Spring

 View Only

 Git Backend not working for Spring Config server

Luca Falco's profile image
Luca Falco posted Apr 18, 2019 03:38 PM

Hello,

 

I m having issue to configure git backend for Spring Config server.

I think the issue is with the git url, it fails to clone the repo.

I'm using Pivotal trial account and trial version of the spring config service.

I tried both from command line and the webinterface.

From command line :

 

cf create-service p-config-server trial config-server -c '{\"git\": { \"uri\": \"https://bitbucket.org/LdeFalco/test\", \"username\" : \"LdeFalco\", \"password\" : \"my password\" , \"cloneOnStart\" : \"true\" }}'

 

From the wbe interface :

 

{

"git": {

"uri": "https://LdeFalco@bitbucket.org/LdeFalco/test.git",

"username": "LdeFalco",

"password": "my password",

"cloneOnStart": "true",

}

}

 

Both cases it fails.

Unfortunatley I m not able to see the logs for this issue :

cf service-logs config-server

/v2/services did not contain a service instance logs endpoint: maybe the broker version is too old

 

If I create or update the service without the cloneOnStart option, the service is created/updated successfully. This is the first reason why I think it's an issue with replo clone.

If I try to bind an app to get the properties file from the service (created without "cloneOnStart": "true" ) I get in application logs :

Caused by: java.io.FileNotFoundException: https://config-25b94d3d-e15f-447a-bfca-060ce402a88a.cfapps.io/addressApp/PCF

 

To debug the issue I tried to invoke the service using the bash script provided in the DOC :

 

TOKEN=$(curl -k [ACCESS_TOKEN_URI] -u [CLIENT_ID]:[CLIENT_SECRET] -d grant_type=client_credentials | jq -r .access_token); \

curl -k -H "Authorization: bearer $TOKEN" -H "Accept: application/json" [URI]/[ENDPOINT] | jq

 

I get this error :

 

{

 "timestamp": "2019-04-18T08:22:37.535+0000",

 "status": 404,

 "error": "Not Found",

 "message": "Cannot clone or checkout repository: https://bitbucket.org/LdeFalco/test",

 "path": "/addressApp/CF"

}

 

It should be an easy thing to configure but It's not working, don't know how to further debug the issue.

Daniel Mikusa's profile image
Daniel Mikusa

>cf create-service p-config-server trial config-server -c '{\"git\": { \"uri\": \"https://bitbucket.org/LdeFalco/test\", \"username\" : \"LdeFalco\", \"password\" : \"my password\" , \"cloneOnStart\" : \"true\" }}'

 

Not sure what shell you're using, but watch out for escaping/quoting issues. In Bash, you'd typically do `-c '{"git": {"uri": "https://...", ...}'. Note the single quotes on the outside, which mean you can use double quotes inside without needing the escape the backquotes. Windows command prompt is different. I think it requires all double quotes, with backslash escaping, like -c "{\"git\": \"https://...\", ...}".

Daniel Mikusa's profile image
Daniel Mikusa

I'm also curious about your URL: https://LdeFalco@bitbucket.org/LdeFalco/test.git. Is it really supposed to have `LdeFalco@` in it? You're going to pass the username and password as separate arguments. Maybe try it w/out that part? So just https://bitbucket.org/LdeFalco/test.git.

Daniel Mikusa's profile image
Daniel Mikusa

Try running `curl -u <user>:<password> -vv https://bitbucket.org/LdeFalco/test.git` and see what happens. The Java git client that sends your user name and password as basic auth. The curl command should do that as well. See what sort of response you get from curl.

Daniel Mikusa's profile image
Daniel Mikusa

You might also want to try SSH based access, since your repo is private. Instructions for doing that are here -> https://docs.pivotal.io/spring-cloud-services/2-0/common/config-server/configuring-with-git.html#ssh-repository-access

Daniel Mikusa's profile image
Daniel Mikusa

I had trouble getting this to work against my Github account using a private repo. It's unclear why it fails, JGit just say "not authorized", which I suspect is all JGit receives from the server. I suspect it's something with our company settings, maybe 2-Factor auth or our SSO, something like that. Do you have anything like that set up on your account?

 

When I tested against a private repo that didn't have 2-factor or SSO, it worked just fine.

 

 

Luca Falco's profile image
Luca Falco

Just another point

I tried with git url with and without .git :

https://LdeFalco@bitbucket.org/LdeFalco/test.git

https://LdeFalco@bitbucket.org/LdeFalco/test

Luca Falco's profile image
Luca Falco

I m using windows powershell and the only format validated is single quotes on the outside with backslash escaping inside.

I didn't think to a format issue because the service is created successfully without the cloneOnStart parameter.

Moreover from the Web interface I can pass directly the json

 

On the git url, I used  https://bitbucket.org/LdeFalco/test.git , then I tried also with other url, like adding the username in the url. When I posted the question I copied and pasted different url

Luca Falco's profile image
Luca Falco

It seems to work, output attached

Attachment  View in library
Daniel Mikusa's profile image
Daniel Mikusa

I talked with the PM for SCS and he confirmed that HTTP URLs and password based authentication will not work for private repos where the credentials require 2-factor or SSO. It doesn't seem to be a limitation of SCS, but a limitation of git + basic auth. Instead, he recommends using SSH based authentication for private repos. This should work and we use it successfully with Pivotal repos that require 2-factor & SSO. That is if you must password protect your repos. If you can use a public repo, that makes things even easier as you don't need auth at all.

 

Glad to hear that Github is working better for you!

Luca Falco's profile image
Luca Falco

I don't have any particular setting for the bitbucket repo.

Anyway I tried with a github account, no basic authentication needed for the repo and it worked.

Luca Falco's profile image
Luca Falco

Thanks Daniel for the explanation