-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed git push: Permission denied #32
Comments
I can verify that I can now get to this step (which I think means the present issue is closed):
|
@technosophos yes I believe that means this issue is closed. Going to close now but if this issue recurs after I fix #30, I'll reopen |
I am running into this still. I used a trick of attempting to ssh to the builder as user From outside the cluster (accessing via router):
To rule out router problems, here's the same troubleshooting technique applied from within the cluster. The IP you see is the builder's service IP:
Note that I've tried all the obvious things. I have looked at |
Did you do a |
I must be misunderstanding what @krancour did... why use a key that does not exist? |
@technosophos the key did exist. The only thing unusual about what I did was that as a diagnostic procedure, I used ssh directly so I could get a trace that might indicate why the git push was failing. That said, the traces do seem to be indicating that the key is bad or doesn't exist, however, the same key works just fine with 1.x clusters. |
@krancour this is what I am not understanding:
|
Ah... whoops... let me try that again. There is a problem, but you're right... I botched that line, so the trace isn't useful. |
Here we go:
|
What's still weird to me is that you are getting a response from an OpenSSH server. What server is that? Builder does not run OpenSSH. It runs a custom SSH server that uses the Go library. |
n/m... that's the client output, isn't it |
I couldn't reproduce this on my local k8s cluster. Below I've listed everything I did from start to finish. 1. Install Deis on the Clusterhelm up
helm fetch deis/deis
helm install deis That resulted in the following services ( ENG000656:builder aaronschlesinger$ kd get svc
NAME CLUSTER_IP EXTERNAL_IP PORT(S) SELECTOR AGE
deis-builder 10.3.0.197 <none> 2222/TCP name=deis-builder 14s
deis-database 10.3.0.57 <none> 5432/TCP name=deis-database 14s
deis-etcd-1 10.3.0.218 <none> 2380/TCP,4100/TCP name=deis-etcd-1 14s
deis-etcd-discovery 10.3.0.143 <none> 2381/TCP name=deis-etcd-discovery 14s
deis-minio 10.3.0.29 <none> 9000/TCP app=deis-minio 14s
deis-registry 10.3.0.237 <none> 5000/TCP name=deis-registry 14s
deis-workflow 10.3.0.146 <none> 80/TCP name=deis-workflow 14s Then, I waited until all relevant pods were up: ENG000656:builder aaronschlesinger$ kd get pod
NAME READY STATUS RESTARTS AGE
deis-builder-b2t2u 1/1 Running 1 3m
deis-database-vnku3 1/1 Running 0 3m
deis-etcd-1-gxt12 1/1 Running 1 3m
deis-etcd-1-o6uu3 1/1 Running 0 3m
deis-etcd-1-pg2rj 1/1 Running 0 3m
deis-etcd-discovery-cf7tz 1/1 Running 0 3m
deis-minio-lgski 1/1 Running 0 3m
deis-registry-gzxua 1/1 Running 0 3m
deis-router-s4cti 0/1 Pending 0 3m
deis-workflow-yh1xd 1/1 Running 0 3m 2. Set up the AccountThen, I logged into the minion (I'm running a cluster created by micro-kube) and set up an account: core@micro-kube ~/example-go $ ./deis register 10.3.0.146
username: arschles
password:
password (confirm):
email: arschles@gmail.com
Registered arschles
Logged in as arschles 3. Generate and add KeysThen, generated and added my keys to the agent and Deis: core@micro-kube ~/example-go $ ssh-keygen -t rsa -b 4096 -C "arschles@gmail.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/core/.ssh/id_rsa):
/home/core/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/core/.ssh/id_rsa.
Your public key has been saved in /home/core/.ssh/id_rsa.pub.
The key fingerprint is:
b1:1d:0f:70:57:de:64:93:ce:fb:84:2c:18:56:a4:f2 arschles@gmail.com
The key's randomart image is:
+---[RSA 4096]----+
| . ..o...+|
| o o.. =.|
| o +. + .|
| *o+ o |
| S.Eo.. ..|
| . . o..|
| . ..|
| .|
| |
+-----------------+
core@micro-kube ~/example-go $ eval $(ssh-agent) && ssh-add ~/.ssh/id_rsa
Agent pid 29720
Identity added: /home/core/.ssh/id_rsa (rsa w/o comment)
core@micro-kube ~/example-go $ ./deis keys:add ~/.ssh/id_rsa.pub
Uploading id_rsa.pub to deis... done 4. Create new ProjectThen I created a new project: core@micro-kube ~/example-go $ ./deis create --no-remote
Creating Application... done, created luxury-gemstone
remote available at ssh://git@10.3.0.146:2222/luxury-gemstone.git 5. Set up new git remoteThen, pointed my git remote at builder: core@micro-kube ~/example-go $ git remote add deis ssh://git@10.3.0.197:2222/luxury-gemstone.git 6. Push to the
|
I built a new cluster and am now unable to repro this. |
@krancour I'm not sure why you'd have to build a new cluster, so this still concerns me. @technosophos @slack do you mind trying to repro this again? |
Doing it now. |
@arschles I think my cluster was in a bad state. I told @technosophos earlier, but I was running on t1.micros and I know I was starting to have resource issues. Many pods, including the builder started flapping. I can't help but imagine that contributed. |
@krancour ok, I think I'm just paranoid. Thanks for letting me know. |
I was running into this as well on v2.1.0 and it was related to I opened deis/charts#303 to track the issue. |
The fix for me was to run "ssh-add" in the terminal ;) |
This could be a duplicate of #28, but since the symptoms were different, I thought I'd file it.
tl;dr: I can't push from an in-cluster Ubuntu pod to the builder. The git client gets a permissions error.
I'm running an Ubuntu pod inside of k8s, and connecting to builder from there. The full record of my install is here: https://gist.github.com/technosophos/9d5ebda491141eaf3475
The relevant details, though, are this:
Following instructions, we should now be able to push:
Checking the logs:
The text was updated successfully, but these errors were encountered: