Hi Ricardo, It's nice to hear that you were able to solve this problem. Thanks for sharing your experience!
Thanks On Fri, Mar 27, 2015 at 3:55 PM, Ricardo Carvalho < [email protected]> wrote: > Hi everyone. > > > So I ended up solving this problem, and it had nothing to do with > certificates or credentials. I double-checked the cartridge agent log, and > noticed that at least the username credential was being passed correctly, > but the AsyncDataPublisher was having trouble connecting to the main Apache > Stratos instance. > > > So back in the main Apache Stratos instance, I noticed in the > wso2carbon.log that the CEP agent had never started at all, because of this > exception: > > > java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not > available > > > Turns out I was running IBM Java, so I switched to Oracle Java and all > the problems went away. Should have paid more attention to my logs. > > > Thank you for all your help > > Ricardo Carvalho > ------------------------------ > *De:* Imesh Gunaratne <[email protected]> > *Enviado:* 27 de março de 2015 03:48 > > *Para:* dev > *Assunto:* Re: Cartridge deployment can't access private git repository > with custom CA certificate > > Hi Ricardo, > > This is how we send Git credentials to the instance: > > - We do not send Git credentials in the payload due to security reasons. > - Git password is encrypted using an auto-generated key. > - The above key is sent in the payload. > - Git credentials are sent in the Artifact Updated event. > - Cartridge agent listen to above event and execute the Git clone/pull. > > If you could share the cartridge agent log which might be located in > /var/logs/apache-stratos/ folder, we should be able to investigate this > further. > > Thanks > > On Thu, Mar 26, 2015 at 3:33 PM, Ricardo Carvalho < > [email protected]> wrote: > >> Hi Chamila >> >> >> Thanks for the suggestion, but the access is configured for HTTPS. The >> problem now is that I can't find the repo credentials anywhere in the >> payload, even when I try submiting them both through the web interface and >> the CLI tool. I also tried manually adding them to the .git/config file, >> but since that folder is constantly being overwritten by the Artifact >> Coordenator, all changes are overwritten. >> >> >> Any help is appreciated. >> >> Ricardo Carvalho >> ------------------------------ >> *De:* Chamila De Alwis <[email protected]> >> *Enviado:* 25 de março de 2015 15:36 >> >> *Para:* dev >> *Assunto:* Re: Cartridge deployment can't access private git repository >> with custom CA certificate >> >> Hi Ricardo, >> >> AFAIR in Stratos 4.0.0, only git clone over HTTPS is supported with >> Username and Password credentials. If it is possible please configure the >> git server for access over HTTPS. >> >> >> Regards, >> Chamila de Alwis >> Software Engineer | WSO2 | +94772207163 >> Blog: code.chamiladealwis.com >> >> >> >> On Wed, Mar 25, 2015 at 6:38 PM, Ricardo Carvalho < >> [email protected]> wrote: >> >>> Hi Imesh >>> >>> >>> Now that you mention it, I noticed there were no credentials in the >>> payload, both when I subscribed through the web interface and when I used >>> "subscribe-cartridge" in the command-line tool. >>> >>> >>> Should I just add them to the launch-params file in the cartridge >>> instance? Or am I missing something in configuring Apache Stratos? >>> >>> >>> Thank you for your support >>> >>> Ricardo Carvalho >>> ------------------------------ >>> *De:* Imesh Gunaratne <[email protected]> >>> *Enviado:* 25 de março de 2015 00:31 >>> *Para:* dev >>> *Assunto:* Re: Cartridge deployment can't access private git repository >>> with custom CA certificate >>> >>> Hi Ricardo, >>> >>> It's nice to hear that you are trying to use Stratos 4.0.0. >>> >>> I cannot recall whether we used a certificate to talk to the private >>> Git repository from Cartridge Agent but I know for sure that we need Git >>> repository credentials. Can you please check whether the Cartridge Agent >>> has received Git repository credentials in the payload? >>> >>> Thanks >>> >>> On Tue, Mar 24, 2015 at 11:19 PM, Ricardo Carvalho < >>> [email protected]> wrote: >>> >>>> Hi everyone. >>>> >>>> >>>> I've followed the 4.0.0 installation guide and have managed to >>>> successfully deploy several php and load balancer cartridges on an >>>> Openstack environment. However, a custom certificate is needed to access >>>> the private git repo I indicated as the artifact source when deploying, >>>> and the cartridge agent is failing when trying to access this git repo. >>>> >>>> >>>> I added the certificate to /etc/ssl/certs/ca-certificates.crt, and >>>> can then use git clone directly inside the cartridge instance with no >>>> problems. I tried adding the same certificate to the client-truststore.jks >>>> keystore and even to the wso2carbon.jks in the Apache Stratos VM, but I >>>> still get the following errors: >>>> >>>> >>>> INFO CartridgeAgent Executing git checkout >>>> 2015-03-24 15:47:34,849 [-] [Thread-4] INFO GitBasedArtifactRepository >>>> Initializing git context. >>>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>>> local path /var/www/ >>>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>>> remote url <private repo URL redacted> >>>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>>> tenant -1234 >>>> 2015-03-24 15:47:34,850 [-] [Thread-4] INFO GitBasedArtifactRepository >>>> Repo path returned : /var/www/ >>>> 2015-03-24 15:47:34,935 [-] [Thread-4] INFO GitBasedArtifactRepository >>>> caching repo context >>>> 2015-03-24 15:47:35,584 [-] [Thread-4] ERROR GitBasedArtifactRepository >>>> Accessing remote git repository failed for tenant -1234 >>>> org.eclipse.jgit.api.errors.TransportException: <private repo URL >>>> redacted>: not authorized >>>> at org.eclipse.jgit.api.FetchCommand.call(FetchCommand.java:137) >>>> at >>>> org.eclipse.jgit.api.CloneCommand.fetch(CloneCommand.java:179) >>>> at org.eclipse.jgit.api.CloneCommand.call(CloneCommand.java:125) >>>> >>>> >>>> What's the best way to add a custom CA certificate to a cartridge so >>>> that it can access a private git repository that requires it? >>>> >>>> >>>> Thank you for all your hard work >>>> >>>> Ricardo Carvalho >>>> >>> >>> >>> >>> -- >>> Imesh Gunaratne >>> >>> Technical Lead, WSO2 >>> Committer & PMC Member, Apache Stratos >>> >> >> > > > -- > Imesh Gunaratne > > Technical Lead, WSO2 > Committer & PMC Member, Apache Stratos > -- Imesh Gunaratne Technical Lead, WSO2 Committer & PMC Member, Apache Stratos
