Hi Ricardo, This is how we send Git credentials to the instance:
- We do not send Git credentials in the payload due to security reasons. - Git password is encrypted using an auto-generated key. - The above key is sent in the payload. - Git credentials are sent in the Artifact Updated event. - Cartridge agent listen to above event and execute the Git clone/pull. If you could share the cartridge agent log which might be located in /var/logs/apache-stratos/ folder, we should be able to investigate this further. Thanks On Thu, Mar 26, 2015 at 3:33 PM, Ricardo Carvalho < ricardo.carva...@identity.pt> wrote: > Hi Chamila > > > Thanks for the suggestion, but the access is configured for HTTPS. The > problem now is that I can't find the repo credentials anywhere in the > payload, even when I try submiting them both through the web interface and > the CLI tool. I also tried manually adding them to the .git/config file, > but since that folder is constantly being overwritten by the Artifact > Coordenator, all changes are overwritten. > > > Any help is appreciated. > > Ricardo Carvalho > ------------------------------ > *De:* Chamila De Alwis <chami...@wso2.com> > *Enviado:* 25 de março de 2015 15:36 > > *Para:* dev > *Assunto:* Re: Cartridge deployment can't access private git repository > with custom CA certificate > > Hi Ricardo, > > AFAIR in Stratos 4.0.0, only git clone over HTTPS is supported with > Username and Password credentials. If it is possible please configure the > git server for access over HTTPS. > > > Regards, > Chamila de Alwis > Software Engineer | WSO2 | +94772207163 > Blog: code.chamiladealwis.com > > > > On Wed, Mar 25, 2015 at 6:38 PM, Ricardo Carvalho < > ricardo.carva...@identity.pt> wrote: > >> Hi Imesh >> >> >> Now that you mention it, I noticed there were no credentials in the >> payload, both when I subscribed through the web interface and when I used >> "subscribe-cartridge" in the command-line tool. >> >> >> Should I just add them to the launch-params file in the cartridge >> instance? Or am I missing something in configuring Apache Stratos? >> >> >> Thank you for your support >> >> Ricardo Carvalho >> ------------------------------ >> *De:* Imesh Gunaratne <im...@apache.org> >> *Enviado:* 25 de março de 2015 00:31 >> *Para:* dev >> *Assunto:* Re: Cartridge deployment can't access private git repository >> with custom CA certificate >> >> Hi Ricardo, >> >> It's nice to hear that you are trying to use Stratos 4.0.0. >> >> I cannot recall whether we used a certificate to talk to the private >> Git repository from Cartridge Agent but I know for sure that we need Git >> repository credentials. Can you please check whether the Cartridge Agent >> has received Git repository credentials in the payload? >> >> Thanks >> >> On Tue, Mar 24, 2015 at 11:19 PM, Ricardo Carvalho < >> ricardo.carva...@identity.pt> wrote: >> >>> Hi everyone. >>> >>> >>> I've followed the 4.0.0 installation guide and have managed to >>> successfully deploy several php and load balancer cartridges on an >>> Openstack environment. However, a custom certificate is needed to access >>> the private git repo I indicated as the artifact source when deploying, >>> and the cartridge agent is failing when trying to access this git repo. >>> >>> >>> I added the certificate to /etc/ssl/certs/ca-certificates.crt, and can >>> then use git clone directly inside the cartridge instance with no problems. >>> I tried adding the same certificate to the client-truststore.jks keystore >>> and even to the wso2carbon.jks in the Apache Stratos VM, but I still get >>> the following errors: >>> >>> >>> INFO CartridgeAgent Executing git checkout >>> 2015-03-24 15:47:34,849 [-] [Thread-4] INFO GitBasedArtifactRepository >>> Initializing git context. >>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>> local path /var/www/ >>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>> remote url <private repo URL redacted> >>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>> tenant -1234 >>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>> Repo path returned : /var/www/ >>> 2015-03-24 15:47:34,935 [-] [Thread-4] INFO GitBasedArtifactRepository >>> caching repo context >>> 2015-03-24 15:47:35,584 [-] [Thread-4] ERROR GitBasedArtifactRepository >>> Accessing remote git repository failed for tenant -1234 >>> org.eclipse.jgit.api.errors.TransportException: <private repo URL >>> redacted>: not authorized >>> at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137) >>> at org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:179) >>> at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125) >>> >>> >>> What's the best way to add a custom CA certificate to a cartridge so >>> that it can access a private git repository that requires it? >>> >>> >>> Thank you for all your hard work >>> >>> Ricardo Carvalho >>> >> >> >> >> -- >> Imesh Gunaratne >> >> Technical Lead, WSO2 >> Committer & PMC Member, Apache Stratos >> > > -- Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos