Bug 1278020 - Can't git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver
Summary: Can't git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Cesar Wong
QA Contact: Wenjing Zheng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-11-04 14:55 UTC by XiuJuan Wang
Modified: 2016-09-07 21:14 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-09-07 21:14:50 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description XiuJuan Wang 2015-11-04 14:55:03 UTC
Description of problem:
Can't git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver , always meet "fatal: unable to access 'http://172.30.147.81:8080/ruby-hello-world.git/': The requested URL returned error: 500"

Works in origin when use same openshift/origin-gitserver.

Version-Release number of selected component (if applicable):
oc v3.0.2.905
kubernetes v1.2.0-alpha.1-1107-g4c8e6f4
openshift/origin-gitserver(image id: e28cf3dfc92a) built in devenv-feodra_2627

How reproducible:
always

Steps to Reproduce:
1.Pull the latest openshift/origin-gitserver image to master and node
2.Oc login to openshit and get user token
3.Create gitserver with REQUIRE_SERVER_AUTH auth
wget https://raw.githubusercontent.com/openshift/origin/master/examples/gitserver/gitserver.yaml
oc create -f gitserver/gitserver.yaml
4.After gitserver pod is running, git clone http://$gitserver:8080/ruby-hello-world.git

Actual results:
# oc get svc
NAME        CLUSTER_IP      EXTERNAL_IP   PORT(S)    SELECTOR                  AGE
gitserver   172.30.147.81   <none>        8080/TCP   run-container=gitserver   21s
# oc get pods
NAME                READY     STATUS    RESTARTS   AGE
gitserver-1-lmtu5   1/1       Running   0          20s

When git clone, enter user's token,but failed with 500 error.
# git clone http://172.30.147.81:8080/ruby-hello-world.git 
Cloning into 'ruby-hello-world'...
Username for 'http://172.30.147.81:8080': xiuwang
Password for 'http://xiuwang@172.30.147.81:8080': 
fatal: unable to access 'http://172.30.147.81:8080/ruby-hello-world.git/': The requested URL returned error: 500


Expected results:
Could git clone repo from gitserver.

Additional info:
gitserver pod log in OSE env
#oc logs  gitserver-1-lmtu5
2015-11-04 14:37:44.096411 I | Linking build configs in namespace(s) [xiuwang] to the gitserver
2015-11-04 14:37:44.397142 I | No build configs found to link to the gitserver
2015-11-04 14:37:44.397215 I | error: Get https://kubernetes.default:443/oapi/v1/namespaces/xiuwang/buildconfigs: x509: certificate is valid for openshift-149.lab.sjc.redhat.com, not kubernetes.default
2015-11-04 14:37:44.400192 I | Authenticating against https://kubernetes.default:443 allow-push=true anon-pull=false
2015-11-04 14:37:44.400211 I | Serving /var/lib/git on :8080

gitserver pod log in origin env

$ oc logs  gitserver-1-nqopa
2015-11-04 14:00:32.326192 I | Linking build configs in namespace(s) [xiuwang] to the gitserver
2015-11-04 14:00:32.875770 I | No build configs found to link to the gitserver
2015-11-04 14:00:32.875816 I | error: User "system:serviceaccount:xiuwang:default" cannot list buildconfigs in project "xiuwang"
2015-11-04 14:00:32.876546 I | Authenticating against https://kubernetes.default:443 allow-push=true anon-pull=false
2015-11-04 14:00:32.876561 I | Serving /var/lib/git on :8080
2015-11-04 14:01:55.619659 I | Lazily initializing bare repository http://gitserver.xiuwang.svc.cluster.local:8080/ruby-hello-world.git

Comment 2 XiuJuan Wang 2015-11-16 09:27:12 UTC
Can't reproduce this bug in ose 3.1
oc v3.1.0.4-9-g72d3991
kubernetes v1.1.0-origin-1107-g4c8e6f4

But has a strage message in pod log
error: User "system:serviceaccount:xiuwang:gitserver" cannot list buildconfigs in project "xiuwang"

#oc logs gitserver-1-onbkc 
2015-11-16 05:22:44.566111 I | Linking build configs in namespace(s) [xiuwang] to the gitserver
2015-11-16 05:22:44.762748 I | No build configs found to link to the gitserver
2015-11-16 05:22:44.762792 I | error: User "system:serviceaccount:xiuwang:gitserver" cannot list buildconfigs in project "xiuwang"
2015-11-16 05:22:44.763738 I | Authenticating against https://kubernetes.default:443 allow-push=true anon-pull=false
2015-11-16 05:22:44.763757 I | Serving /var/lib/git on :8080

Comment 4 XiuJuan Wang 2016-03-29 09:05:03 UTC
@ben
Could you move this bug to on_qa, since could git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver, and no error in gitserver pod logs.

puddle:  3.2/2016-03-28.4/

Comment 5 XiuJuan Wang 2016-03-30 02:17:17 UTC
According to comment #4, move this bug to verified.
Thanks to Ben!


Note You need to log in before you can comment on or make changes to this bug.