Bug 1973595
| Summary: | Unable to make SSH connection to a Bitbucket server | |||
|---|---|---|---|---|
| Product: | Red Hat Advanced Cluster Management for Kubernetes | Reporter: | Riya Banerjee <ribanerj> | |
| Component: | App Lifecycle | Assignee: | Roke Jung <rjung> | |
| Status: | CLOSED ERRATA | QA Contact: | Eveline Cai <ecai> | |
| Severity: | unspecified | Docs Contact: | bswope <bswope> | |
| Priority: | unspecified | |||
| Version: | rhacm-2.2.z | CC: | bswope, ecai, mlele, rjung, xiangli | |
| Target Milestone: | --- | Flags: | ming:
rhacm-2.2.z+
|
|
| Target Release: | rhacm-2.2.6 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | 1966513 | |||
| : | 2028196 (view as bug list) | Environment: | ||
| Last Closed: | 2021-08-10 18:33:12 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1966513 | |||
| Bug Blocks: | 2028196 | |||
The SSH connection example in the documentation has
configMapRef:
name: git-known-hosts
which is wrong and we will remove it.
The controller tries to automatically scan SSH hosts and build known host list so you do not need the config map to specify the known hosts and even if you do, it will not be used.
There is still some problem in our SSH host scanning code with your specific case where the scan needs to include the port number. We will fix this in 2.2.5. If you need the fix before 2.2.5, we can work with you on screen share to patch your clusters.
You can also configure your Bitbucket server to forward port 7999 to port 22 so that you don't have to specify the port number in your SSH URL. https://confluence.atlassian.com/bitbucketserverkb/how-do-i-use-xinetd-to-forward-port-22-for-ssh-connections-to-bitbucket-server-779171730.html If you do this, you do not need to specify insecureSkipVerify. You can also configure your Bitbucket server to forward port 7999 to port 22 so that you don't have to specify the port number in your SSH URL. https://confluence.atlassian.com/bitbucketserverkb/how-do-i-use-xinetd-to-forward-port-22-for-ssh-connections-to-bitbucket-server-779171730.html If you do this, you do not need to specify insecureSkipVerify. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Red Hat Advanced Cluster Management 2.2.6 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:3126 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days |
Yes, I can see from the logs that it still fails. 2021-06-17T02:23:23.346045644Z I0617 02:23:23.346029 1 gitrepo.go:178] Connecting to Git server via SSH 2021-06-17T02:23:23.346058983Z I0617 02:23:23.346051 1 gitrepo.go:236] Getting public SSH host key for bitbucket.biscrum.com 2021-06-17T02:23:28.405239293Z E0617 02:23:28.405194 1 gitrepo.go:242] failed to get public SSH host key: exit status 1 2021-06-17T02:23:28.405239293Z E0617 02:23:28.405221 1 git_subscriber_item.go:195] exit status 1Unable to clone the git repo ssh://git.com:7999/infpaas/openshift.git 2021-06-17T02:23:28.405239293Z I0617 02:23:28.405226 1 git_subscriber_item.go:198] exit doSubscription: policies/stable-policies-sub 2021-06-17T02:23:28.405239293Z E0617 02:23:28.405231 1 git_subscriber_item.go:162] exit status 1Subscription error. Please try this. In the channel spec, specify insecureSkipVerify: true like below. apiVersion: apps.open-cluster-management.io/v1 kind: Channel metadata: name: somechannel namespace: default spec: type: Git pathname: ssh://git.com:7999/infpaas/openshift.git secretRef: name: git-ssh-key insecureSkipVerify: true