Hi everyone.

I've followed the 4.0.0 installation guide and have managed to successfully 
deploy several php and load balancer cartridges on an Openstack environment. 
However, a custom certificate is needed to access the private git repo I 
indicated as the artifact source  when deploying, and the cartridge agent is 
failing when trying to access this git repo.


I added the certificate to /etc/ssl/certs/ca-certificates.crt, and can then use 
git clone directly inside the cartridge instance with no problems. I tried 
adding the same certificate to the client-truststore.jks keystore and even to 
the wso2carbon.jks in the Apache Stratos VM, but I still get the following 
errors:


INFO CartridgeAgent Executing git checkout
2015-03-24 15:47:34,849 [-] [Thread-4]  INFO GitBasedArtifactRepository 
Initializing git context.
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository local 
path /var/www/
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository remote 
url <private repo URL redacted>
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository tenant 
-1234
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository Repo 
path returned : /var/www/
2015-03-24 15:47:34,935 [-] [Thread-4]  INFO GitBasedArtifactRepository caching 
repo context
2015-03-24 15:47:35,584 [-] [Thread-4] ERROR GitBasedArtifactRepository 
Accessing remote git repository failed for tenant -1234
org.eclipse.jgit.api.errors.TransportException: <private repo URL redacted>: 
not authorized
        at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
        at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:179)
        at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)


What's the best way to add a custom CA certificate to a cartridge so that it 
can access a private git repository that requires it?


Thank you for all your hard work

Ricardo Carvalho

Reply via email to