stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ricardo Carvalho <Ricardo.Carva...@identity.pt>
Subject Cartridge deployment can't access private git repository with custom CA certificate
Date Tue, 24 Mar 2015 17:49:13 GMT
Hi everyone.


I've followed the 4.0.0 installation guide and have managed to successfully deploy several
php and load balancer cartridges on an Openstack environment. However, a custom certificate
is needed to access the private git repo I indicated as the artifact source  when deploying,
and the cartridge agent is failing when trying to access this git repo.


I added the certificate to /etc/ssl/certs/ca-certificates.crt, and can then use git clone
directly inside the cartridge instance with no problems. I tried adding the same certificate
to the client-truststore.jks keystore and even to the wso2carbon.jks in the Apache Stratos
VM, but I still get the following errors:


INFO CartridgeAgent Executing git checkout
2015-03-24 15:47:34,849 [-] [Thread-4]  INFO GitBasedArtifactRepository Initializing git context.
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository local path /var/www/
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository remote url <private
repo URL redacted>
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository tenant -1234
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository Repo path returned
: /var/www/
2015-03-24 15:47:34,935 [-] [Thread-4]  INFO GitBasedArtifactRepository caching repo context
2015-03-24 15:47:35,584 [-] [Thread-4] ERROR GitBasedArtifactRepository Accessing remote git
repository failed for tenant -1234
org.eclipse.jgit.api.errors.TransportException: <private repo URL redacted>: not authorized
        at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
        at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:179)
        at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)


What's the best way to add a custom CA certificate to a cartridge so that it can access a
private git repository that requires it?


Thank you for all your hard work

Ricardo Carvalho

Mime
View raw message