Bug 1390295

Fixed in https://github.com/jenkinsci/openshift-sync-plugin/pull/14, will be in next release.

Available now in latest Jenkins RHEL image - please retest.

Test with 
brew-pulp.../openshift3/jenkins-2-rhel7     d126876bf60a  
brew-pulp.../openshift3/jenkins-1-rhel7     dc04c4ed570b
openshift-login	   0.9
openshift-pipeline 1.0.33
openshift-sync     0.0.17

openshift v3.4.0.25+1f36858
kubernetes v1.4.0+776c994
etcd 3.1.0-rc.0

Steps:
1.Create a git server
 $ oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/gitserver/gitserver-ephemeral.yaml
2.Change git auth in dc/git
 "name: REQUIRE_GIT_AUTH
  value: <username>:<password> "
3.Git clone a repo included jenkinsfile, then push to git server
 $ git clone https://github.com/openshift-qe/jenkins-pipeline-ruby-test
4.Create secret with username and password.
 $ oc secret new-basicauth mysecret --username=<username>  --password=<password>
5.Edit sample-pipeline pipeline application to use private repo
 $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/samplepipeline.json
 $ oc edit bc sample-pipeline
  ...
  "source": {
       "git": {
         "uri": "http://git:8080/ruby-hello-world.git"
       },
        "sourceSecret":  { "name": "mysecret" },
 ...
6.Start build, check build status

Actual result: build failed
jenkins log:
OpenShift Build dyanv1/sample-pipeline-4 from http://git:8080/jenkins-pipeline-ruby-test.git
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url http://git:8080/jenkins-pipeline-ruby-test.git # timeout=10
Fetching upstream changes from http://git:8080/jenkins-pipeline-ruby-test.git
 > git --version # timeout=10
using GIT_ASKPASS to set credentials dyanv1-mysecret
 > git fetch --tags --progress http://git:8080/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
 > git rev-parse origin/master^{commit} # timeout=10
ERROR: Couldn't find any revision to build. Verify the repository and branch configuration for this job.
Finished: FAILURE

If I use route url in bc source field, like:
 "source": {
       "git": {
         "uri": "http://git-dyanv1.1114-txe.qe.rhcloud.com/ruby-hello-world.git"
       }

build still failed, jenkins log:
OpenShift Build dyanv1/sample-pipeline-3 from http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git # timeout=10
Fetching upstream changes from http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git
 > git --version # timeout=10
using GIT_ASKPASS to set credentials dyanv1-mysecret
 > git fetch --tags --progress http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1051)
	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1082)
	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
	at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:108)
	at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:57)
	at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:214)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:410)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git/': Failed connect to git-dyanv1.1114-txe.qe.rhcloud.com:80; Operation now in progress

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1752)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1495)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:64)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:315)
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:795)
	... 8 more
ERROR: null
Finished: FAILURE

I have added log recorder for `io.fabric8` & `okhttp3` , no error output

@dyan The error message doesn't show this is a problem with the sync plugin:

`Failed connect to git-dyanv1.1114-txe.qe.rhcloud.com:80; Operation now in progress`

Are you sure that route address is resolvable from the Jenkins pod?

I have just run through the exact steps from above locally and works correctly. The build log looks like:

> OpenShift Build myproject/sample-pipeline-51 from http://172.30.241.135:8080/ruby-hello-world.git
>  > git rev-parse --is-inside-work-tree # timeout=10
> Fetching changes from the remote Git repository
>  > git config remote.origin.url http://172.30.241.135:8080/ruby-hello-world.git # timeout=10
> Fetching upstream changes from http://172.30.241.135:8080/ruby-hello-world.git
>  > git --version # timeout=10
>  > git fetch --tags --progress http://172.30.241.135:8080/ruby-hello-world.git +refs/heads/*:refs/remotes/origin/*
>  > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
>  > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
> Checking out Revision 761e2e2a61e4418fdbd34365df775a19905c1a83 (refs/remotes/origin/master)
>  > git config core.sparsecheckout # timeout=10
>  > git checkout -f 761e2e2a61e4418fdbd34365df775a19905c1a83
>  > git rev-list 60dc8ea5beb7678826fc7f4faaae0ce036b4fd05 # timeout=10
> [Pipeline] node
> Running on master in /home/jdyson/projects/openshift-sync-plugin/work/jobs/myproject-sample-pipeline/workspace
> [Pipeline] {
> [Pipeline] stage (build)
> Using the ‘stage’ step without a block argument is deprecated
> Entering stage build
> Proceeding
> [Pipeline] openshiftBuild

> Starting the "Trigger OpenShift Build" step with build config "ruby-sample-build" from the project "myproject".

Found a bug with old style Opaque tokens - fixing now.

@dyan I think your issue above is git server config, but nevertheless I found a bug in handling Opaque secrets for SSH key or basic auth which is fixed in oc 1.4.x but the sync plugin still needs to work with. I've fixed that in https://github.com/jenkinsci/openshift-sync-plugin/pull/24.

A couple of things you need to check in your steps:

- In step 2, make sure to also set `ALLOW_ANON_GIT_PULL` to false otherwise it will be able to pull without any kind of auth.
- After running step 2, make sure that a new pod has started with the new config before you push your repo. If you're running without PV then each time the pod restarts (say after updating the DC) all data will be lost so you need to ensure you're pushing to a pod that has the config applied.

@Jimmi has a release been built w/ the fix?  Has Troy packaged it+built a new image w/ it?

@tdawson Released sync plugin 0.1.0 ready for packaging please (no dependency changes).

rpm:
  jenkins-plugin-openshift-sync-0.1.0-1.el7
In puddles, repos and images:
  openshift3/jenkins-1-rhel7:1.651.2-37
  openshift3/jenkins-2-rhel7:2.19-4

Should be ready for QE now.
rpm:
  jenkins-plugin-openshift-sync-0.1.1-1.el7
Images:
  openshift3/jenkins-1-rhel7:1.651.2-40
  openshift3/jenkins-2-rhel7:2.19-7

Test with
brew-pulp.../openshift3/jenkins-1-rhel7            6e8c6a3c7a01 
brew-pulp.../openshift3/jenkins-2-rhel7            ca15e7519b57
openshift-login    0.9	
openshift-pipeline  1.0.36	
openshift-sync     0.1.1

openshift v3.4.0.29+ca980ba
kubernetes v1.4.0+776c994
etcd 3.1.0-rc.0

Steps like comment 3

1.If I `ALLOW_ANON_GIT_PULL` to true, could trigger pipeline build successfully,

2.But set `ALLOW_ANON_GIT_PULL` to false, build failed, jenkins job log:

OpenShift Build dyanv2/sample-pipeline-8 from http://git:8080/jenkins-pipeline-ruby-test.git
 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url http://git:8080/jenkins-pipeline-ruby-test.git # timeout=10
Fetching upstream changes from http://git:8080/jenkins-pipeline-ruby-test.git
 > git --version # timeout=10
 > git fetch --tags --progress http://git:8080/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from http://git:8080/jenkins-pipeline-ruby-test.git
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797)
	at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1051)
	at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1082)
	at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109)
	at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:108)
	at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:57)
	at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:214)
	at hudson.model.ResourceController.execute(ResourceController.java:98)
	at hudson.model.Executor.run(Executor.java:404)
Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress http://git:8080/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout: 
stderr: fatal: unable to access 'http://git:8080/jenkins-pipeline-ruby-test.git/': The requested URL returned error: 403

	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1752)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1495)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:64)
	at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:315)
	at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:795)
	... 8 more
ERROR: null
Finished: FAILURE

This works fine for me.

@dyan Can you share the BuildConfig definition as YAML please? Also, can you look at the job configuration in Jenkins & check if the credentials field for the git repo is populated properly? Finally, can you check that the credentials object in Jenkins has actually been created at all?

Created attachment 1224186 [details]
pipeline buildConfig

Yes, the credentials named mysecret has actually been created in Jenkins

Can you retest with v0.1.4 of sync plugin please? Needs packaging so assigning to @tdawson.

@tdawson Released 0.1.5 of sync plugin that needs packaging when you get the chance. Not synced to https://updates.jenkins-ci.org/download/plugins/openshift-sync/0.1.5 yet but will keep an eye on when it's available from there.

Sync plugin v0.1.5 is now available now from Jenkins update centre.

Ready here.
rpm:
  jenkins-plugin-openshift-sync-0.1.5-1.el7
Images:
  openshift3/jenkins-1-rhel7:1.651.2-42
  openshift3/jenkins-2-rhel7:2.19-9

Thanks @tdawson.

Test with
brew-pulp.../openshift3/jenkins-1-rhel7          bdda1c3ed6fd  
brew-pulp.../openshift3/jenkins-2-rhel7          40ed5bbd7488
openshift-login	0.9
openshift-pipeline	1.0.37
openshift-sync	0.1.5

openshift v3.4.0.30+e10cc28
kubernetes v1.4.0+776c994
etcd 3.1.0-rc.0

*** Bug 1399993 has been marked as a duplicate of this bug. ***

Not sure why it didn't get closed.  I would just close it but I'd like to know if our process broke.  @Brenton?

sorry, messed up the state while commenting.  it's back to what it was now.