-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error unsafe repository
using EFS via terraform-aws-atlantis pre-v3.17.0
#2221
Comments
Experiencing the same issue with the same setup, but latest version of Atlantis |
Interesting @magistersart i can write up a bit of how we got this bug. We restarted our Atlantis instance hoping to speed up some slowness we were experiencing. I’m the update of Atlantis, we noticed that the latest Git version was getting updated through the package manager. This caused us to need the variable or configurations set but ultimately we had zero success there. I looked through the Atlantis codebase to see where we can introduce a configuration check for the variables or the Git config. But I didn’t find anything at my first glance. But ultimately I think it’s something that’s solvable with a patch modifying how Atlantis runs Git commands. |
I had to reinstall everything with a rollback to v0.19.2 to make it working. |
I am also having this issue. However it only occurs on |
Experiencing this same issue with |
I was able to fix this by rolling back to 3.0.0 for the server version |
For those running https://github.com/terraform-aws-modules/terraform-aws-atlantis the fix for me was to set the |
I ended up doing this as well to get things working. |
I was able to workaround this issue setting the user too. The EFS storage wasn't much of a need to me, and I couldn't easily mount it externally, so I ended up adding the following lines on my terraform resource (using terraform-aws-atlantis):
|
I had the same issue happened in the latest Atlantis version v0.19.6 (that uses git version 2.34.2), but this issue did not happen when using Atlantis version v0.18.2 (that uses git version 2.34.1). Although this post indicate the security vulnerability fix is added in git version 2.25.2, but from their release log it seems like it was addressed in 2.24.2 instead. A temporary fix for this issue might be to downgrade the git version to 2.34.1 for the latest Atlantis image. Another solution is to upgrade the git version to >= 2.35.2 so people can use |
thanks @andyshinn & @biancarosa
or
|
By the way the current git version is pinned here. We will most likely not downgrade. atlantis/docker-base/Dockerfile Line 31 in ad79d07
The error seems to be resolved in terraform-aws-atlantis module's 3.17.0 release. |
unsafe repository
unsafe repository
using EFS via terraform-aws-atlantis pre-v3.17.0 deploy
unsafe repository
using EFS via terraform-aws-atlantis pre-v3.17.0 deployunsafe repository
using EFS via terraform-aws-atlantis pre-v3.17.0
I believe I need to mount my EFS externally, would you be able to provide me steps as to how to do this? Thanks |
Sorry, I don't remember the exact steps. What I did was something like:
|
Is this something that can be automated and/or documented in the upstream terraform module? https://github.com/terraform-aws-modules/terraform-aws-atlantis |
Not sure if applicable but the issue is still present on latest version @nitrocode |
note that switching to the Atlantis non root user may impact the above workaround |
Community Note
Overview of the Issue
I haven't seen this issue noted in here, but I am reporting this in case anybody else has experienced this.
After recently restarting our Atlantis task, each
atlantis plan
results in a failure to download every single module. One such failure message looks like this:We understand this is related to the recent Git security vulnerability. We've tried adding the suggested
git config --global --add safe.directory <repo>
or to via*
as documented here but have not had success.Reproduction Steps
This problem began after we restarted our atlantis task in ECS. The git version running on the previous task was from a git version before the security patch.
Logs
Environment details
Atlantis version:
If not running the latest Atlantis version have you tried to reproduce this issue on the latest version: No
Additional Context
The text was updated successfully, but these errors were encountered: