Bug 1278020 - Can't git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver
Can't git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build (Show other bugs)
3.1.0
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Cesar Wong
Wenjing Zheng
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-04 09:55 EST by XiuJuan Wang
Modified: 2016-09-07 17:14 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-09-07 17:14:50 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description XiuJuan Wang 2015-11-04 09:55:03 EST
Description of problem:
Can't git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver , always meet "fatal: unable to access 'http://172.30.147.81:8080/ruby-hello-world.git/': The requested URL returned error: 500"

Works in origin when use same openshift/origin-gitserver.

Version-Release number of selected component (if applicable):
oc v3.0.2.905
kubernetes v1.2.0-alpha.1-1107-g4c8e6f4
openshift/origin-gitserver(image id: e28cf3dfc92a) built in devenv-feodra_2627

How reproducible:
always

Steps to Reproduce:
1.Pull the latest openshift/origin-gitserver image to master and node
2.Oc login to openshit and get user token
3.Create gitserver with REQUIRE_SERVER_AUTH auth
wget https://raw.githubusercontent.com/openshift/origin/master/examples/gitserver/gitserver.yaml
oc create -f gitserver/gitserver.yaml
4.After gitserver pod is running, git clone http://$gitserver:8080/ruby-hello-world.git

Actual results:
# oc get svc
NAME        CLUSTER_IP      EXTERNAL_IP   PORT(S)    SELECTOR                  AGE
gitserver   172.30.147.81   <none>        8080/TCP   run-container=gitserver   21s
# oc get pods
NAME                READY     STATUS    RESTARTS   AGE
gitserver-1-lmtu5   1/1       Running   0          20s

When git clone, enter user's token,but failed with 500 error.
# git clone http://172.30.147.81:8080/ruby-hello-world.git 
Cloning into 'ruby-hello-world'...
Username for 'http://172.30.147.81:8080': xiuwang
Password for 'http://xiuwang@172.30.147.81:8080': 
fatal: unable to access 'http://172.30.147.81:8080/ruby-hello-world.git/': The requested URL returned error: 500


Expected results:
Could git clone repo from gitserver.

Additional info:
gitserver pod log in OSE env
#oc logs  gitserver-1-lmtu5
2015-11-04 14:37:44.096411 I | Linking build configs in namespace(s) [xiuwang] to the gitserver
2015-11-04 14:37:44.397142 I | No build configs found to link to the gitserver
2015-11-04 14:37:44.397215 I | error: Get https://kubernetes.default:443/oapi/v1/namespaces/xiuwang/buildconfigs: x509: certificate is valid for openshift-149.lab.sjc.redhat.com, not kubernetes.default
2015-11-04 14:37:44.400192 I | Authenticating against https://kubernetes.default:443 allow-push=true anon-pull=false
2015-11-04 14:37:44.400211 I | Serving /var/lib/git on :8080

gitserver pod log in origin env

$ oc logs  gitserver-1-nqopa
2015-11-04 14:00:32.326192 I | Linking build configs in namespace(s) [xiuwang] to the gitserver
2015-11-04 14:00:32.875770 I | No build configs found to link to the gitserver
2015-11-04 14:00:32.875816 I | error: User "system:serviceaccount:xiuwang:default" cannot list buildconfigs in project "xiuwang"
2015-11-04 14:00:32.876546 I | Authenticating against https://kubernetes.default:443 allow-push=true anon-pull=false
2015-11-04 14:00:32.876561 I | Serving /var/lib/git on :8080
2015-11-04 14:01:55.619659 I | Lazily initializing bare repository http://gitserver.xiuwang.svc.cluster.local:8080/ruby-hello-world.git
Comment 2 XiuJuan Wang 2015-11-16 04:27:12 EST
Can't reproduce this bug in ose 3.1
oc v3.1.0.4-9-g72d3991
kubernetes v1.1.0-origin-1107-g4c8e6f4

But has a strage message in pod log
error: User "system:serviceaccount:xiuwang:gitserver" cannot list buildconfigs in project "xiuwang"

#oc logs gitserver-1-onbkc 
2015-11-16 05:22:44.566111 I | Linking build configs in namespace(s) [xiuwang] to the gitserver
2015-11-16 05:22:44.762748 I | No build configs found to link to the gitserver
2015-11-16 05:22:44.762792 I | error: User "system:serviceaccount:xiuwang:gitserver" cannot list buildconfigs in project "xiuwang"
2015-11-16 05:22:44.763738 I | Authenticating against https://kubernetes.default:443 allow-push=true anon-pull=false
2015-11-16 05:22:44.763757 I | Serving /var/lib/git on :8080
Comment 4 XiuJuan Wang 2016-03-29 05:05:03 EDT
@ben
Could you move this bug to on_qa, since could git clone using user's token when set REQUIRE_SERVER_AUTH for gitserver, and no error in gitserver pod logs.

puddle:  3.2/2016-03-28.4/
Comment 5 XiuJuan Wang 2016-03-29 22:17:17 EDT
According to comment #4, move this bug to verified.
Thanks to Ben!

Note You need to log in before you can comment on or make changes to this bug.