HTTP(S) and SSH Calls lead to Received HTTP code 503 from proxy after CONNECT
355 views
Skip to first unread message
Sebastian Siegert
Sep 20, 2021, 2:13:01 PM9/20/21
to Repo and Gerrit Discussion
Hi everyone,
we're currently setting up a Gerrit on our OpenShift Cluster and ran into some trouble. We are using Keycloak as an identity provider which has been successfully setup in the config.
I can access the Gerrit GUI with my Keycloak Login and I am granted administrational rights. Hence I was able to create repositories etc.
When trying to clone my newly created test_repo, I receive a Code 503. When trying to using SSH I get a
ssh: connect to host gerrit.apps.composer.nfd.whv.sa-dxc port 29418: Connection timed out"
ssh: connect to host gerrit.apps.composer.nfd.whv.sa-dxc port 29418: Connection timed out"
fatal: Could not read from remote repository.
message.
We curled the repo with
curl -v -X GET https://gerrit.apps.composer.nfd.whv.sa-dxc/projects/?d -k
to verify that we can at least talk to the API. GET calls worked properly, I did receive a response with the actual list of projects.
We found two additional oddities:
- When I logged in, the user group "user/Sebastian Siegert (ssiegert)" has been created, when I try to access it I get a Code 400 - Group does not exist
- I can't modify SSH information, so I can't manually create a certificate and assign it to my account (probably because the identity data comes from Keycloak)
We are using Gerrit 3.2.6 on an OpenShift 4.7 cluster.
Do you have any clue why REST calls work but git does not? Does anyone have experience in hosting Gerrit on OpenShift or at least Kubernetes and has run into similar troubles? I'd really appreciate any idea.
Regards
Sebastian
Regards
Sebastian
Nasser Grainawi
Sep 21, 2021, 10:47:20 AM9/21/21
to Sebastian Siegert, Repo and Gerrit Discussion
Any way you can separate the OpenShift complexity from the keycloak complexity? i.e. can you run a test server locally that uses this keycloak instance? If yes, does that test server have those same problems with viewing your user group and modifying SSH information? I don’t think I’ve heard of issues like these ever before, but I don’t know how many people have tried to use Keycloak or OpenShift before. These sound more like they could be permission mismatch issues with the user account running your Gerrit service and the filesystem though (but not completely because you said you could create repos).
Also, you probably want to use 3.2.13 unless you have a very specific reason to use 3.2.6: https://www.gerritcodereview.com/3.2.html#3213
Regards
Sebastian--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/9a4df0f4-2a7e-461f-b03c-e5f2abe4a5f8n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages