Page MenuHomePhabricator
Create Task
Maniphest T351928

git over ssh is not working on GitLab test instance
Closed, ResolvedPublic
Actions

Description

Pushing and pulling over ssh is not working on the test gitlab instance:

git clone git@gitlab.devtools.wmcloud.org:repos/...
Cloning into ...
ssh: connect to host gitlab.devtools.wmcloud.org port 22: Connection timed out
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

ssh git@gitlab.devtools.wmcloud.org
ssh: connect to host gitlab.devtools.wmcloud.org port 22: Connection timed out

git-ssh uses a second interface which was configured together with Cloud team (to mimic production configuration). So this issue might need escalation to Cloud team. However the second address 172.16.7.146 is defined two times on the instance, with /21 and /32 netmask. So we should check the configuration of ens3 interface first before reaching out to Cloud.

See also discussion in T318521.

Related Objects

Event Timeline

Jelto created this task.Nov 24 2023, 12:40 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 24 2023, 12:40 PM
LSobanski subscribed.Nov 24 2023, 6:33 PM
LSobanski triaged this task as Medium priority.Nov 27 2023, 4:16 PM
LSobanski moved this task from Incoming to Backlog on the collaboration-services board.
Jelto closed this task as Resolved.Nov 28 2023, 10:50 AM
Jelto claimed this task.
Jelto added a subscriber: Dzahn.

As discussed in our last Monday meeting, I double checked bastion and ssh config. The test instance uses a public address which does not need a bastion host:

I also checked the security rules for GitLab in the project here:
https://horizon.wikimedia.org/project/security_groups/483603d7-51f8-491c-b1cf-175b4345ad97/
And on the test instance host gitlab-prod-1002

The test instance shows the following rules:

ALLOW IPv4 22/tcp from default
ALLOW IPv4 22/tcp from 172.16.0.0/21

Then I noticed one SSH rule was missing and the security group gitlab-ssh was not assigned to the instance. I re-assigned the security-group to the instance. After that cloning over SSH works again:

ssh git@gitlab.devtools.wmcloud.org 
Welcome to GitLab, @jelto!
Connection to gitlab.devtools.wmcloud.org closed

thanks again @Dzahn for the hint of double checking the security groups and bastion settings.

LSobanski awarded a token.Nov 28 2023, 12:33 PM
Dzahn awarded a token.Nov 28 2023, 3:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits