Tunneling Gerrit

Tunneling and Gerrit was a really interesting happening, as it wasn’t all clear how to do the following things

  • Allow cloning and interaction with Gerrit Git
  • Allow interaction with Gerrit’s web UI

The first part was easier than the second. So let’s look at the second first.

Allowing interaction with Gerrit’s web UI

In order to set this tunnel up you need to know the port it’s running at. This can be stuck in a few places, depending on your configuration. Most obvious places to look are

  • Apache site configuration
  • /etc/gerrit/gerrit.config

Mine was residing in the config, which said

[httpd]
    listenUrl = http://*:8080

This is something we can use when we set up our tunnel. The tunnel setup is a bit opaque, but the general gist is:

ssh -L [local port number]:[remote host where gerrit web is running]:[remote port where gerrit web is running] [username]@[remote host] -p [remote ssh port]

So, a command would look like this:

ssh -L 3333:cerberus:8080 john@doe.com -p 1234

After having done this and logged in you will be able to reach the web ui through:

http://localhost:3333

Make sure you add your local SSH key so you can interact with Gerrit Git.

In parallel you can/need to set up another tunnel to Gerrit, which usually runs on port 29418…

Allowing interaction with Gerrit Git

The port Gerrit runs on was found in the /etc/gerrit/gerrit.conf file, looking like this:

[sshd]
    listenAddress = *:24918

So let’s use this for setting up the Git tunnel. The command follows the same pattern as for tunnelling the Gerrit web UI:

ssh -L [local port number]:[remote host where gerrit web is running]:[remote port where gerrit web is running] [username]@[remote host] -p [remote ssh port]

And the final tunnel would be something like this:

ssh -L 29419:cerberus:29418 john@doe.com -p 1234

In order to interact properly with Gerrit Git through this tunnel, you would for instance clone a repo like this:

git clone ssh://[gerrit user]@localhost:[tunnel port]/[git repo]

And the command itself would be similar to:

git clone ssh://john@localhost:29419/doe.git

Good to know!

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.