Spring Cloud Config Server unable to connect to private git repositories - spring

I am using the following helm chart https://hub.helm.sh/charts/kiwigrid/spring-cloud-config-server to deploy the spring cloud config server in my Kubernetes cluster. It works fine if I give a public repository but fails with the following error git-upload-pack not found: Not Found when given the private repository. I have checked my credentials and the one's I am passing are correct, the same shows up when I do a kubectl get secrets <secret> -o yaml
command used to install:
helm install spring-config kiwigrid/spring-cloud-config-server --version 0.1.0 --set config.gitUri=<git repo> --set secrets.gitUsername=<base64 encoded> --set secrets.gitPassword=<base64 encoded> --set service.type=NodePort
ERROR LOG:
2020-09-21 12:42:28.688 WARN 1 --- [nio-8888-exec-1] .c.s.e.MultipleJGitEnvironmentRepository : Error occured cloning to base directory.
org.eclipse.jgit.api.errors.TransportException: http://xxxxxx/demo/java_demo:
http://xxxxx/demo/java_demo/git-upload-pack not found: Not Found
at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:254) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:306) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:200) ~[org.eclipse.jgit-5.1.3.201810200350-r.jar!/:5.1.3.201810200350-r]
at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.cloneToBasedir(JGitEnvironmentRepository.java:589) [spring-cloud-config-server-2.1.3.RELEASE.jar!/:2.1.3.RELEASE]
at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.copyRepository(JGitEnvironmentRepository.java:564) [spring-cloud-config-server-2.1.3.RELEASE.jar!/:2.1.3.RELEASE]
at org.springframework.cloud.config.server.environment.JGitEnvironmentRepository.createGitClient(JGitEnvironmentRepository.java:547) [spring-cloud-config-server-2.1.3.RELEASE.jar!/:2.1.3.RELEASE]
I am using gitlab as my code repository and it is HTTP. when I googled the error it says user might not have push/pull permissions but am able to do the same from cli with the same credentials that I have passed here. I am also able to access the git repository from UI.


I got this to work by adding .git at the end of my repo name. For GitHub it was working when I gave just the repo name but if you are using GitLab give the .git extension at the end of your repo name.

Related

Nexus helm proxy repo

Have a quick question on helm setup... I created a repo (helm-proxy) on Nexus and tried to add the repo via helm client but got this error " Error: looks like "http://xxxxx:8081/repository/helm-proxy/" is not a valid chart repository or cannot be reached: failed to fetch http://3.231.230.88:8081/repository/helm-proxy/index.yaml : 404 Not Found...
I dont find any issues in adding the helm hosted repo as the index.html got created along with the repo creation but helm-proxy rep there is no index.html... Any help on this ?

Make sure that the value of the Location of the remote repository being proxied (URL-value) in your proxy configuration is correct.
correct means it works with URL-value/index.yaml
It has nothing to do with helm-hosted as helm-hosted generates its own index.yaml on creating it.

Jenkinsx - Production promote failing due to connection refused error

I am trying to build a CI/CD pipeline on GKE. But the promotion from staging to production is failing due to connection refused error.
To resolve the issue, I referred the solution suggested at https://github.com/jenkins-x/jx/issues/469 by updating the version of exposecontroller. Still, it is not resolved.
I could see the error like this:
+ jx step helm build
{"level":"warning","msg":"No $CHART_REPOSITORY defined so using the default value of: http://jenkins-x-chartmuseum:8080\n","time":"2019-04-17T01:17:40Z"}
{"level":"info","msg":"Adding missing Helm repo: chartmuseum.jenkins-x.io http://chartmuseum.jenkins-x.io\n","time":"2019-04-17T01:17:42Z"}
{"level":"info","msg":"Successfully added Helm repository chartmuseum.jenkins-x.io.\n","time":"2019-04-17T01:17:43Z"}
{"level":"info","msg":"Adding missing Helm repo: jenkins-x-chartmuseum:8080 http://jenkins-x-chartmuseum:8080\n","time":"2019-04-17T01:17:43Z"}
{"level":"info","msg":"Successfully added Helm repository jenkins-x-chartmuseum:8080.\n","time":"2019-04-17T01:17:43Z"}
error: failed to build the dependencies of chart '.': failed to run 'helm dependency build' command in directory '.', output: 'Hang tight while we grab the latest from your chart repositories...
...Unable to get an update from the "local" chart repository (http://127.0.0.1:8879/charts):
Get http://127.0.0.1:8879/charts/index.yaml: dial tcp 127.0.0.1:8879: connect: connection refused
Is there anything I am missing? How can I fix this issue? Thanks in advance!

whats the output of the pipeline running on the production git repository?
if you want to try promote locally from your laptop you need to ensure that your helm has the remote repository for your chart museum so it can find the charts you've released (the dependencies helm is talking about) that are listed in env/requirements.yaml in the production git repository.
try jx open to see the URL of your chart museum then run
helm repo add myservices $ChartMuseumURL

fabric8 -how to deploy deploy with gitk keys and create new projects in google cloud

I am working in google cloud with kubernetes and deployed the cluster like in the examples
i downloaded gofabric8-0.4.42-darwin-amd64.tar.gz and deploy it and i am running into a few issues:
i cant create new projects -> The last operation resulted in the following error: Unauthorized with no errors in the log
link to question :
fabric8 -The last operation resulted in the following error: Unauthorized
how can i deploy fabric8 with ssh key to my git ?
note:i am working with gitlab
LOGS:
Error occurred during error handling, give up!
org.apache.cxf.interceptor.Fault: Failed to command remote repo git#:backend/bash-parser.git due: ssh://git#:22: org.eclipse.jgit.transport.CredentialItem$YesNoType:The authenticity of host '' can't be established.
RSA key fingerprint is 46:24:24:04:ca:83:62:33:0c:c0:85:4e:21:ea:4d:fa.
Are you sure you want to continue connecting?
at org.apache.cxf.service.invoker.AbstractInvoker.createFault(AbstractInvoker.java:162)[cxf-core-3.1.6.jar:3.1.6]
at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:128)[cxf-core-3.1.6.jar:3.1.6]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:189)[cxf-rt-frontend-jaxrs-3.1.6.jar:3.1.6]
at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99)[cxf-rt-frontend-jaxrs-3.1.6.jar:3.1.6]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)[cxf-core-3.1.6.jar:3.1.6]
at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)[cxf-core-3.1.6.jar:3.1.6]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)[cxf-core-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)[cxf-core-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:298)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:217)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)[servlet-api-3.1.jar:3.1.0]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:273)[cxf-rt-transports-http-3.1.6.jar:3.1.6]
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:837)[jetty-servlet-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:583)[jetty-servlet-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)[jetty-security-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)[jetty-servlet-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.Server.handle(Server.java:524)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:319)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:253)[jetty-server-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:273)[jetty-io-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)[jetty-io-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)[jetty-io-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)[jetty-util-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)[jetty-util-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)[jetty-util-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)[jetty-util-9.3.10.v20160621.jar:9.3.10.v20160621]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)[jetty-util-9.3.10.v20160621.jar:9.3.10.v20160621]
at java.lang.Thread.run(Thread.java:745)[:1.8.0_91]

See the separate question for where we can answer that one
To import a project from your own git repository you will need to create a Secret in your users namespace (e.g. in the user-secrets-source-admin namespace) to contain your SSH key, user/password or github user and token.
Then when you import the project (via Team -> Team Dashboard -> Create Application -> Import from Git) after you've supplied the git URL you can select the Secret you wish to use with your git repository so that the git repository can be cloned & edited.
Its a little easier to use HTTPS URLS with git repository as you can then just use user/passwords - or better - use user name + tokens from (say) github. But if you use a ssh based URL for a git repo then you'll have to import your public + private keys into the Secret.

gcloud init fails for invalid username/password

I am trying to gain access to the embedded git repository for an existing Google Developers Console (GDC) project. The GDC shows the git repository under -SOURCE CODE-Releases. I followed the official gcloud installation instructions to the point:
gcloud auth login /* pulls up browser and does authentication just fine */
gcloud config set project <project>
gcloud init <project>
The latter always results in the following (replacing actual project name with 'fishbone'):
$gcloud init fishbone
Initialized gcloud directory in [/Users/dummy/Workspace/fishbone/.gcloud].
Cloning [https://source.developers.google.com/p/fishbone/r/default] into [default].
Initialized empty Git repository in /Users/dummy/Workspace/fishbone/default/.git/
fatal: remote error: Invalid username/password.
You may need to use your OAuth token password; Note that generated google.com passwords are not compatible with private repositories
ERROR: Unable to initialize project [fishbone], cleaning up [/Users/dummy/Workspace/fishbone].
ERROR: (gcloud.init) Could not fetch repository.
Only on the very first installation of the SDK (re-tried more than once now), I remember gcloud init asking for a username. Never again after this. Mac OS X 10.9.3 and:
$git --version
$git version 1.8.5.2 (Apple Git-48)
I am aware of this related gcloud init issue, but it's not this. Help greatly appreciated.

Go to https://console.developers.google.com/project/your-project-id > Source Code > Browse > Find this line : "Alternatively, instead of using the Google Cloud SDK to manage your authentication, you can manually generate your Git credentials by following this link." > Click "following this link" and you can see your git password. As you can see in your error, google password are not compatible with private repositories. Now you can :
Use your gmail and git password above to clone reposite.
Or create .netrc file at your home folder and add : "machine source.developers.google.com login your-email#gmail.com password 1/abxxxxxxxxxxxxxxxxxxxxxxx" to this file. It will not request your password again.

Just goto your Google Developer Console and click /
find the content like below
"Alternatively, instead of using the Google Cloud SDK to manage your authentication, you can manually generate your Git credentials by following this link."
and click "following this link" then follow the instructions on that page.
Thats all.

They moved the options to manually created Git credentials. The options are now under GCP -> (tools) Development -> Source Code
and under the options when cloning new or existing repos they give you the option to use gcloud or create your own credentials.
also below in screenshots

How do I access a private github repo from heroku?

I have a private repo that I'm trying to access when deploying to Heroku. However, Heroku doesn't let me clone the private repo, and gives me the following error (as i would expect):
Host key verification failed.
fatal: The remote end hung up unexpectedly
Git error: command `git clone
'git#github.com:pr/lm-models.git'
"/tmp/build_3r0z0znww0zda/vendor/bundle/ruby/1.9.1/cache/bundler/git/lm-models-aab025aaadbe07202b16e1db7505ae1726f8723a"
--bare --no-hardlinks` in directory /tmp/build_3r0z0znww0zda has failed.
!
! Failed to install gems via Bundler.
!
! Heroku push rejected, failed to compile Ruby/rails app
I have found this, but do not want to display my username/password in clear text:
Linking heroku app to a private(organization) github repo

This worked for me:
Generate a Github Access Token
In requirements.txt list private module as follows:
git+https://your_user_name:your_git_token#github.com/your_company/your_module.git

Heroku only supports HTTP(S) Basic authentication with Git out of the box. That's unfortunate as it means you'd need to add your credentials as part of the installation URL and commit that as plain text in your list of dependencies. For your app to support SSH keys instead, do the following:
Create a new SSH key which will be used by Heroku to access the GitHub repository. Choose a distinct name, e.g. id_rsa_heroku.
Add the public part of the key to your GitHub account (link to settings).
Use the heroku-buildpack-ssh-key: heroku buildpacks:add https://github.com/heroku/heroku-buildpack-ssh-key.git -i 1
Set the private part of the key as an environment variable for your Heroku app: heroku config:set BUILDPACK_SSH_KEY=$(cat ~/.ssh/id_rsa_heroku)
From this moment, Heroku should be able to access and download code from any private repositories you have access to.

You need to use username/password in the Gemfile, or vendor the dependency. You can also use Gemfury (assuming it's a gem):
https://devcenter.heroku.com/articles/git-submodules#vendoring
http://gembundler.com/v1.3/bundle_package.html
https://devcenter.heroku.com/articles/gemfury

Resources