← Back to team overview

openstack team mailing list archive

Re: Gerrit Review + SSH

 

On 04/04/2013 05:31 PM, Jeremy Stanley wrote:
On 2013-04-04 22:11:10 +0100 (+0100), Daniel P. Berrange wrote:
[...]
I don't know how hard it would be for OpenStack Infrastructure team
to officially make Gerrit available via port 443, in addition to the
normal SSH port.

We'd need to use different hostnames mapped to different IP
addresses since 443/tcp is already in use on review.openstack.org
for, well, HTTPS (the availability of fancy proxies which can
differentiate SSH from SSL/TLS notwithstanding--do those exist?).

The bigger question is whether it's worth the effort to maintain a
workaround like that... are there companies who want their employees
contributing to OpenStack development but won't grant those same
developers access to our code review system over the Internet? If
so, maybe some brave soul will take pity on them and set up a TCP
bounce proxy somewhere on port 443 to forward to port 29418 on our
Gerrit server for Git+SSH access on an alternate address and port. I
don't think that would need any sort of buy-off from our
Infrastructure Team (we can discuss if someone's actually interested
in setting it up), but probably wouldn't be "official" all the same.

I'm with Jeremy, I think putting work arrounds into infrastructure to deal with companies setting up their networks in completely uncollaborative ways, is just a slipperly slope to craziness.

It's probably worth documenting the services one needs to be able to effectively collaborate with the community on a wiki, to give folks something to take back to their IT depts and say "punch these holes, otherwise we can't do our jobs". A page on openstack.org about that would probably give them more leverage than figuring it out themselves.

	-Sean

--
Sean Dague
http://dague.net


Follow ups

References