Page MenuHomePhabricator

Work out how we are going to cut deploy branches without gerrit HTTP Token
Closed, ResolvedPublicSecurity

Event Timeline

Jdforrester-WMF removed zeljkofilipin as the assignee of this task.Mar 18 2019, 4:21 PM
Jdforrester-WMF created this task.
Jdforrester-WMF created this object with visibility "Public (No Login Required)".
Jdforrester-WMF created this object with edit policy "Custom Policy".
zeljkofilipin raised the priority of this task from Normal to Unbreak Now!.Mar 18 2019, 4:29 PM

Train blockers are UBN!

Restricted Application added subscribers: Liuxinyu970226, TerraCodes. · View Herald TranscriptMar 18 2019, 4:29 PM
thcipriani added a comment.EditedMar 19 2019, 12:36 AM

I've edited the setup section of the train docs to use ssh rather than http token auth. https://wikitech.wikimedia.org/wiki/Heterogeneous_deployment/Train_deploys#Setup

I think that after doing the key setup make-wmf-branch should work once again.

The key changes are

  1. Make a new key on the deployment host
  2. git config --global url.ssh://[GERRIT-USERNAME]@gerrit.wikimedia.org:29418.pushInsteadOf https://gerrit.wikimedia.org/r

Just to be clear, is the removal of the Gerrit HTTP token feature going to be a permanent change or just temporary? If this is a permanent thing I'll have to figure out how to modify libraryupgrader as well...

I've edited the setup section of the train docs to use ssh rather than http token auth. https://wikitech.wikimedia.org/wiki/Heterogeneous_deployment/Train_deploys#Setup

Thanks! As soon as Gerrit is up again, I'll test the documentation and resolve the task.

Just to be clear, is the removal of the Gerrit HTTP token feature going to be a permanent change or just temporary? If this is a permanent thing I'll have to figure out how to modify libraryupgrader as well...

I hope not. We definitely don't want to lose gerrit rest api in the long run.

zeljkofilipin closed this task as Resolved.Mar 20 2019, 12:02 AM
zeljkofilipin reassigned this task from zeljkofilipin to thcipriani.

Assigning to @thcipriani because he did all the work and resolving, because the documentation is now up to date. I was able to cut the branch.