本人安装环境如下:
gerrit安装版本:v2.16
gerrit安装目录:~/review_site
gerrit的project目录:~/review_site/gitRepo
gerrit的管理员:admin
当在gerrit的error_log中发现有如下问题时:
[2019-06-04 09:15:57,396] [HTTP-214] ERROR com.google.gerrit.httpd.auth.container.HttpLoginServlet : Unable to authenticate user "youname" com.google.gerrit.server.account.AccountException: Cannot assign external ID "username:youname" to account 1000004; external ID already in use.
引起原因:创建用户的顺序错了,通过以下顺序创建新用户时,会出现上边的错误
- ssh -p 29418 admin@localhost gerrit create-account --group youProjectGroup --full-name youname --email youname@@corp.to8to.com --http-password youpasswd youname
- htpasswd -b youname youpasswd
- 使用用户名:youname,密码:youpasswd,登录gerrit时,出现http的403错误
因为,在用create-account命令创建新用户时,会在gerrit中,生成对应的用户名与email的用户externalId,
记住,后续正确的创建新用户的顺序是:
sudo htpasswd -b ~/review_site/passwords youname youpasswd//创建帐号
sudo ssh -p 29418 admin@localhost gerrit set-account --add-email youname@corp.to8to.com youname //设置youname 普通用户的邮箱
用htpasswd命令创建HTTP认证时,并没有在gerrit数据库中创建账号信息,当第一次登陆成功后,gerrit会自动创建同名的gerrit用户。
注意:文中提到的youname、youpasswd、youProjectGroup,是你实际使用的名称,这里我为了说明问题,做了替换
已经发生,如何解决这个问题呢?
1、gerrit的用户信息管理
gerrit在安装成功后,会提供两个默认项目All-Users.git 和 All-Projects.git,其中All-Users.git就是管理用户的工程。在gerrit的帮助中,提供了有关External IDs的信息,如下:
External IDs are stored as Git Notes in the All-Users repository. The name of the notes branch is refs/meta/external-ids.
2、使用gerrit的管理员账户,进行如下操作
git clone ./review_site/gitRepo/All-Users.git/ All-Users
git fetch origin refs/meta/external-ids:refs/meta/external-ids //获取External IDs的分支
git checkout refs/meta/external-ids
git log
会发现如下:
gerrit@ubuntu:~/tmp/All-Users $ git log
commit fa89bc7791e1dfd3fb6c595b3cf9969a0b60beaa
Author: jenkis.app <jenkis.app@corp.to8to.com>
Date: Tue Jun 4 09:13:45 2019 +0800
Create Account via API
Account: 1000003
Email: youname@corp.to8to.com
commit e7cf5dca238a181ba1107cfd497e6b915fa21387
Author: Gerrit Code Review <gerrit@ubuntu>
Date: Mon Jun 3 17:23:44 2019 +0800
Link External ID
Account: 1000000
Email: jenkis.app@corp.to8to.com
commit 4298c11a5cbf9d213cf1691f36110aaa0f5bbeeb
Author: Gerrit Code Review <gerrit@ubuntu>
Date: Mon Jun 3 12:04:48 2019 +0800
Create Account on First Login
Account: 1000001
commit 02d76fb82d35b18c669b006d215c15d27ffef5da
Author: Gerrit Code Review <gerrit@ubuntu>
Date: Fri May 31 21:00:10 2019 +0800
Create Account on First Login
Account: 1000000
上边commit为:fa89bc7791e1dfd3fb6c595b3cf9969a0b60beaa,就是通过 create-account命令创建新用户时,生成的用户信息
git show fa89bc7791e1dfd3fb6c595b3cf9969a0b60beaa
使用git show查看有哪些文件在这次提交中产生。
gerrit@ubuntu:~/tmp/All-Users $ git show fa89bc7791e1dfd3fb6c595b3cf9969a0b60beaa
commit fa89bc7791e1dfd3fb6c595b3cf9969a0b60beaa
Author: jenkis.app <jenkis.app@corp.to8to.com>
Date: Tue Jun 4 09:13:45 2019 +0800
Create Account via API
Account: 1000003
Email: youname@corp.to8to.com
diff --git a/26bc754712fae1343ffb1498ee735892794032a0 b/26bc754712fae1343ffb1498ee735892794032a0
new file mode 100644
index 0000000..3fb7151
--- /dev/null
+++ b/26bc754712fae1343ffb1498ee735892794032a0
@@ -0,0 +1,3 @@
+[externalId "username:youname"]
+ accountId = 1000003
+ password = bcrypt:4:E/kphgevoGE2AkOrv1Elzw==:ecXxXHLJ6S2A+7UR7ItNDQz6Fzcw/IDp
diff --git a/521dd9a3899b76a3e30b8b991c9a8b71da16b2b7 b/521dd9a3899b76a3e30b8b991c9a8b71da16b2b7
new file mode 100644
index 0000000..4980ab1
--- /dev/null
+++ b/521dd9a3899b76a3e30b8b991c9a8b71da16b2b7
@@ -0,0 +1,3 @@
+[externalId "mailto:youname@corp.to8to.com"]
+ accountId = 1000003
+ email = youname@corp.to8to.com
发现是:26bc754712fae1343ffb1498ee735892794032a0 与 521dd9a3899b76a3e30b8b991c9a8b71da16b2b7
那问题就简单了,直接删除这两个文件,git push
rm 26bc754712fae1343ffb1498ee735892794032a0
rm 521dd9a3899b76a3e30b8b991c9a8b71da16b2b7
git add .
git commit -am "remove user youname "
git push origin HEAD:refs/meta/external-ids
注意最后还有一步,更新引用,应用到 NoteDb
git update-ref refs/meta/external-ids $(git rev-parse HEAD)
再次登录gerrit,http的403问题解决了,done!
网友评论