stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chamila De Alwis <chami...@wso2.com>
Subject Re: Cartridge deployment can't access private git repository with custom CA certificate
Date Wed, 25 Mar 2015 15:36:18 GMT
Hi Ricardo,

AFAIR in Stratos 4.0.0, only git clone over HTTPS is supported with
Username and Password credentials. If it is possible please configure the
git server for access over HTTPS.


Regards,
Chamila de Alwis
Software Engineer | WSO2 | +94772207163
Blog: code.chamiladealwis.com



On Wed, Mar 25, 2015 at 6:38 PM, Ricardo Carvalho <
Ricardo.Carvalho@identity.pt> wrote:

>  Hi Imesh
>
>
>  Now that you mention it, I noticed there were no credentials in the
> payload, both when I subscribed through the web interface and when I used
> "subscribe-cartridge" in the command-line tool.
>
>
>  Should I just add them to the launch-params file in the cartridge
> instance? Or am I missing something in configuring Apache Stratos?
>
>
>  Thank you for your support
>
> Ricardo Carvalho
>  ------------------------------
> *De:* Imesh Gunaratne <imesh@apache.org>
> *Enviado:* 25 de março de 2015 00:31
> *Para:* dev
> *Assunto:* Re: Cartridge deployment can't access private git repository
> with custom CA certificate
>
>  Hi Ricardo,
>
>  It's nice to hear that you are trying to use Stratos 4.0.0.
>
>  I cannot recall whether we used a certificate to talk to the private Git
> repository from Cartridge Agent but I know for sure that we need Git
> repository credentials. Can you please check whether the Cartridge Agent
> has received Git repository credentials in the payload?
>
>  Thanks
>
> On Tue, Mar 24, 2015 at 11:19 PM, Ricardo Carvalho <
> Ricardo.Carvalho@identity.pt> wrote:
>
>>  Hi everyone.
>>
>>
>>  I've followed the 4.0.0 installation guide and have managed to
>> successfully deploy several php and load balancer cartridges on an
>> Openstack environment. However, a custom certificate is needed to access
>> the private git repo I indicated as the artifact source  when deploying,
>> and the cartridge agent is failing when trying to access this git repo.
>>
>>
>>  I added the certificate to /etc/ssl/certs/ca-certificates.crt, and can
>> then use git clone directly inside the cartridge instance with no problems.
>> I tried adding the same certificate to the client-truststore.jks keystore
>> and even to the wso2carbon.jks in the Apache Stratos VM, but I still get
>> the following errors:
>>
>>
>>  INFO CartridgeAgent Executing git checkout
>> 2015-03-24 15:47:34,849 [-] [Thread-4]  INFO GitBasedArtifactRepository
>> Initializing git context.
>> 2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository
>> local path /var/www/
>> 2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository
>> remote url <private repo URL redacted>
>> 2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository
>> tenant -1234
>> 2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository
>> Repo path returned : /var/www/
>> 2015-03-24 15:47:34,935 [-] [Thread-4]  INFO GitBasedArtifactRepository
>> caching repo context
>> 2015-03-24 15:47:35,584 [-] [Thread-4] ERROR GitBasedArtifactRepository
>> Accessing remote git repository failed for tenant -1234
>> org.eclipse.jgit.api.errors.TransportException: <private repo URL
>> redacted>: not authorized
>>         at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
>>         at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:179)
>>         at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)
>>
>>
>>  What's the best way to add a custom CA certificate to a cartridge so
>> that it can access a private git repository that requires it?
>>
>>
>>  Thank you for all your hard work
>>
>> Ricardo Carvalho
>>
>
>
>
>  --
>  Imesh Gunaratne
>
> Technical Lead, WSO2
> Committer & PMC Member, Apache Stratos
>

Mime
View raw message