3

I configured gerrit replication via

[remote "github"]
  url = git@github.com:MYUSERNAME/${name}.git
  push = +refs/heads/*:refs/heads/*
  push = +refs/tags/*:refs/tags/*
  timeout = 5
  replicationDelay = 0
  authGroup = Administrators

I can log in to github with the gerrit2 user as far as it is allowed from github site. Github is in the known hosts. However I get the following error:

[2013-06-04 20:04:54,472] ERROR com.googlesource.gerrit.plugins.replication.ReplicationQueue : Cannot replicate to git@github.com:MYUSERNAME/All-Projects.git
org.eclipse.jgit.errors.TransportException: git@github.com:MYUSERNAME/All-Projects.git: reject HostKey: github.com
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:142)
    at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:121)
    at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:248)
    at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:147)
    at com.googlesource.gerrit.plugins.replication.PushOne.listRemote(PushOne.java:409)
    at com.googlesource.gerrit.plugins.replication.PushOne.doPushAll(PushOne.java:357)
    at com.googlesource.gerrit.plugins.replication.PushOne.generateUpdates(PushOne.java:350)
    at com.googlesource.gerrit.plugins.replication.PushOne.pushVia(PushOne.java:298)
    at com.googlesource.gerrit.plugins.replication.PushOne.runImpl(PushOne.java:252)
    at com.googlesource.gerrit.plugins.replication.PushOne.runPushOperation(PushOne.java:207)
    at com.googlesource.gerrit.plugins.replication.PushOne.access$000(PushOne.java:71)
    at com.googlesource.gerrit.plugins.replication.PushOne$1.call(PushOne.java:186)
    at com.googlesource.gerrit.plugins.replication.PushOne$1.call(PushOne.java:183)
    at com.google.gerrit.server.util.RequestScopePropagator$5.call(RequestScopePropagator.java:222)
    at com.google.gerrit.server.util.RequestScopePropagator$4.call(RequestScopePropagator.java:201)
    at com.google.gerrit.server.git.PerThreadRequestScope$Propagator$1.call(PerThreadRequestScope.java:75)
    at com.googlesource.gerrit.plugins.replication.PushOne.run(PushOne.java:183)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
    at java.util.concurrent.FutureTask.run(FutureTask.java:138)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)
    at com.google.gerrit.server.git.WorkQueue$Task.run(WorkQueue.java:337)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
Caused by: com.jcraft.jsch.JSchException: reject HostKey: github.com
    at com.jcraft.jsch.Session.checkHost(Session.java:712)
    at com.jcraft.jsch.Session.connect(Session.java:313)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:116)
    ... 25 more

Similar problem for ssh access with

url = ssh://git@ssh.github.com:443/MYUSERNAME/${name}.git

[2013-06-04 21:22:06,072] ERROR com.googlesource.gerrit.plugins.replication.ReplicationQueue : Cannot replicate to ssh://git@ssh.github.com:443/MYUSERNAME/All-Projects.git
org.eclipse.jgit.errors.TransportException: ssh://git@ssh.github.com:443/MYUSERNAME/All-Projects.git: reject HostKey: ssh.github.com
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:142)
    at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:121)
    at org.eclipse.jgit.transport.TransportGitSsh$SshFetchConnection.<init>(TransportGitSsh.java:248)
    at org.eclipse.jgit.transport.TransportGitSsh.openFetch(TransportGitSsh.java:147)
    at com.googlesource.gerrit.plugins.replication.PushOne.listRemote(PushOne.java:409)
    at com.googlesource.gerrit.plugins.replication.PushOne.doPushAll(PushOne.java:357)
    at com.googlesource.gerrit.plugins.replication.PushOne.generateUpdates(PushOne.java:350)
    at com.googlesource.gerrit.plugins.replication.PushOne.pushVia(PushOne.java:298)
    at com.googlesource.gerrit.plugins.replication.PushOne.runImpl(PushOne.java:252)
    at com.googlesource.gerrit.plugins.replication.PushOne.runPushOperation(PushOne.java:207)
    at com.googlesource.gerrit.plugins.replication.PushOne.access$000(PushOne.java:71)
    at com.googlesource.gerrit.plugins.replication.PushOne$1.call(PushOne.java:186)
    at com.googlesource.gerrit.plugins.replication.PushOne$1.call(PushOne.java:183)
    at com.google.gerrit.server.util.RequestScopePropagator$5.call(RequestScopePropagator.java:222)
    at com.google.gerrit.server.util.RequestScopePropagator$4.call(RequestScopePropagator.java:201)
    at com.google.gerrit.server.git.PerThreadRequestScope$Propagator$1.call(PerThreadRequestScope.java:75)
    at com.googlesource.gerrit.plugins.replication.PushOne.run(PushOne.java:183)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
    at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
    at java.util.concurrent.FutureTask.run(FutureTask.java:138)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:98)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:206)
    at com.google.gerrit.server.git.WorkQueue$Task.run(WorkQueue.java:337)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
Caused by: com.jcraft.jsch.JSchException: reject HostKey: ssh.github.com
    at com.jcraft.jsch.Session.checkHost(Session.java:712)
    at com.jcraft.jsch.Session.connect(Session.java:313)
    at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:116)
    ... 25 more
user1078195
  • 105
  • 2
  • 5
  • If your problem is not about the All-Projects.git, please check if it's really the exact same message for the other projects. – StephenKing Jun 07 '13 at 06:09

2 Answers2

5

Log in (via SSH) as the user under which Gerrit is running.

I recommend you to set up a ~/.ssh/config for the Gerrit user like this:

Host github.com
    User git
    IdentityFile /path/to/the/private/key
    StrictHostKeyChecking no
    UserKnownHostsFile /dev/null

This sets up your SSH key ignores warnings about the (initially) unknown host.

If you can then connect via ssh github.com, we're almost there. Then try to clone the Github repository using the SSH URL.

Afterwards let Gerrit try to replicate again.

Plus then I would recommend to remove the authGroup setting from the replication.config.

StephenKing
  • 36,187
  • 11
  • 83
  • 112
  • thanks very much! I have GitLab docker installed with mapping 2289 to 22. With this config, my Gerrit's replication plugin can replicate changes to GitLab. – runitao Apr 13 '17 at 05:04
  • This solution isnt working for my case, However, in my case instead of github its gitolite. I have setup this ~/.ssh/config and still fails with the same stacktrace. – Raghavendra Pathi Aug 02 '17 at 12:57
  • That's a pity to hear. You're free to ask this as a separate question. – StephenKing Aug 02 '17 at 12:59
  • please see the question here https://stackoverflow.com/questions/45462161/gerrit-replicating-to-gitolite-fails – Raghavendra Pathi Aug 07 '17 at 13:56
1

Create a group "Github Export" and give this group read access only to the repos you want to export (or explicitly deny read access for All-Projects, which is kind of a meta project carrying only settings inherited by other projects). When you then set the authGroup = Github Export, only repos to which this group has access are exported.

Please keep in mind that since Gerrit 2.5 the group has to be visible to all members (it's a setting of the group), caused by extracting that functionality into a plugin. See the Gerrit list archive for that.

One other idea might be to use this not yet merged patch, which allows you to set patterns for what repos you want to replicate to a certain remote.

The last option would be to simply ignore this error message. Replication of other repos can still work fine.

StephenKing
  • 36,187
  • 11
  • 83
  • 112
  • Unfortunately this did not help. I think to problem is not related to the security groups. The problem appears with real projects as well. – user1078195 Jun 06 '13 at 12:41
  • The authGroup would only help you to prevent replication errors of repos that are not on gitub. – StephenKing Jun 07 '13 at 05:59