You state the information is still in the DB. Were all of your changes
against the external-ids table in your database? Since you mention the
DB I can only assume that you upgraded to 2.16. If this is true, then
the upgrade to 2.16 did a forced migration of all of the external-ids
into NoteDB and no longer references the DB for account checks.
See my recent email [0] about this exact problem.
Here's the relevant extract from the write-up I had to give to my team
on how to fix these sort of problems:
--[cut]--
Let's say
the following is true:
Account having issues: FooPerson
Original email:
foop...@example.org
New LFID email:
pers...@example.org
[code]
export GERRIT_USER=FooPerson
export GERRIT_BASE=
gerrit.example.org/r
# GERRIT_BASE should be your canonicalWebUrl
curl "https://${GERRIT_BASE}/accounts/?suggest&q=FooPerson"
)]}'
[
{
"_account_id": 10000,
"name": "Foo Bear",
"email": "
foop...@example.org",
"username": "FooPerson"
}
]
grep -Rm1 'accountId = 10000$'
1d/061ba9b156d95bd612fbf82cd4f7b28b514320: accountId = 10000
2d/e013766e621ed981b18d9927370ede7323023d: accountId = 10000
2d/064c9bc0860cfee5ab09aad770e999411a57b0: accountId = 10000
cat 1d/061ba9b156d95bd612fbf82cd4f7b28b514320
[externalId "gerrit:FooPerson"]
accountId = 10000
email =
foop...@example.org
cat 2d/e013766e621ed981b18d9927370ede7323023d
[externalId "username:FooPerson"]
accountId = 10000
cat 2d/064c9bc0860cfee5ab09aad770e999411a57b0
[externalId "mailto:
pers...@example.org"]
accountId = 10000
email =
pers...@example.org
[/code]
NOTE: the username record, may or may not have a password field in it,
that field is the https password that they would be using encrypted
using a salted bcrypt.
NOTE: These are ini style files and they require a hard tab, not expand
tab as displayed here
In this example the account has the new address already attached... we
need to remove that record, move the old address into a new record and
replace the old address with a new one, all in a single commit.
[code]
git rm 2d/064c9bc0860cfee5ab09aad770e999411a57b0
echo -n 'mailto:
foop...@example.org$' | sha1sum
fe6e22cf0f4618ac92c1c69292ff649c0349a322
vim fe/6e22cf0f4618ac92c1c69292ff649c0349a322
[externalId "mailto:
foop...@example.org$"]
accountId = 10000
email =
foop...@example.org$
git add fe/6e22cf0f4618ac92c1c69292ff649c0349a322
# change the email in 1d/061ba9b156d95bd612fbf82cd4f7b28b514320
vim 1d/061ba9b156d95bd612fbf82cd4f7b28b514320
[externalId "gerrit:FooPerson"]
accountId = 10000
email =
pers...@example.org
git add 1d/061ba9b156d95bd612fbf82cd4f7b28b514320
[/code]
At this point, we should be good to commit and push this up
[code]
git commit -as
# commit message similar to:
Fixing accountId 10000 (FooPerson)
Issue: LINK_TO_ISSUE_TRACKER
Signed-off-by: Andrew Grimberg <
agri...@linuxfoundation.org>
[/code]
Note: we want the issue linked to our jira since you're doing this to
another Gerrit
Now push it up
[code]
git push origin HEAD:refs/meta/external-ids
[/code]
As long as we did everything correctly, then Gerrit will accept the
change and the customer should now be able to login. If we did something
badly, then Gerrit will reject the change and give you a reason why
--[/cut]--
Please note, this operation will only succeed if you can successfully
push back to refs/meta/external-ids. It will fail if there are any other
consistency issues.
Since you did an upgrade there's a high probability of consistency
issues with your accounts. You're going to need to clean all of those up.
You can check for problems by doing something like this:
--[cut]--
echo '{
"check_accounts": {},
"check_account_external_ids": {}
}' > consistency.json
export GERRIT_BASE=
gerrit.example.org/r
# GERRIT_BASE should be your canonicalWebUrl
curl -n -s -X POST -H "Content-Type: application/json" \
-d @consistency.json \
"https://${GERRIT_BASE}/a/config/server/check.consistency" | \
sed "s/\\\\u0027/'/g"
--[/cut]--
The -n in the curl tells it to use a .netrc file to lookup your user
credentials for the operations since the /a/ URI fragment is an
authenticated fragment.
If you get back any problems in the check_accounts_result you're going
to potentially have to take corrective action on their user account
object as well, but I would clean up all issues out of the external_ids
check first.
Account objects are sharded as
refs/users/NN/YYNN
Where YYNN == the user accountId and the NN from the end of the
accountId is the sharding index. If the accountId is less than 10 then
NN == 0Y
So for instance account 1 is at:
refs/users/01/1
account 10 is at:
refs/users/10/10
and account 456323456 is at:
refs/users/56/456323456
Well... at least from extrapolation, I bet if you had accountIds that
big there would be another level (or more) of sharding injected but I
don't know when the sharding happens ;)
-Andy-
[0]
https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/repo-discuss/uNFC6MXucD8