Replication plugin - git-receive-pack not permitted error
128 views
Skip to first unread message
ishan badgainya
Jul 18, 2024, 10:31:23 AM7/18/24
to Repo and Gerrit Discussion
I have two servers -
Primary
Secondary
I have installed replication plugin on Primary with the following config -
replication.config
[gerrit]
autoReload = true
replicateOnStartup = true
[replication]
excludeRefs = ^refs/users/\\d\\d/\\d+/edit-\\d+/\\d+$
lockErrorMaxRetries = 5
maxRetries = 100
useCGitClient = false
consumeStreamEvents = false
syncRefs="ALL REFS ASYNC"
maxApiPayloadSize=40000
[remote "replica"]
url = http://x.x.x.x:8080/${name}
apiUrl = http://x.x.x.x:8080
push = +refs/*:refs/*
mirror = true
timeout = 60 # In seconds
connectionTimeout = 120000 # In mseconds
rescheduleDelay = 15
replicationDelay = 0
threads = 4
createMissingRepositories = true
replicateProjectDeletions = true
replicateHiddenProjects = true
tagopt= --no-tags
autoReload = true
replicateOnStartup = true
[replication]
excludeRefs = ^refs/users/\\d\\d/\\d+/edit-\\d+/\\d+$
lockErrorMaxRetries = 5
maxRetries = 100
useCGitClient = false
consumeStreamEvents = false
syncRefs="ALL REFS ASYNC"
maxApiPayloadSize=40000
[remote "replica"]
url = http://x.x.x.x:8080/${name}
apiUrl = http://x.x.x.x:8080
push = +refs/*:refs/*
mirror = true
timeout = 60 # In seconds
connectionTimeout = 120000 # In mseconds
rescheduleDelay = 15
replicationDelay = 0
threads = 4
createMissingRepositories = true
replicateProjectDeletions = true
replicateHiddenProjects = true
tagopt= --no-tags
Secure.config -
(Password is HTTP password from Secondary)
[auth]
registerEmailPrivateKey = KCrJ5QMm{hidden}hSxG4JoEmf520z8=
[remote "replica"]
username = admin
password = wJ0mL{hidden}qn27YXDLtr0dfQ
registerEmailPrivateKey = KCrJ5QMm{hidden}hSxG4JoEmf520z8=
[remote "replica"]
username = admin
password = wJ0mL{hidden}qn27YXDLtr0dfQ
But getting this error on every action I perform on Primary. Here I am trying to create a project in Primary -
----
[2024-07-18 14:22:01,477] Replication to http://x.x.x.x:8080/12.git started... [CONTEXT pushOneId="e166e6ce" ]
[2024-07-18 14:22:01,478] Push to http://x.x.x.x:8080/12.git references: RemoteRefUpdate{refSpec=refs/meta/config:refs/meta/config, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[8123cb8486cc59a68705f0c57700d74383c85190], force=yes, delete=no, ffwd=no}, RemoteRefUpdate{refSpec=refs/heads/master:refs/heads/master, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[e3e6bd7d2f58c116032fe07b1326d96404c6e8db], force=yes, delete=no, ffwd=no}, RemoteRefUpdate{refSpec=refs/heads/test:refs/heads/test, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[e3e6bd7d2f58c116032fe07b1326d96404c6e8db], force=yes, delete=no, ffwd=no} [CONTEXT pushOneId="e166e6ce" ]
[2024-07-18 14:22:01,481] Cannot replicate to http://x.x.x.x:8080/12.git [CONTEXT pushOneId="e166e6ce" ]
org.eclipse.jgit.errors.TransportException: http://x.x.x.x:8080/12.git: git-receive-pack not permitted on 'http://x.x.x.x:8080/12.git/'
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:702)
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:637)
at org.eclipse.jgit.transport.TransportHttp.openPush(TransportHttp.java:541)
at org.eclipse.jgit.transport.PushProcess.execute(PushProcess.java:140)
at org.eclipse.jgit.transport.Transport.push(Transport.java:1557)
at org.eclipse.jgit.transport.Transport.push(Transport.java:1603)
at com.googlesource.gerrit.plugins.replication.PushOne.pushInBatches(PushOne.java:591)
at com.googlesource.gerrit.plugins.replication.PushOne.pushVia(PushOne.java:584)
at com.googlesource.gerrit.plugins.replication.PushOne.runImpl(PushOne.java:555)
at com.googlesource.gerrit.plugins.replication.PushOne.doRunPushOperation(PushOne.java:437)
at com.googlesource.gerrit.plugins.replication.PushOne.runPushOperation(PushOne.java:405)
at com.googlesource.gerrit.plugins.replication.PushOne.lambda$run$2(PushOne.java:391)
at com.google.gerrit.server.util.RequestScopePropagator.lambda$cleanup$1(RequestScopePropagator.java:186)
at com.google.gerrit.server.util.RequestScopePropagator.lambda$context$0(RequestScopePropagator.java:174)
at com.google.gerrit.server.git.PerThreadRequestScope$Propagator.lambda$scope$0(PerThreadRequestScope.java:70)
at com.googlesource.gerrit.plugins.replication.PushOne.run(PushOne.java:394)
at com.google.gerrit.server.logging.LoggingContextAwareRunnable.run(LoggingContextAwareRunnable.java:113)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at com.google.gerrit.server.git.WorkQueue$Task.run(WorkQueue.java:699)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
[2024-07-18 14:22:01,478] Push to http://x.x.x.x:8080/12.git references: RemoteRefUpdate{refSpec=refs/meta/config:refs/meta/config, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[8123cb8486cc59a68705f0c57700d74383c85190], force=yes, delete=no, ffwd=no}, RemoteRefUpdate{refSpec=refs/heads/master:refs/heads/master, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[e3e6bd7d2f58c116032fe07b1326d96404c6e8db], force=yes, delete=no, ffwd=no}, RemoteRefUpdate{refSpec=refs/heads/test:refs/heads/test, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[e3e6bd7d2f58c116032fe07b1326d96404c6e8db], force=yes, delete=no, ffwd=no} [CONTEXT pushOneId="e166e6ce" ]
[2024-07-18 14:22:01,481] Cannot replicate to http://x.x.x.x:8080/12.git [CONTEXT pushOneId="e166e6ce" ]
org.eclipse.jgit.errors.TransportException: http://x.x.x.x:8080/12.git: git-receive-pack not permitted on 'http://x.x.x.x:8080/12.git/'
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:702)
at org.eclipse.jgit.transport.TransportHttp.connect(TransportHttp.java:637)
at org.eclipse.jgit.transport.TransportHttp.openPush(TransportHttp.java:541)
at org.eclipse.jgit.transport.PushProcess.execute(PushProcess.java:140)
at org.eclipse.jgit.transport.Transport.push(Transport.java:1557)
at org.eclipse.jgit.transport.Transport.push(Transport.java:1603)
at com.googlesource.gerrit.plugins.replication.PushOne.pushInBatches(PushOne.java:591)
at com.googlesource.gerrit.plugins.replication.PushOne.pushVia(PushOne.java:584)
at com.googlesource.gerrit.plugins.replication.PushOne.runImpl(PushOne.java:555)
at com.googlesource.gerrit.plugins.replication.PushOne.doRunPushOperation(PushOne.java:437)
at com.googlesource.gerrit.plugins.replication.PushOne.runPushOperation(PushOne.java:405)
at com.googlesource.gerrit.plugins.replication.PushOne.lambda$run$2(PushOne.java:391)
at com.google.gerrit.server.util.RequestScopePropagator.lambda$cleanup$1(RequestScopePropagator.java:186)
at com.google.gerrit.server.util.RequestScopePropagator.lambda$context$0(RequestScopePropagator.java:174)
at com.google.gerrit.server.git.PerThreadRequestScope$Propagator.lambda$scope$0(PerThreadRequestScope.java:70)
at com.googlesource.gerrit.plugins.replication.PushOne.run(PushOne.java:394)
at com.google.gerrit.server.logging.LoggingContextAwareRunnable.run(LoggingContextAwareRunnable.java:113)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at com.google.gerrit.server.git.WorkQueue$Task.run(WorkQueue.java:699)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
------
ishan badgainya
Jul 18, 2024, 10:34:24 AM7/18/24
to Repo and Gerrit Discussion
Missed to add that I am on Gerrit 3.9.5
Martin Fick
Jul 18, 2024, 4:57:25 PM7/18/24
to ishan badgainya, Repo and Gerrit Discussion
On Thu, Jul 18, 2024 at 8:31 AM 'ishan badgainya' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:
I have two servers -PrimarySecondary
What do you have configured on your secondary to receive git pushes? Have you tried pushing manually to the secondary?
I have installed replication plugin on Primary with the following config -replication.config
...
[replication]
maxRetries = 100
Yikes, this seems like you could waste a lot of resources on permanent errors.
useCGitClient = false
consumeStreamEvents = false
syncRefs="ALL REFS ASYNC"
maxApiPayloadSize=40000
I am not familiar with these config items, and don't see them listed here https://gerrit.googlesource.com/plugins/replication/+/refs/tags/v3.9.5/src/main/resources/Documentation/config.md
I don't see
adminUrl defined, you need that to create new repositories on your destination with ssh. I don't think apiUrl is supported by 3.9.5?
tagopt= --no-tags
I don't see this as a supported option?
But getting this error on every action I perform on Primary. Here I am trying to create a project in Primary -----[2024-07-18 14:22:01,477] Replication to http://x.x.x.x:8080/12.git started... [CONTEXT pushOneId="e166e6ce" ]
[2024-07-18 14:22:01,478] Push to http://x.x.x.x:8080/12.git references: RemoteRefUpdate{refSpec=refs/meta/config:refs/meta/config, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[8123cb8486cc59a68705f0c57700d74383c85190], force=yes, delete=no, ffwd=no}, RemoteRefUpdate{refSpec=refs/heads/master:refs/heads/master, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[e3e6bd7d2f58c116032fe07b1326d96404c6e8db], force=yes, delete=no, ffwd=no}, RemoteRefUpdate{refSpec=refs/heads/test:refs/heads/test, status=NOT_ATTEMPTED, id=(null)..AnyObjectId[e3e6bd7d2f58c116032fe07b1326d96404c6e8db], force=yes, delete=no, ffwd=no} [CONTEXT pushOneId="e166e6ce" ]
[2024-07-18 14:22:01,481] Cannot replicate to http://x.x.x.x:8080/12.git [CONTEXT pushOneId="e166e6ce" ]
org.eclipse.jgit.errors.TransportException: http://x.x.x.x:8080/12.git: git-receive-pack not permitted on 'http://x.x.x.x:8080/12.git/'
Are you trying to push directly to your Gerrit secondary's port, this isn't supported for secondaries. You need to set up another way,
such as git-daemon,
to receive your git pushes, have you done that?
-Martin
Kai Lei
Jul 18, 2024, 9:37:32 PM7/18/24
to Martin Fick, ishan badgainya, Repo and Gerrit Discussion
Are you sure you can clone repo via this url 'http://x.x.x.x:8080/12.git/'? I will suggest you use ssh or git protocol.
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/CAEUc7cgUTh9dyRx3%3DU79eE58vSZdjf0dUxnvKsY9xrTsGDTU8g%40mail.gmail.com.
ishan badgainya
Jul 19, 2024, 12:59:21 AM7/19/24
to Repo and Gerrit Discussion
Hi Marting,
Thanks for pointing out those config issues. I have nothing configured on the secondary.
I was under the assumption that replication plugin itself is capable of pushing all the changes to secondary. I did not see anything related to git-daemon in the replication document.
If this is not the case, then is there a documentation which would describe how to setup both primary and secondary servers?
Can we do this using replication and pull replication plugin?
Kai Lei
Jul 19, 2024, 1:17:33 AM7/19/24
to ishan badgainya, Repo and Gerrit Discussion
I highly recommend use pull replication instead of push, since pull is much faster than push
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/repo-discuss/fca6d8dd-27d2-4e88-9192-1fb9f6cd6d3en%40googlegroups.com.
ishan badgainya
Jul 19, 2024, 1:34:55 AM7/19/24
to Repo and Gerrit Discussion
Hi Kai,
Does this mean I only need to configure pull replication plugin on secondary?
Martin Fick
Jul 22, 2024, 6:37:26 PM7/22/24
to ishan badgainya, Repo and Gerrit Discussion
On Thu, Jul 18, 2024 at 10:59 PM 'ishan badgainya' via Repo and Gerrit Discussion <repo-d...@googlegroups.com> wrote:
I was under the assumption that replication plugin itself is capable of pushing all the changes to secondary. I did not see anything related to git-daemon in the replication document.
The replication plugin pushes git data to git repositories using either ssh://, git://, http://, or file://. In the case of ssh:// the receiving end needs the
git receive-pack executable
made available via an ssh server setup (usually by installing git on the receiving end). The git:// protocol requires running git-daemon https://git-scm.com/book/en/v2/Git-on-the-Server-Git-Daemon on the receiving end, and http:// requires https://git-scm.com/docs/git-http-backend I believe. file:// does not require any setup, but does require direct access to the receiving filesystem. Both ssh:// and http:// likely require some form of auth setup.
If this is not the case, then is there a documentation which would describe how to setup both primary and secondary servers?
There are some details here https://gerrit.googlesource.com/plugins/replication/+/refs/tags/v3.9.5/src/main/resources/Documentation/about.md but it would be great to add a minor intro like what I wrote above to that page (maybe you can upload a change to do so)?
Can we do this using replication and pull replication plugin?
Others will be better at commenting about pull replication plugin, I am not really knowledgeable about it...
-Martin
Luca Milanesio
Jul 22, 2024, 7:03:12 PM7/22/24
to Repo and Gerrit Discussion, Luca Milanesio
The pull-replication plugin can work directly between two Gerrit servers, without the need to an additional git-daemon.
There are some caveats though:
1. You cannot replicate reliably All-Users.git, unless you are using a bearer token
2. You cannot replicate hidden projects, as Gerrit won’t serve the Git protocol for them
HTH
Luca.
Reply all
Reply to author
Forward
0 new messages