Google is phasing out OpenID in favour of Oauth 2.0 with a deadline on 20th April, 2015 - just 10 days from today. A lot of projects depend on google auth, and can’t easily move to another OpenID provider. I recently had to fix this issue with Jenkins and Gerrit.
Jenkins has a great plugin available for this, which was a piece of cake to install and configure. But it wasn’t so easy with Gerrit. Lot of gerrit users have been asking for Oauth support since May last year; we got that finally when David Ostrovsky wrote gerrit-oauth-provider plugin.
I’ve listed the steps I followed below :
Get these from Google Developers Console, note down the
client id and
client secret. Ensure the redirect url is set to
Get the custom gerrit war file
There are a few gerrit changes the plugin needs that haven’t been merged yet. A custom war is available here with the plugin. Download this
gerrit-2.10.2-18-gc6c5e0b.war file to the new gerrit server.
Backup current gerrit data
Create tarballs of the data directories and dump postgres data (if postgres is being used)
old-gerrit~$ tar czpf gerrit.tar.gz /srv/gerrit/gerrit
old-gerrit~$ tar czpf repositories.tar.gz /srv/gerrit/repositories
old-gerrit~$ pg_dump -xO -Fc reviewdb > reviewdb-$(date +%d-%m-%Y).pdump
Restore data to new gerrit server
gerrit:/srv/gerrit$ tar xzpf repositories.tar.gz
gerrit:/srv/gerrit$ tar xzpf gerrit.tar.gz
Restore pg data
psql : ALTER USER gerrit WITH SUPERUSER;
$ dropdb reviewdb
$ createdb reviewdb -O gerrit
$ pg_restore -O -d reviewdb --role=gerrit reviewdb-20-03-2015.pdump
psql: ALTER USER gerrit WITH NOSUPERUSER;
Gerrit requires cascading migrations to be run for every major version released. For e.g to update from 2.5 to 2.10, we have to run the following
$ sudo su - gerrit -s /bin/bash
$ java -jar gerrit-220.127.116.11.war init -d gerrit
$ java -jar gerrit-2.9.4.war init -d gerrit
$ java -jar gerrit-2.9.4.war reindex --recheck-mergeable -d gerrit
For the custom jar migration be sure to configure the Oauth plugin
``` $ java -jar gerrit-2.10.1-4-a83387b.war init -d gerrit […] OAuth Authentication Provider
Use Google OAuth provider for Gerrit login ? [Y/n]?
Application client id :
$ java -jar gerrit-2.10.1-4-a83387b.war reindex -d gerrit ```
Switch old gerrit domain name to the new server
For automatic acount linking to work, the domain name must match the old server. Otherwise the OpenID accounts will not be linked with the new Oauth2 account.
Start gerrit server and confirm everything works
gerrit:/srv/gerrit$ ./bin/gerrit.sh start
Helpshift is an in-app mobile help desk designed to improve customer support efficiency by over 400% and reduce cost by over 70%. Our engineering team is committed to building a meticulously designed, solid SDK to improve customer retention for clients such as Flipboard, Supercell, and more . We are currently serving over 500 million app sessions weekly.
Learn more about us at Helpshift.com