I am banging my head around why spring cloud config is using ssh even when i try to provide https uri in the application.yaml. Here's my quick config file:
spring:
cloud:
config:
server:
git:
uri: https://github.com/myOrg/myRepo
skipSslValidation: true
username: ${GITHUB_USERNAME}
password: ${GITHUB_PASSWORD}
server:
port: 8888
ssl:
enabled: false
I would assume spring cloud config to use https to do this connection and clone the repo. Can someone help me understand why still it uses ssh and fails on auth(which is obvious as I don't provide any private key):
org.springframework.cloud.config.server.environment.NoSuchRepositoryException: Cannot clone or checkout repository: https://github.com/myOrg/myRepo
at org.springframework.cloud.config.server.environment...
Caused by: org.eclipse.jgit.api.errors.TransportException: git#github.com:myOrg/myRepo: Auth fail
....
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519) ~[jsch-0.1.55.jar:na]
at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:115) ~[org.eclipse.jgit.ssh.jsch-5.12.0.202106070339-r.jar:5.12.0.202106070339-r]
... 62 common frames omitted
My suspicion is that if https doesn't work, it tries via ssh. That's why it's using ssh. Has anyone faced issues like this?
Any help appreciated!
Answering my own question. Apparently, the fallback was due to the ~/.git folder in which ssh access was recommended. Deleting it solved the problem.
Related
I am using spring configuration server.
While setting up Kafka, I came across the fact that I need to somehow specify binary certificates
spring:
kafka:
ssl:
truststore:
location: /filepath/trust_cert.jks
password: 1234
keystore:
location: /filepath/keystore_cert.jks
password: 1234
Can I somehow put them on the configuration server, and in this case, what should I write to the config, where the path to the file is expected?
I really don’t want to manually upload them to each server, I would like the configuration server to give them
Of course, these urls must be protected, just like configuration server urls
I have a Spring-Boot application that use Spring Cloud Config and I'm trying to get the application's configuration file from Bitbucket. I was able to get the configuration file some time ago but now I'm getting an error when I try to access by config-server url.
application.yml:
server:
port: 8888
spring:
application:
name: config-server
cloud:
config:
server:
git:
password: ##########
username: ##########
uri: https://USERNAME#bitbucket.org/repositorios-closeup/cup-configuration-files
searchPaths: '{application}'
When I try to access the url the application is showing an error - NOT AUTHORIZED:
org.eclipse.jgit.api.errors.TransportException: https://USERNAME#bitbucket.org/repositorios-closeup/cup-configuration-files: not authorized
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:254) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar:5.1.3.201810200350-r]
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:306) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar:5.1.3.201810200350-r]
Does anybody know what is happening? I've already check all credentials and url on bitbucket.
I had to generate a Personal Access Token on my Github user settings. And use it, instead of the real password.
I know you mentioned Bitbucket, but I've got the same issue with Github instead. And that's how I solved the "Not authorized" message.
I want to add my contribution to this question. I hope it might help someone. #henriqueor answer was what helped me. As I've enabled SSH I needed to generate a Personal Access Token with all scopes granted. (As I'm a Junior Developer, I would need more time to investigate what scopes are necessary to avoid this error.)
Selected scopes: admin:enterprise, admin:gpg_key, admin:org, admin:org_hook, admin:public_key, admin:repo_hook, admin:ssh_signing_key, delete:packages, delete_repo, gist, notifications, project, repo, user, workflow, write:discussion, write:packages
I added the following command line. It worked for me.
spring.cloud.config.server.git.ignore-local-ssh-settings=true
This setting ignores the local ssh config.
I needed to change the authentication to use ssh instead of https.
I generated the ssh using this command:
sh-keygen -m PEM -t rsa -b 4096 -C 'bitbucket_username'
Imported the public key to bitbucket using this tutorial:
https://support.atlassian.com/bitbucket-cloud/docs/set-up-an-ssh-key/
And changed my application.yml to use the ssh-private-key:
cloud:
config:
server:
git:
uri: git#bitbucket.org:repositorios/configuration-files.git
searchPaths: '{application}'
ignore-local-ssh-settings: true
private-key: |
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
default-label: master
For BitBucket i had to create an App Password and put it in the spring.cloud.config.server.git.password property
BitBucket create App Passwords
I had this working on localhost about a month ago, but when I came back to the project, hitting the URL results in a "This site can’t provide a secure connection" error in the browser. For reference, I believe I had used this site as a guide to get it set up: https://www.thomasvitale.com/https-spring-boot-ssl-certificate/
I'm running the project with the bootRun Gradle task and the default embedded Tomcat server. The following configuration is set:
/grails-app/conf/application.yml
spring:
profiles: development
server:
port: 8092
ssl:
enabled: true
key-store: classpath:keystore.jks
key-store-password: password
key-store-type: pkcs12
key-alias: alias
key-password: password
The keystore is located at /src/main/resources/keystore.jks.
I don't see any errors in the console indicating any issues opening or accessing the keystore so I'm at a loss as to what might have changed. Is there a better guide than the one linked above that would give me other things to check for issues?
Eventually, I tried changing the password field to something I knew was not the password and the app started without errors. This led me to determine that the YAML file was not being picked up by bootRun. Removing the Spring profile config at the top of the YAML file then caused the app to error because of the incorrect password.
This led me to realize that somehow the active profile configuration in my Gradle bootRun task was reset. Adding -Dspring.profiles.active=development to the VM options fixes the problem.
I tried to use the method for using private key (that has passphrase and is added to ssh-agent from file) (according to this stack post):
spring:
cloud:
config:
server:
git:
uri: git#github.com-forApp:myorg/myrepo.git
search-paths: '{application}'
clone-on-start: true
private_key_file: ~/.ssh/id_rsa
but I keep getting
org.eclipse.jgit.api.errors.TransportException:
git#github.com:myorg/myrepo.git: USERAUTH fail
Do I have to do it exactly as doc says with pasting the key into config file or can one just point to the key file somehow?
EDIT
Actually it turns out that the private_key_file is not needed at all or ignored by Spring. But you need the ~/.ssh/config section pointing to private key to use:
Host github.com-forApp # used in spring uri
HostName github.com
User git
IdentityFile ~/.ssh/gitHubKey
I was able to replicate your behavior and resolved it with following. Let me know your thoughts.
USERAUTH fail is happening because you are not providing the passphrase for the RSA private key.(password for Basic Auth and passphrase for ssh private key)
spring:
cloud:
config:
server:
git:
uri: git#github.com:myorg/myrepo.git
search-paths: '{application}'
clone-on-start: true
passphrase: myprivatekeypassword
By default ~/.ssh/id_rsa is sent during GIT SSH Authentication(Test with command ssh -vT git#github.com. You don't need to specify it in configuration. Also, I am not sure whether private_key_file works or not, since I don't see any official documentation for it.
If you have different named RSA file under .ssh then I would advise to create config file under ~/.ssh/config with github host details and identify file.
Here is one example.
Host github.com
IdentityFile ~/.ssh/mygitid_rsa
Check this stack answer for more details which desired the configuration providing private key file path within config.
After going the number of SO threads and blogs and Spring cloud config documentation still, I couldn't find on how I can connect to remote GITLAB repository as I'm getting below error while starting the spring-cloud-config server.
Caused by: com.jcraft.jsch.JSchException: Auth fail
spring:
cloud:
config:
server:
git:
uri: git#private_gitlab_repo:project
search-paths: '{application}'
skip-ssl-validation: true
strict-host-key-checking: false
known-hosts-file: C:\Users\myname\.ssh\known_hosts
spring-boot :2.1.2.RELEASE
spring-cloud.version: Greenwich.RELEASE
OS: Windows-7
With the command prompt, I could able to interact with the GITLAB repository. I do have the SSH key generated and added the public key in GITLAB settings. Also, I do not have the option to use username and password to connect to GITLAB.
Any pointers on where I'm missing the configuration or steps?
Found that this is my IntelliJ idea IDE issue and when I try running the same project in command prompt it worked without any issues.