Hide Forgot
It would appear that any git credentials supplied in the BuildConfig are ignored and not used to retrieve the Jenkinsfile when the pipeline job runs. Assuming that's correct, we need to add support for using the git credentials supplied in the buildconfig. tracker for https://github.com/fabric8io/openshift-jenkins-sync-plugin/issues/101
Fixed in https://github.com/jenkinsci/openshift-sync-plugin/pull/14, will be in next release.
Available now in latest Jenkins RHEL image - please retest.
Test with brew-pulp.../openshift3/jenkins-2-rhel7 d126876bf60a brew-pulp.../openshift3/jenkins-1-rhel7 dc04c4ed570b openshift-login 0.9 openshift-pipeline 1.0.33 openshift-sync 0.0.17 openshift v3.4.0.25+1f36858 kubernetes v1.4.0+776c994 etcd 3.1.0-rc.0 Steps: 1.Create a git server $ oc create -f https://raw.githubusercontent.com/openshift/origin/master/examples/gitserver/gitserver-ephemeral.yaml 2.Change git auth in dc/git "name: REQUIRE_GIT_AUTH value: <username>:<password> " 3.Git clone a repo included jenkinsfile, then push to git server $ git clone https://github.com/openshift-qe/jenkins-pipeline-ruby-test 4.Create secret with username and password. $ oc secret new-basicauth mysecret --username=<username> --password=<password> 5.Edit sample-pipeline pipeline application to use private repo $ oc new-app https://raw.githubusercontent.com/openshift/origin/master/examples/jenkins/pipeline/samplepipeline.json $ oc edit bc sample-pipeline ... "source": { "git": { "uri": "http://git:8080/ruby-hello-world.git" }, "sourceSecret": { "name": "mysecret" }, ... 6.Start build, check build status Actual result: build failed jenkins log: OpenShift Build dyanv1/sample-pipeline-4 from http://git:8080/jenkins-pipeline-ruby-test.git > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url http://git:8080/jenkins-pipeline-ruby-test.git # timeout=10 Fetching upstream changes from http://git:8080/jenkins-pipeline-ruby-test.git > git --version # timeout=10 using GIT_ASKPASS to set credentials dyanv1-mysecret > git fetch --tags --progress http://git:8080/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/* > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 > git rev-parse origin/master^{commit} # timeout=10 ERROR: Couldn't find any revision to build. Verify the repository and branch configuration for this job. Finished: FAILURE
If I use route url in bc source field, like: "source": { "git": { "uri": "http://git-dyanv1.1114-txe.qe.rhcloud.com/ruby-hello-world.git" } build still failed, jenkins log: OpenShift Build dyanv1/sample-pipeline-3 from http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git # timeout=10 Fetching upstream changes from http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git > git --version # timeout=10 using GIT_ASKPASS to set credentials dyanv1-mysecret > git fetch --tags --progress http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/* ERROR: Error fetching remote repo 'origin' hudson.plugins.git.GitException: Failed to fetch from http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797) at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1051) at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1082) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109) at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:108) at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:57) at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:214) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:410) Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: stdout: stderr: fatal: unable to access 'http://git-dyanv1.1114-txe.qe.rhcloud.com/jenkins-pipeline-ruby-test.git/': Failed connect to git-dyanv1.1114-txe.qe.rhcloud.com:80; Operation now in progress at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1752) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1495) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:64) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:315) at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:795) ... 8 more ERROR: null Finished: FAILURE
I have added log recorder for `io.fabric8` & `okhttp3` , no error output
@dyan The error message doesn't show this is a problem with the sync plugin: `Failed connect to git-dyanv1.1114-txe.qe.rhcloud.com:80; Operation now in progress` Are you sure that route address is resolvable from the Jenkins pod? I have just run through the exact steps from above locally and works correctly. The build log looks like: > OpenShift Build myproject/sample-pipeline-51 from http://172.30.241.135:8080/ruby-hello-world.git > > git rev-parse --is-inside-work-tree # timeout=10 > Fetching changes from the remote Git repository > > git config remote.origin.url http://172.30.241.135:8080/ruby-hello-world.git # timeout=10 > Fetching upstream changes from http://172.30.241.135:8080/ruby-hello-world.git > > git --version # timeout=10 > > git fetch --tags --progress http://172.30.241.135:8080/ruby-hello-world.git +refs/heads/*:refs/remotes/origin/* > > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 > > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10 > Checking out Revision 761e2e2a61e4418fdbd34365df775a19905c1a83 (refs/remotes/origin/master) > > git config core.sparsecheckout # timeout=10 > > git checkout -f 761e2e2a61e4418fdbd34365df775a19905c1a83 > > git rev-list 60dc8ea5beb7678826fc7f4faaae0ce036b4fd05 # timeout=10 > [Pipeline] node > Running on master in /home/jdyson/projects/openshift-sync-plugin/work/jobs/myproject-sample-pipeline/workspace > [Pipeline] { > [Pipeline] stage (build) > Using the ‘stage’ step without a block argument is deprecated > Entering stage build > Proceeding > [Pipeline] openshiftBuild > Starting the "Trigger OpenShift Build" step with build config "ruby-sample-build" from the project "myproject".
Found a bug with old style Opaque tokens - fixing now.
@dyan I think your issue above is git server config, but nevertheless I found a bug in handling Opaque secrets for SSH key or basic auth which is fixed in oc 1.4.x but the sync plugin still needs to work with. I've fixed that in https://github.com/jenkinsci/openshift-sync-plugin/pull/24. A couple of things you need to check in your steps: - In step 2, make sure to also set `ALLOW_ANON_GIT_PULL` to false otherwise it will be able to pull without any kind of auth. - After running step 2, make sure that a new pod has started with the new config before you push your repo. If you're running without PV then each time the pod restarts (say after updating the DC) all data will be lost so you need to ensure you're pushing to a pod that has the config applied.
@Jimmi has a release been built w/ the fix? Has Troy packaged it+built a new image w/ it?
@tdawson Released sync plugin 0.1.0 ready for packaging please (no dependency changes).
rpm: jenkins-plugin-openshift-sync-0.1.0-1.el7 In puddles, repos and images: openshift3/jenkins-1-rhel7:1.651.2-37 openshift3/jenkins-2-rhel7:2.19-4
Should be ready for QE now. rpm: jenkins-plugin-openshift-sync-0.1.1-1.el7 Images: openshift3/jenkins-1-rhel7:1.651.2-40 openshift3/jenkins-2-rhel7:2.19-7
Test with brew-pulp.../openshift3/jenkins-1-rhel7 6e8c6a3c7a01 brew-pulp.../openshift3/jenkins-2-rhel7 ca15e7519b57 openshift-login 0.9 openshift-pipeline 1.0.36 openshift-sync 0.1.1 openshift v3.4.0.29+ca980ba kubernetes v1.4.0+776c994 etcd 3.1.0-rc.0 Steps like comment 3 1.If I `ALLOW_ANON_GIT_PULL` to true, could trigger pipeline build successfully, 2.But set `ALLOW_ANON_GIT_PULL` to false, build failed, jenkins job log: OpenShift Build dyanv2/sample-pipeline-8 from http://git:8080/jenkins-pipeline-ruby-test.git > git rev-parse --is-inside-work-tree # timeout=10 Fetching changes from the remote Git repository > git config remote.origin.url http://git:8080/jenkins-pipeline-ruby-test.git # timeout=10 Fetching upstream changes from http://git:8080/jenkins-pipeline-ruby-test.git > git --version # timeout=10 > git fetch --tags --progress http://git:8080/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/* ERROR: Error fetching remote repo 'origin' hudson.plugins.git.GitException: Failed to fetch from http://git:8080/jenkins-pipeline-ruby-test.git at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:797) at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1051) at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1082) at org.jenkinsci.plugins.workflow.steps.scm.SCMStep.checkout(SCMStep.java:109) at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:108) at org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition.create(CpsScmFlowDefinition.java:57) at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:214) at hudson.model.ResourceController.execute(ResourceController.java:98) at hudson.model.Executor.run(Executor.java:404) Caused by: hudson.plugins.git.GitException: Command "git fetch --tags --progress http://git:8080/jenkins-pipeline-ruby-test.git +refs/heads/*:refs/remotes/origin/*" returned status code 128: stdout: stderr: fatal: unable to access 'http://git:8080/jenkins-pipeline-ruby-test.git/': The requested URL returned error: 403 at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1752) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1495) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:64) at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:315) at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:795) ... 8 more ERROR: null Finished: FAILURE
This works fine for me. @dyan Can you share the BuildConfig definition as YAML please? Also, can you look at the job configuration in Jenkins & check if the credentials field for the git repo is populated properly? Finally, can you check that the credentials object in Jenkins has actually been created at all?
Created attachment 1224186 [details] pipeline buildConfig
Yes, the credentials named mysecret has actually been created in Jenkins
Can you retest with v0.1.4 of sync plugin please? Needs packaging so assigning to @tdawson.
@tdawson Released 0.1.5 of sync plugin that needs packaging when you get the chance. Not synced to https://updates.jenkins-ci.org/download/plugins/openshift-sync/0.1.5 yet but will keep an eye on when it's available from there.
Sync plugin v0.1.5 is now available now from Jenkins update centre.
Ready here. rpm: jenkins-plugin-openshift-sync-0.1.5-1.el7 Images: openshift3/jenkins-1-rhel7:1.651.2-42 openshift3/jenkins-2-rhel7:2.19-9
Thanks @tdawson.
Test with brew-pulp.../openshift3/jenkins-1-rhel7 bdda1c3ed6fd brew-pulp.../openshift3/jenkins-2-rhel7 40ed5bbd7488 openshift-login 0.9 openshift-pipeline 1.0.37 openshift-sync 0.1.5 openshift v3.4.0.30+e10cc28 kubernetes v1.4.0+776c994 etcd 3.1.0-rc.0
*** Bug 1399993 has been marked as a duplicate of this bug. ***
Not sure why it didn't get closed. I would just close it but I'd like to know if our process broke. @Brenton?
sorry, messed up the state while commenting. it's back to what it was now.