Page MenuHomePhabricator

Update gerrit to 2.13.8
Closed, ResolvedPublic

Description

The release notes are at https://www.gerritcodereview.com/releases/2.13.md#2.13.8

It includes submodules updates which is the main fix for us as it would have helped me catch problems with submodule problems when we first upgraded to gerrit 2.13.

It also include "Don't truncate long lines in diff screens" fix, though it dosent fix the problem in all cases as I found, but still an improvement to diffs.

"Allow user with "Maintain Server" permission to find all changes."

"Allow to continue reindex despite failures."

"Be more consistent about object ids used in ref operation validation." <-- that one is a major bug fix we want. Though we did not experience it it can happen at any time preventing branches from being created through web ui (maybe also through git too). That bug was exposed when they updated the hooks plugin on master.

Also another fix is "Upgrade JGit to 4.5.1.201703201650-r."

"Among other bug fixes, this version includes a fix for packfile list

inconsistency in memory due to temporary lack of system resources during
read, which caused transient "file not found" errors."

Event Timeline

Paladox created this task.Feb 24 2017, 8:29 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 24 2017, 8:29 AM
Paladox moved this task from Bugs & stuff to Local hacks on the Gerrit board.Feb 27 2017, 3:45 PM

We will not want to do "Allow HTTP password when using LDAP and basic authentication." as in gerrit 2.13 passwords are not hashed for git cloning over http.

But is now hashed in gerrit 2.14.

demon added a comment.Mar 1 2017, 6:37 PM

We will not want to do "Allow HTTP password when using LDAP and basic authentication." as in gerrit 2.13 passwords are not hashed for git cloning over http.

The passwords are over HTTPS, so it's not a huge deal. But this doesn't impact us I don't think. The key word here is and. The second line of that changelog entry is a little more telling (emphasis mine):

"It was not possible to use HTTP password to validate git over HTTP and REST API requests if LDAP was used along with HTTP basic authentication."

We don't use HTTP basic auth :)

But is now hashed in gerrit 2.14.

How can the HTTP passwords be hashed. The user wouldn't be able to view their own random password anymore...

Oh it's hashed so it isn't shown as plain text in the git repo.

demon added a comment.Mar 1 2017, 6:41 PM

That still doesn't make sense. How is it shown in the UI if it's hashed?

That still doesn't make sense. How is it shown in the UI if it's hashed?

It seems to show for me. But according to https://gerrit-review.googlesource.com/#/c/96370/ it's hashed. So maybe the backend?

demon added a comment.Mar 1 2017, 6:59 PM

That still doesn't make sense. How is it shown in the UI if it's hashed?

It seems to show for me. But according to https://gerrit-review.googlesource.com/#/c/96370/ it's hashed. So maybe the backend?

This is fucking bizarre...

Paladox added a comment.EditedMar 6 2017, 10:52 AM

@demon scratch that it seems the ui is broken now, see https://gerrit-review.googlesource.com/#/c/96370/ (bottom).

So we doint want to enable that config we should continue using ldap passwords for git clone over http.

See https://bugs.chromium.org/p/gerrit/issues/detail?id=5716

But apparently it is fixed in polygerrit or at least it works there but in gwt it seems broken.

I think there planing a .7 release this month.

Paladox added a comment.EditedMar 22 2017, 1:13 AM

Looks like 2.13.7 will be released really soon with some fixes for :)

https://gerrit-review.googlesource.com/#/c/100810/

demon added a comment.Mar 22 2017, 1:36 AM

The 2.13.4..2.13.7 diff looks good, we'll target it after I'm back from vacation.

Paladox renamed this task from Update gerrit to 2.13.6 to Update gerrit to 2.13.7.Mar 22 2017, 10:15 AM
Paladox updated the task description. (Show Details)
Paladox updated the task description. (Show Details)Mar 22 2017, 11:39 AM

@demon Upstream have a performance patch in 2.13 (merged after 2.13.7 was released) Should we cherry pick that when we upgrade to 2.13.7?

Looks like they are about to release gerrit 2.13.7

There looks to be a schema upgrade in the next 2.13.x release which might be 2.13.7. But it will be a performance upgrade as the h2 database is known to be slow if you keep opening connections to it they are now going to allow us to use the db :). https://gerrit-review.googlesource.com/#/c/103373/

Paladox renamed this task from Update gerrit to 2.13.7 to Update gerrit to 2.13.8.Apr 26 2017, 10:52 AM
Paladox updated the task description. (Show Details)

2.13.8 includes a schema upgrade + an performance improvement if we switch from h2 to mysql.

Should this task be closed in favor of T156120?

Nope, since i think they are going to upgrade to 2.13.8 then to 2.14.1 (when that's released, includes many, many bug fixes.)

Change 354485 had a related patch set uploaded (by Chad; owner: Chad):
[operations/debs/gerrit@master] gerrit (2.13.8 git1-wmf.1) jessie-wikimedia; urgency=medium

https://gerrit.wikimedia.org/r/354485

Change 354485 merged by Muehlenhoff:
[operations/debs/gerrit@master] gerrit (2.13.8 git1-wmf.1) jessie-wikimedia; urgency=medium

https://gerrit.wikimedia.org/r/354485

Mentioned in SAL (#wikimedia-operations) [2017-05-31T20:17:12Z] <RainbowSprinkles> gerrit: bringing offline for a few minutes for point release (2.13.4 -> 2.13.8, T158946)

Change 356480 had a related patch set uploaded (by Paladox; owner: Paladox):
[operations/debs/gerrit@master] Gerrit: Set ulimit's in gerrit.service

https://gerrit.wikimedia.org/r/356480

Change 356518 had a related patch set uploaded (by Paladox; owner: Paladox):
[operations/puppet@production] Gerrit: Add systemd service to base::service_unit

https://gerrit.wikimedia.org/r/356518

Change 356518 abandoned by Paladox:
Gerrit: Add systemd service to base::service_unit

https://gerrit.wikimedia.org/r/356518

Change 356480 merged by Muehlenhoff:
[operations/debs/gerrit@master] Gerrit: Set ulimit's in gerrit.service

https://gerrit.wikimedia.org/r/356480

demon closed this task as Resolved.Jun 6 2017, 10:01 PM
demon claimed this task.
Paladox removed a subscriber: gerritbot.
demon reopened this task as Open.Jun 7 2017, 12:26 AM

Rolled back because T152640.

Change 357524 had a related patch set uploaded (by Chad; owner: Chad):
[operations/debs/gerrit@master] gerrit (2.13.8 git1-wmf.5) jessie-wikimedia; urgency=medium

https://gerrit.wikimedia.org/r/357524

Change 357524 merged by Dzahn:
[operations/debs/gerrit@master] gerrit (2.13.8 git1-wmf.5) jessie-wikimedia; urgency=medium

https://gerrit.wikimedia.org/r/357524

Mentioned in SAL (#wikimedia-operations) [2017-06-08T18:42:52Z] <mutante> built gerrit_2.13.8+git1-wmf.5 on copper (T158946)

Mentioned in SAL (#wikimedia-operations) [2017-06-08T20:12:27Z] <mutante> imported gerrit_2.13.8+git1-wmf.5_amd64 on apt.wikimedia.org (T158946)

Dzahn added a subscriber: Dzahn.Jun 8 2017, 9:45 PM

The .5 version can now be installed. I simulated install on gerrit2001 and cobalt to confirm it's available but did not actually do it.

Inst gerrit [2.13.8+git1-wmf.4] (2.13.8+git1-wmf.5 Wikimedia:8/jessie-wikimedia [all])
Conf gerrit (2.13.8+git1-wmf.5 Wikimedia:8/jessie-wikimedia [all])

@Dzahn thanks, @demon did the upgrade on gerrit2001 pending to do it on cobalt :)

demon closed this task as Resolved.Jun 13 2017, 11:31 PM