Hi Chamila

Thanks for the suggestion, but the access is configured for HTTPS. The problem 
now is that I can't find the repo credentials anywhere in the payload, even 
when I try submiting them both through the web interface and the CLI tool. I 
also tried manually adding them to the .git/config file, but since that folder 
is constantly being overwritten by the Artifact Coordenator, all changes are 
overwritten.


Any help is appreciated.

Ricardo Carvalho

________________________________
De: Chamila De Alwis <chami...@wso2.com>
Enviado: 25 de março de 2015 15:36
Para: dev
Assunto: Re: Cartridge deployment can't access private git repository with 
custom CA certificate

Hi Ricardo,

AFAIR in Stratos 4.0.0, only git clone over HTTPS is supported with Username 
and Password credentials. If it is possible please configure the git server for 
access over HTTPS.


Regards,
Chamila de Alwis
Software Engineer | WSO2 | +94772207163<tel:%2B94772207163>
Blog: code.chamiladealwis.com<http://code.chamiladealwis.com>



On Wed, Mar 25, 2015 at 6:38 PM, Ricardo Carvalho 
<ricardo.carva...@identity.pt<mailto:ricardo.carva...@identity.pt>> wrote:

Hi Imesh


Now that you mention it, I noticed there were no credentials in the payload, 
both when I subscribed through the web interface and when I used 
"subscribe-cartridge" in the command-line tool.


Should I just add them to the launch-params file in the cartridge instance? Or 
am I missing something in configuring Apache Stratos?


Thank you for your support

Ricardo Carvalho

________________________________
De: Imesh Gunaratne <im...@apache.org<mailto:im...@apache.org>>
Enviado: 25 de março de 2015 00:31
Para: dev
Assunto: Re: Cartridge deployment can't access private git repository with 
custom CA certificate

Hi Ricardo,

It's nice to hear that you are trying to use Stratos 4.0.0.

I cannot recall whether we used a certificate to talk to the private Git 
repository from Cartridge Agent but I know for sure that we need Git repository 
credentials. Can you please check whether the Cartridge Agent has received Git 
repository credentials in the payload?

Thanks

On Tue, Mar 24, 2015 at 11:19 PM, Ricardo Carvalho 
<ricardo.carva...@identity.pt<mailto:ricardo.carva...@identity.pt>> wrote:

Hi everyone.


I've followed the 4.0.0 installation guide and have managed to successfully 
deploy several php and load balancer cartridges on an Openstack environment. 
However, a custom certificate is needed to access the private git repo I 
indicated as the artifact source  when deploying, and the cartridge agent is 
failing when trying to access this git repo.


I added the certificate to /etc/ssl/certs/ca-certificates.crt, and can then use 
git clone directly inside the cartridge instance with no problems. I tried 
adding the same certificate to the client-truststore.jks keystore and even to 
the wso2carbon.jks in the Apache Stratos VM, but I still get the following 
errors:


INFO CartridgeAgent Executing git checkout
2015-03-24 15:47:34,849 [-] [Thread-4]  INFO GitBasedArtifactRepository 
Initializing git context.
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository local 
path /var/www/
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository remote 
url <private repo URL redacted>
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository tenant 
-1234
2015-03-24 15:47:34,850 [-] [Thread-4]  INFO GitBasedArtifactRepository Repo 
path returned : /var/www/
2015-03-24 15:47:34,935 [-] [Thread-4]  INFO GitBasedArtifactRepository caching 
repo context
2015-03-24 15:47:35,584 [-] [Thread-4] ERROR GitBasedArtifactRepository 
Accessing remote git repository failed for tenant -1234
org.eclipse.jgit.api.errors.TransportException: <private repo URL redacted>: 
not authorized
        at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137)
        at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:179)
        at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125)


What's the best way to add a custom CA certificate to a cartridge so that it 
can access a private git repository that requires it?


Thank you for all your hard work

Ricardo Carvalho



--
Imesh Gunaratne

Technical Lead, WSO2
Committer & PMC Member, Apache Stratos

Reply via email to