search

openfrontier / docker-gerrit

Build a Docker image with the Gerrit code review system
Apache License 2.0
196 stars 118 forks source link

Gerrit replication fails when passing GERRIT_USER env #67

Closed raghavendrapj closed 5 years ago

raghavendrapj commented 7 years ago

We are working on a SaaS solution and are using gerrit 2.13.x for gerrit deployments, We were always passing GERRIT_USER so that gerrit application runs as GERRIT_USER and the entire application lifecycle can be managed externally.

The Gerrit is up (running as GERRIT_USER), but fails in Replication plugin, though i have added the right set of keys in GERRIT_USER's home directory which is /var/gerrit/.ssh/known_hosts it fails with following error.

[2017-08-09 12:08:45,155] [c7666245] Replication to git@git.something.com:/bt-test.git started...
[2017-08-09 12:08:45,185] [c7666245] Push to git@git.something.com:/bt-test.git references: [RemoteRefUpdate[remoteName=refs/heads/master, NOT_ATTEMPTED, (null)...4262aadf27aa0867ba15e3b16c348eae08fb3d39, srcRef=refs/heads/master, message=null]]
[2017-08-09 12:08:45,978] [c7666245] Unexpected error during replication to git@git.something.com:/bt-test.git
org.eclipse.jgit.errors.UnsupportedCredentialItem: ssh://git@git.something.com:22: The authenticity of host 'git.something.com' can't be established.
RSA key fingerprint is xx:3c:b1:cc:9d:0d:b1:ed:d1:88:b2:13:da:b4:4f:a9.
Are you sure you want to continue connecting?
    at com.googlesource.gerrit.plugins.replication.SecureCredentialsProvider.get(SecureCredentialsProvider.java:76)
    at org.eclipse.jgit.transport.CredentialsProviderUserInfo.promptYesNo(CredentialsProviderUserInfo.java:124)
    at com.jcraft.jsch.Session.checkHost(Session.java:785)

However, If i dont pass in the GERRIT_USER it works fine and replication plugin is also working as expected. Is it not possible for me to run Gerrit as a different user?

I have already tried with invalidating the cache with following command but fails.

ssh -p 29418 user@localhost gerrit flush-caches --cache sshkeys

thinkernel commented 7 years ago

Hi there. I think GERRIT_USER is designed to be used as a build time and run time environment variable. From the beginning of the Dockerfile, a user is created according to the $GERRIT_USER. Other commands are run under the same user id by using gosu. If you want to switch the user id at runtime then you need to create the switched user before starting gerrit daemon. I wonder how can you achieve that in docker container.