21-01aa5bb5f81fn%40googlegroups.com.
swapna vegi
May 30, 2024, 2:52:29 AMMay 30
to Repo and Gerrit Discussion
Hi Thomas,
We generated the oauth.jar file using the Bazel build on my local machine. How can we fetch the jar file present locally into spec.gerrits[].spec.plugins without using URL and sha sum. I built the Gerrit-base image by adding the oauth.jar into /var/gerrit/plugins/oauth.jar.
# Add the OAuth plugin
COPY plugins/oauth.jar /var/plugins/oauth.jar
RUN ln -s /var/plugins/oauth.jar /var/gerrit/plugins/oauth.jar
Can you please help us with this?
Regards,
Swapna
We generated the oauth.jar file using the Bazel build on my local machine. How can we fetch the jar file present locally into spec.gerrits[].spec.plugins without using URL and sha sum. I built the Gerrit-base image by adding the oauth.jar into /var/gerrit/plugins/oauth.jar.
# Add the OAuth plugin
COPY plugins/oauth.jar /var/plugins/oauth.jar
RUN ln -s /var/plugins/oauth.jar /var/gerrit/plugins/oauth.jar
Regards,
Swapna
Matthias Sohn
May 30, 2024, 8:44:51 AMMay 30
to swapna vegi, Repo and Gerrit Discussion
On Thu, May 30, 2024 at 8:52 AM swapna vegi <swapna...@gmail.com> wrote:
Hi Thomas,
We generated the oauth.jar file using the Bazel build on my local machine. How can we fetch the jar file present locally into spec.gerrits[].spec.plugins without using URL and sha sum. I built the Gerrit-base image by adding the oauth.jar into /var/gerrit/plugins/oauth.jar.Can you please help us with this?
# Add the OAuth plugin
COPY plugins/oauth.jar /var/plugins/oauth.jar
RUN ln -s /var/plugins/oauth.jar /var/gerrit/plugins/oauth.jar
You need to host it somewhere where it can be downloaded from the k8s cluster. E.g. some artifact registry or a simple webserver.
Or you can add it to a custom build of the Gerrit war file [1] and build your own container images [2] and deploy them to a container registry.
-Matthias
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/a375fa10-744c-4315-a522-1025ab9e032en%40googlegroups.com.
swapna vegi
Jun 5, 2024, 7:27:20 AMJun 5
to Repo and Gerrit Discussion
Hi,
We face multiple issues while building the Oauth plugin using Bazel for both x86 and arm. Logs attached:
Also tried to build using the Gerrit tree, but the issue remains the same. Is it possible for you to build the OAuth plugin on arm or x86?
Could you please let us know which authentication plugin are you using so that we can follow or refer to it?
Regards,
Swapna
We face multiple issues while building the Oauth plugin using Bazel for both x86 and arm. Logs attached:
Also tried to build using the Gerrit tree, but the issue remains the same. Is it possible for you to build the OAuth plugin on arm or x86?
Could you please let us know which authentication plugin are you using so that we can follow or refer to it?
Regards,
Swapna
swapna vegi
Jun 5, 2024, 11:13:57 AMJun 5
to Repo and Gerrit Discussion
Hi Team,
Also, I've found this build for the Oauth jar in the plugin's job.
Also, I've found this build for the Oauth jar in the plugin's job.
https://gerrit-ci.gerritforge.com/view/Plugins-stable-3.8/job/plugin-oauth-bazel-master-stable-3.8/lastSuccessfulBuild/artifact/bazel-bin/plugins/oauth/oauth.jar
Is this Oauth plugin compatible with arm architecture and can we use it in our Gerrit Dockerfile?
Regards,
Swapna
Matthias Sohn
Jun 5, 2024, 11:20:23 AMJun 5
to swapna vegi, Repo and Gerrit Discussion
On Wed, Jun 5, 2024 at 5:14 PM swapna vegi <swapna...@gmail.com> wrote:
Hi Team,
Also, I've found this build for the Oauth jar in the plugin's job.
https://gerrit-ci.gerritforge.com/view/Plugins-stable-3.8/job/plugin-oauth-bazel-master-stable-3.8/lastSuccessfulBuild/artifact/bazel-bin/plugins/oauth/oauth.jar
Is this Oauth plugin compatible with arm architecture and can we use it in our Gerrit Dockerfile?
AFAIK the OAuth plugin is implemented in Java. This means as such it doesn't depend on the machine architecture.
Though you need to run it on a JVM built for your machine's architecture.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/4e2bb303-b0d2-4508-83ed-d824d14b0eb8n%40googlegroups.com.
David Ostrovsky
Jun 5, 2024, 11:16:21 PMJun 5
to Repo and Gerrit Discussion
swapna vegi schrieb am Mittwoch, 5. Juni 2024 um 13:27:20 UTC+2:
Hi,
We face multiple issues while building the Oauth plugin using Bazel for both x86 and arm. Logs attached:
Could you please help us with this error message?
Standalone build mode was indeed broken in oauth plugin.
This is fixed now with this CL: [1]. Can you pull the latest version
and try again to build in standalone build mode?
Also tried to build using the Gerrit tree, but the issue remains the same. Is it possible for you to build the OAuth plugin on arm or x86?
Have you followed the documentation how to build in gerrit tree mode: [2]?
Particularly the section:
"
Put the external dependency Bazel build file into the Gerrit /plugins directory, replacing the existing empty one.
cd gerrit/plugins
[...]
"
After copying the external_plugin_deps.bzl file from oauth plugin to Gerrit's plugins directory
I can build in tree mode without any issue.
swapna vegi
Jun 10, 2024, 7:33:59 AMJun 10
to Repo and Gerrit Discussion
Hi,
Thanks David. I could build the oauth.jar file in standalone mode using the latest fix. However, I still face errors while building it in a gerrit tree mode.
Errors as attached in the log file.
steps followed to build in gerrit mode.
--> git clone https://gerrit.googlesource.com/gerrit
Thanks David. I could build the oauth.jar file in standalone mode using the latest fix. However, I still face errors while building it in a gerrit tree mode.
Errors as attached in the log file.
steps followed to build in gerrit mode.
--> git clone https://gerrit.googlesource.com/gerrit
--> git clone https://gerrit.googlesource.com/plugins/oauth
--> cd gerrit/plugins
--> ln -s ../../oauth .
--> rm external_plugin_deps.bzl
--> ln -s oauth/external_plugin_deps.bzl .
--> ln -s oauth/external_plugin_deps.bzl .
--> bazel build plugins/oauth
I built the image with the Gerrit-base dockerfile by adding the newly generated oauth.jar file and have done the basic configuration in my Gerrit yaml file.
however, my Gerrit container is not up and running. It is going to crashloopbackoff error. The logs indicate the error is:
Invalid plugin file /var/gerrit/plugins/oauth.jar: cannot get plugin name
[2024-06-10T10:40:53.961Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loading plugins from /var/gerrit/plugins
Jun 10, 2024 10:40:54 AM com.google.inject.servlet.GuiceFilter setPipeline
WARNING: Multiple Servlet injectors detected. This is a warning indicating that you have more than one GuiceFilter running in your web application. If this is deliberate, you may safely ignore this message. If this is NOT deliberate however, your application may not work as expected.
[2024-06-10T10:40:54.090Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin healthcheck (w/ ApiModule), version v3.5.6-20-g2432849168 ..............
My gerrit replica pod is also not fully functioning as the gerrit container is not up. Error for the gerrit container in the gerrit replica pod:
Caused by: javax.servlet.ServletException: OAuth service provider wasn't installed
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.pickSSOServiceProvider(OAuthWebFilter.java:180)
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.init(OAuthWebFilter.java:74)
at com.google.inject.servlet.FilterDefinition.init(FilterDefinition.java:110)
at com.google.inject.servlet.ManagedFilterPipeline.initPipeline(ManagedFilterPipeline.java:98)
at com.google.inject.servlet.GuiceFilter.init(GuiceFilter.java:232)
at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:140)
at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:750)
at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:774) ............
Could someone please help me configure the plugin in the gerrit?
FYI,
attaching dockerfile and gerrit resource yaml file as well as the complete log files for both gerrit and gerrit-replica pod.
Sorry for the noise and thank you for your help.
Regards,
Swapna
I built the image with the Gerrit-base dockerfile by adding the newly generated oauth.jar file and have done the basic configuration in my Gerrit yaml file.
however, my Gerrit container is not up and running. It is going to crashloopbackoff error. The logs indicate the error is:
Invalid plugin file /var/gerrit/plugins/oauth.jar: cannot get plugin name
[2024-06-10T10:40:53.961Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loading plugins from /var/gerrit/plugins
Jun 10, 2024 10:40:54 AM com.google.inject.servlet.GuiceFilter setPipeline
WARNING: Multiple Servlet injectors detected. This is a warning indicating that you have more than one GuiceFilter running in your web application. If this is deliberate, you may safely ignore this message. If this is NOT deliberate however, your application may not work as expected.
[2024-06-10T10:40:54.090Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin healthcheck (w/ ApiModule), version v3.5.6-20-g2432849168 ..............
My gerrit replica pod is also not fully functioning as the gerrit container is not up. Error for the gerrit container in the gerrit replica pod:
Caused by: javax.servlet.ServletException: OAuth service provider wasn't installed
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.pickSSOServiceProvider(OAuthWebFilter.java:180)
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.init(OAuthWebFilter.java:74)
at com.google.inject.servlet.FilterDefinition.init(FilterDefinition.java:110)
at com.google.inject.servlet.ManagedFilterPipeline.initPipeline(ManagedFilterPipeline.java:98)
at com.google.inject.servlet.GuiceFilter.init(GuiceFilter.java:232)
at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:140)
at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:750)
at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:774) ............
Could someone please help me configure the plugin in the gerrit?
FYI,
attaching dockerfile and gerrit resource yaml file as well as the complete log files for both gerrit and gerrit-replica pod.
Sorry for the noise and thank you for your help.
Regards,
Swapna
Thomas Dräbing
Jun 10, 2024, 7:46:30 AMJun 10
to swapna vegi, Repo and Gerrit Discussion
On Mon, 10 Jun 2024 at 13:34, swapna vegi <swapna...@gmail.com> wrote:
Hi,
Thanks David. I could build the oauth.jar file in standalone mode using the latest fix. However, I still face errors while building it in a gerrit tree mode.
Errors as attached in the log file.
steps followed to build in gerrit mode.
--> git clone https://gerrit.googlesource.com/gerrit--> git clone https://gerrit.googlesource.com/plugins/oauth--> cd gerrit/plugins--> ln -s ../../oauth .--> rm external_plugin_deps.bzl
--> ln -s oauth/external_plugin_deps.bzl .--> bazel build plugins/oauth
I built the image with the Gerrit-base dockerfile by adding the newly generated oauth.jar file and have done the basic configuration in my Gerrit yaml file.
however, my Gerrit container is not up and running. It is going to crashloopbackoff error. The logs indicate the error is:
Invalid plugin file /var/gerrit/plugins/oauth.jar: cannot get plugin name
[2024-06-10T10:40:53.961Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loading plugins from /var/gerrit/plugins
Jun 10, 2024 10:40:54 AM com.google.inject.servlet.GuiceFilter setPipeline
WARNING: Multiple Servlet injectors detected. This is a warning indicating that you have more than one GuiceFilter running in your web application. If this is deliberate, you may safely ignore this message. If this is NOT deliberate however, your application may not work as expected.
[2024-06-10T10:40:54.090Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin healthcheck (w/ ApiModule), version v3.5.6-20-g2432849168 ..............
Looks like the jar file in the Gerrit site is not valid. Have you tried to run Gerrit with the plugin locally on your machine? Could you also post the logs of the gerrit-init container? Have you checked whether the plugin file in the site has a reasonable size and expected SHA sum?
Also, you don't need to build in the plugin into the image, if you anyway download it from artifactory. Building it into the image would require you to also change the scripts in the gerrit-init container, so that the scripts install the plugin. Another option would be to build Gerrit itself and include the plugin into the war-file. Then it can be installed like any core plugin.
My gerrit replica pod is also not fully functioning as the gerrit container is not up. Error for the gerrit container in the gerrit replica pod:
Caused by: javax.servlet.ServletException: OAuth service provider wasn't installed
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.pickSSOServiceProvider(OAuthWebFilter.java:180)
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.init(OAuthWebFilter.java:74)
at com.google.inject.servlet.FilterDefinition.init(FilterDefinition.java:110)
at com.google.inject.servlet.ManagedFilterPipeline.initPipeline(ManagedFilterPipeline.java:98)
at com.google.inject.servlet.GuiceFilter.init(GuiceFilter.java:232)
at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:140)
at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:750)
at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:774) ............
Looks like your gerrit.config configures Gerrit to use Oauth but the plugin has not been installed.
HTH,
Thomas
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/21e942f0-6f73-465b-874e-7fc570d1d057n%40googlegroups.com.
swapna vegi
Jun 10, 2024, 8:44:46 AMJun 10
to Thomas Dräbing, Repo and Gerrit Discussion
Hi Thomas,
PFB the logs of gerrit-init container.
PFB the logs of gerrit-init container.
[2024-06-10 10:40:26,792] INFO Requiring plugins: ['healthcheck']
[2024-06-10 10:40:26,792] INFO Requiring libs: []
[2024-06-10 10:40:26,802] INFO Removed plugin oauth.jar
[2024-06-10 10:40:26,802] INFO Removed plugin delete-project.jar
[2024-06-10 10:40:26,802] INFO Removed plugin download-commands.jar
[2024-06-10 10:40:26,803] INFO Removed plugin gitiles.jar
[2024-06-10 10:40:26,807] INFO Installing plugin healthcheck from container to /var/gerrit/plugins/healthcheck.jar.
[2024-06-10 10:40:26,808] DEBUG SHA1 of file '/var/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc
[2024-06-10 10:40:26,809] DEBUG SHA1 of file '/var/gerrit/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc
[2024-06-10 10:40:26,809] INFO Installing packaged plugin download-commands.
[2024-06-10 10:40:26,816] INFO Installing packaged plugin delete-project.
[2024-06-10 10:40:26,827] INFO Installing packaged plugin gitiles.
[2024-06-10 10:40:26,851] INFO Downloading oauth plugin to /var/gerrit/plugins/oauth.jar
[2024-06-10 10:40:27,974] DEBUG SHA1 of file '/var/gerrit/plugins/oauth.jar' is 775fadd515a7d952220c54031f7fb6511aec7321
[2024-06-10 10:40:30,450] INFO Installed Gerrit version: gerrit version 3.9.1; Provided Gerrit version: gerrit version 3.9.1).
[2024-06-10 10:40:30,450] INFO Plugins were installed or updated. Initializing.
[2024-06-10 10:40:30,450] INFO Existing gerrit.config found.
Generating SSH host key ... rsa... ed25519... ecdsa 384... ecdsa 521... done
Initialized /var/gerrit
[2024-06-10 10:40:38,196] INFO Skipping reindexing.
Also, We could not run the gerrit with the plugins locally as we are having space crunch issues with minikube.
Could you please let us know how to build gerrit so that we can add the custom built plugins into the war file?
Not able to access the site to check the plugin details as the container is not up and running.
Could you please let us know how to build gerrit so that we can add the custom built plugins into the war file?
Not able to access the site to check the plugin details as the container is not up and running.
Thomas Dräbing
Jun 10, 2024, 8:47:36 AMJun 10
to swapna vegi, Repo and Gerrit Discussion
Why did you not reply on the mailing list? This might be of interest to other users as well.
On Mon, 10 Jun 2024 at 14:34, swapna vegi <swapna...@gmail.com> wrote:
On Monday, June 10, 2024 at 5:16:30 PM UTC+5:30 Thomas Dräbing wrote:
On Mon, 10 Jun 2024 at 13:34, swapna vegi <swapna...@gmail.com> wrote:
Hi,
Thanks David. I could build the oauth.jar file in standalone mode using the latest fix. However, I still face errors while building it in a gerrit tree mode.
Errors as attached in the log file.
steps followed to build in gerrit mode.
--> git clone https://gerrit.googlesource.com/gerrit--> git clone https://gerrit.googlesource.com/plugins/oauth--> cd gerrit/plugins--> ln -s ../../oauth .--> rm external_plugin_deps.bzl
--> ln -s oauth/external_plugin_deps.bzl .--> bazel build plugins/oauth
I built the image with the Gerrit-base dockerfile by adding the newly generated oauth.jar file and have done the basic configuration in my Gerrit yaml file.
however, my Gerrit container is not up and running. It is going to crashloopbackoff error. The logs indicate the error is:
Invalid plugin file /var/gerrit/plugins/oauth.jar: cannot get plugin name
[2024-06-10T10:40:53.961Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loading plugins from /var/gerrit/plugins
Jun 10, 2024 10:40:54 AM com.google.inject.servlet.GuiceFilter setPipeline
WARNING: Multiple Servlet injectors detected. This is a warning indicating that you have more than one GuiceFilter running in your web application. If this is deliberate, you may safely ignore this message. If this is NOT deliberate however, your application may not work as expected.
[2024-06-10T10:40:54.090Z] [main] INFO com.google.gerrit.server.plugins.PluginLoader : Loaded plugin healthcheck (w/ ApiModule), version v3.5.6-20-g2432849168 ..............
Looks like the jar file in the Gerrit site is not valid. Have you tried to run Gerrit with the plugin locally on your machine? Could you also post the logs of the gerrit-init container? Have you checked whether the plugin file in the site has a reasonable size and expected SHA sum?
Here, is my logs for the gerrit-init container. We cannot login to the pod so we cannot check the plugins folder inside the site. Also, not able to run gerrit with the plugin as I'm getting space crunch issues when running it on Minikube.
You can always just mount the volume for the site in some basic pod. The plugin is copied to that volume during init.
When running it locally, I meant outside of docker and Kubernetes. Just run Gerrit locally while having the plugin installed in a local site.
Additionally, could you please let us know how to build gerrit so that we can add the custom plugins into it?
That can be done following this guide: https://gerrit-review.googlesource.com/Documentation/dev-build-plugins.html#_bazel_in_tree_driven
With that set up. You can build Gerrit using `bazelisk build release`.
[2024-06-10 10:40:26,792] INFO Requiring plugins: ['healthcheck'][2024-06-10 10:40:26,792] INFO Requiring libs: [][2024-06-10 10:40:26,802] INFO Removed plugin oauth.jar[2024-06-10 10:40:26,802] INFO Removed plugin delete-project.jar[2024-06-10 10:40:26,802] INFO Removed plugin download-commands.jar[2024-06-10 10:40:26,803] INFO Removed plugin gitiles.jar[2024-06-10 10:40:26,807] INFO Installing plugin healthcheck from container to /var/gerrit/plugins/healthcheck.jar.[2024-06-10 10:40:26,808] DEBUG SHA1 of file '/var/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc[2024-06-10 10:40:26,809] DEBUG SHA1 of file '/var/gerrit/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc[2024-06-10 10:40:26,809] INFO Installing packaged plugin download-commands.[2024-06-10 10:40:26,816] INFO Installing packaged plugin delete-project.[2024-06-10 10:40:26,827] INFO Installing packaged plugin gitiles.[2024-06-10 10:40:26,851] INFO Downloading oauth plugin to /var/gerrit/plugins/oauth.jar[2024-06-10 10:40:27,974] DEBUG SHA1 of file '/var/gerrit/plugins/oauth.jar' is 775fadd515a7d952220c54031f7fb6511aec7321[2024-06-10 10:40:30,450] INFO Installed Gerrit version: gerrit version 3.9.1; Provided Gerrit version: gerrit version 3.9.1).[2024-06-10 10:40:30,450] INFO Plugins were installed or updated. Initializing.[2024-06-10 10:40:30,450] INFO Existing gerrit.config found.Generating SSH host key ... rsa... ed25519... ecdsa 384... ecdsa 521... doneInitialized /var/gerrit[2024-06-10 10:40:38,196] INFO Skipping reindexing.
This looks ok assuming that the jar-file is valid. Have you tried to unpack the jar file on your machine to see whether that works? How does the content look like?
Also, you don't need to build in the plugin into the image, if you anyway download it from artifactory. Building it into the image would require you to also change the scripts in the gerrit-init container, so that the scripts install the plugin. Another option would be to build Gerrit itself and include the plugin into the war-file. Then it can be installed like any core plugin.
My gerrit replica pod is also not fully functioning as the gerrit container is not up. Error for the gerrit container in the gerrit replica pod:
Caused by: javax.servlet.ServletException: OAuth service provider wasn't installed
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.pickSSOServiceProvider(OAuthWebFilter.java:180)
at com.google.gerrit.httpd.auth.oauth.OAuthWebFilter.init(OAuthWebFilter.java:74)
at com.google.inject.servlet.FilterDefinition.init(FilterDefinition.java:110)
at com.google.inject.servlet.ManagedFilterPipeline.initPipeline(ManagedFilterPipeline.java:98)
at com.google.inject.servlet.GuiceFilter.init(GuiceFilter.java:232)
at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:140)
at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:750)
at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Spliterators.java:992)
at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:734)
at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:774) ............
Looks like your gerrit.config configures Gerrit to use Oauth but the plugin has not been installed.HTH,Thomas
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/21e942f0-6f73-465b-874e-7fc570d1d057n%40googlegroups.com.
On Mon, 10 Jun 2024 at 13:34, swapna vegi <swapna...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/21e942f0-6f73-465b-874e-7fc570d1d057n%40googlegroups.com.
Message has been deleted
Message has been deleted
Message has been deleted
Matthias Sohn
Jun 11, 2024, 3:11:50 AMJun 11
to swapna vegi, Repo and Gerrit Discussion
On Tue, Jun 11, 2024 at 8:30 AM swapna vegi <swapna...@gmail.com> wrote:
I have unzipped the jar file and the contents looks fine.
Not able to attach the jar file. Hence, attaching a screenshot displaying the contents of the unzipped jar file.
Compare it to the content of the oauth plugin you can download from
Does the META-INF/MANIFEST.MF contain the usual gerrit plugin entries ?
Here the one from the version available on gerrit-ci.gerritforge.com
Here the one from the version available on gerrit-ci.gerritforge.com
Manifest-Version: 1.0
Implementation-Version: 98231604d6
Created-By: singlejar
Main-Class: Dummy
Gerrit-PluginName: gerrit-oauth-provider
Gerrit-Module: com.googlesource.gerrit.plugins.oauth.Module
Gerrit-HttpModule: com.googlesource.gerrit.plugins.oauth.HttpModule
Gerrit-InitStep: com.googlesource.gerrit.plugins.oauth.InitOAuth
Implementation-Title: Gerrit OAuth authentication provider
Implementation-URL: https://github.com/davido/gerrit-oauth-provider
Gerrit-ApiType: plugin
Gerrit-ApiVersion: 3.11.0-SNAPSHOT
Multi-Release: true
Implementation-Version: 98231604d6
Created-By: singlejar
Main-Class: Dummy
Gerrit-PluginName: gerrit-oauth-provider
Gerrit-Module: com.googlesource.gerrit.plugins.oauth.Module
Gerrit-HttpModule: com.googlesource.gerrit.plugins.oauth.HttpModule
Gerrit-InitStep: com.googlesource.gerrit.plugins.oauth.InitOAuth
Implementation-Title: Gerrit OAuth authentication provider
Implementation-URL: https://github.com/davido/gerrit-oauth-provider
Gerrit-ApiType: plugin
Gerrit-ApiVersion: 3.11.0-SNAPSHOT
Multi-Release: true
Install it in a locally installed gerrit site and try to run it.
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/42669661-f7e4-41b0-9a64-0a3368006c83n%40googlegroups.com.
swapna vegi
Jun 11, 2024, 5:25:53 AMJun 11
to Repo and Gerrit Discussion
And, this is my MANIFEST.MF which almost has the same parameters except the gerrit version.
Implementation-Version: 9823160
Gerrit-ApiVersion: 3.9.1
Manifest-Version: 1.0
Created-By: singlejar
Main-Class: Dummy
Gerrit-PluginName: gerrit-oauth-provider
Gerrit-Module: com.googlesource.gerrit.plugins.oauth.Module
Gerrit-HttpModule: com.googlesource.gerrit.plugins.oauth.HttpModule
Gerrit-InitStep: com.googlesource.gerrit.plugins.oauth.InitOAuth
Implementation-Title: Gerrit OAuth authentication provider
Implementation-URL: https://github.com/davido/gerrit-oauth-provider
Gerrit-ApiType: plugin
swapna vegi
Jun 11, 2024, 6:55:06 AMJun 11
to Repo and Gerrit Discussion
Hi Team,
I noticed that the jar file is not getting downloaded from the artifactory URL I have provided. It is expecting a different sha1, not sure from where it is getting downloaded and hence the Gerrit-init is not able to fetch the jar which I provided.
Logs of the gerrit-init container attached.
[2024-06-11 10:53:06,948] INFO Requiring plugins: ['healthcheck']
[2024-06-11 10:53:06,948] INFO Requiring libs: []
[2024-06-11 10:53:06,956] INFO Removed plugin download-commands.jar
[2024-06-11 10:53:06,957] INFO Removed plugin delete-project.jar
[2024-06-11 10:53:06,957] INFO Removed plugin gitiles.jar
[2024-06-11 10:53:06,962] INFO Installing plugin healthcheck from container to /var/gerrit/plugins/healthcheck.jar.
[2024-06-11 10:53:06,962] DEBUG SHA1 of file '/var/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc
[2024-06-11 10:53:06,962] DEBUG SHA1 of file '/var/gerrit/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc
[2024-06-11 10:53:06,963] INFO Installing packaged plugin download-commands.
[2024-06-11 10:53:06,970] INFO Installing packaged plugin delete-project.
[2024-06-11 10:53:06,981] INFO Installing packaged plugin gitiles.
[2024-06-11 10:53:07,005] INFO Downloading oauth plugin to /var/gerrit/plugins/oauth.jar
[2024-06-11 10:53:07,955] DEBUG SHA1 of file '/var/gerrit/plugins/oauth.jar' is 775fadd515a7d952220c54031f7fb6511aec7321
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/var/tools/gerrit-initializer/__main__.py", line 18, in <module>
main()
File "/var/tools/gerrit-initializer/main.py", line 89, in main
args.func(args)
File "/var/tools/gerrit-initializer/main.py", line 31, in _run_init
init.GerritInit(args.site, config).execute()
File "/var/tools/gerrit-initializer/initializer/tasks/init.py", line 189, in execute
self.plugin_installer.execute()
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 234, in execute
self._install_plugin(plugin)
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 264, in _install_plugin
self._install_jar(plugin, self.plugin_dir)
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 280, in _install_jar
self._download_plugin(plugin, target)
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 255, in _download_plugin
raise InvalidPluginException(
initializer.tasks.download_plugins.InvalidPluginException: SHA1 of downloaded file (775fadd515a7d952220c54031f7fb6511aec7321) did not match expected SHA1 (e9f41b38817b6aed85b0892b4dff55ef2b2c8cf8). Removed downloaded file (/var/gerrit/plugins/oauth.jar)
Could you please let me know if there is any possibility for this plugin to get downloaded from other sources?
Regards,
Swapna
I noticed that the jar file is not getting downloaded from the artifactory URL I have provided. It is expecting a different sha1, not sure from where it is getting downloaded and hence the Gerrit-init is not able to fetch the jar which I provided.
Logs of the gerrit-init container attached.
[2024-06-11 10:53:06,948] INFO Requiring plugins: ['healthcheck']
[2024-06-11 10:53:06,948] INFO Requiring libs: []
[2024-06-11 10:53:06,956] INFO Removed plugin download-commands.jar
[2024-06-11 10:53:06,957] INFO Removed plugin delete-project.jar
[2024-06-11 10:53:06,957] INFO Removed plugin gitiles.jar
[2024-06-11 10:53:06,962] INFO Installing plugin healthcheck from container to /var/gerrit/plugins/healthcheck.jar.
[2024-06-11 10:53:06,962] DEBUG SHA1 of file '/var/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc
[2024-06-11 10:53:06,962] DEBUG SHA1 of file '/var/gerrit/plugins/healthcheck.jar' is b5a285a0ed64bcae8a51de6c4f5086468670d8dc
[2024-06-11 10:53:06,963] INFO Installing packaged plugin download-commands.
[2024-06-11 10:53:06,970] INFO Installing packaged plugin delete-project.
[2024-06-11 10:53:06,981] INFO Installing packaged plugin gitiles.
[2024-06-11 10:53:07,005] INFO Downloading oauth plugin to /var/gerrit/plugins/oauth.jar
[2024-06-11 10:53:07,955] DEBUG SHA1 of file '/var/gerrit/plugins/oauth.jar' is 775fadd515a7d952220c54031f7fb6511aec7321
Traceback (most recent call last):
File "<frozen runpy>", line 198, in _run_module_as_main
File "<frozen runpy>", line 88, in _run_code
File "/var/tools/gerrit-initializer/__main__.py", line 18, in <module>
main()
File "/var/tools/gerrit-initializer/main.py", line 89, in main
args.func(args)
File "/var/tools/gerrit-initializer/main.py", line 31, in _run_init
init.GerritInit(args.site, config).execute()
File "/var/tools/gerrit-initializer/initializer/tasks/init.py", line 189, in execute
self.plugin_installer.execute()
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 234, in execute
self._install_plugin(plugin)
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 264, in _install_plugin
self._install_jar(plugin, self.plugin_dir)
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 280, in _install_jar
self._download_plugin(plugin, target)
File "/var/tools/gerrit-initializer/initializer/tasks/download_plugins.py", line 255, in _download_plugin
raise InvalidPluginException(
initializer.tasks.download_plugins.InvalidPluginException: SHA1 of downloaded file (775fadd515a7d952220c54031f7fb6511aec7321) did not match expected SHA1 (e9f41b38817b6aed85b0892b4dff55ef2b2c8cf8). Removed downloaded file (/var/gerrit/plugins/oauth.jar)
Could you please let me know if there is any possibility for this plugin to get downloaded from other sources?
Regards,
Swapna
David Ostrovsky
Jun 11, 2024, 4:30:19 PMJun 11
to Repo and Gerrit Discussion
Please avoid top posting on this list.
It's hard to follow the discussion.
You can download the prebuilt version of OAuth plugin from GerritForge-CI,
built against Gerrit@HEAD: [1], built against Gerrit 3.10: [2] and built against
Gerrit 3.9: [3].
David Ostrovsky
Jun 11, 2024, 4:34:57 PMJun 11
to Repo and Gerrit Discussion
Forgot to mention you can also download a pre-built version
of oauth plugin from this GitHub repository: [4].
Reply all
Reply to author
Forward
0 new messages