I'm trying to use docker container task in azure DevOps pipeline to build and push images to ACR and ECR. I am able to do that through a YAML file and automate all the processes but when I am trying the same with a docker file which has dep and glide packages to fetch from other repos both from public GitHub repos and private bitbucket repos. It fails with the Host Key Verification error. The same dockerfile works with Jenkins but I don't know how to solve this ssh-key error on a Hosted Ubuntu Agent.
Step 13/33 : RUN curl https://glide.sh/get | sh
---> Running in 26f7f0a19f91
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 4833 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 4833 100 4833 0 0 6943 0 --:--:-- --:--:-- --:--:-- 6934
ARCH=amd64
OS=linux
Using curl as download tool
Getting https://glide.sh/version
TAG=v0.13.3
GLIDE_DIST=glide-v0.13.3-linux-amd64.tar.gz
Downloading https://github.com/Masterminds/glide/releases/download/v0.13.3/glide-v0.13.3-linux-amd64.tar.gz
glide version v0.13.3 installed successfully
Removing intermediate container 26f7f0a19f91
---> d4aa1a720fab
Step 14/33 : RUN glide update --strip-vendor
---> Running in 4614138d27bc
[INFO] wnloading dependencies. Please wait...
[INFO] > Fetching bitbucket.org/myrepositoryname/common
[INFO] > Fetching github.com/golang/protobuf
[INFO] > Fetching bitbucket.org/myrepositoryname/myteksi
[INFO] > Fetching bitbucket.org/myrepositoryname/sdk
[INFO] > Fetching github.com/imdario/mergo
[INFO] > Fetching gopkg.in/go-playground/validator.v9
[INFO] > Fetching github.com/segmentio/kafka-go
[WARN] able to checkout bitbucket.org/myrepositoryname/common
[ERROR] date failed for bitbucket.org/myrepositoryname/common: Unable to get repository: Cloning into '/root/.glide/cache/src/git-bitbucket.org-myrepositoryname-common.git'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
: exit status 128
Unable to get repository: Cloning into '/root/.glide/cache/src/git-bitbucket.org-myrepositoryname.git'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
: exit status 128
Unable to get repository: Cloning into '/root/.glide/cache/src/git-bitbucket.org-myrepositoryname.git'...
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
: exit status 128
The command '/bin/sh -c glide update --strip-vendor' returned a non-zero code: 1
##[debug]Exit code 1 received from tool '/usr/bin/docker'
##[debug]STDIO streams have closed for tool '/usr/bin/docker'
##[error]The command '/bin/sh -c glide update --strip-vendor' returned a non-zero code: 1
##[debug]Processed: ##vso[task.issue type=error;]The command '/bin/sh -c glide update --strip-vendor' returned a non-zero code: 1
##[debug]Trying to logout from registry: ***
##[debug]DOCKER_CONFIG=/home/vsts/work/_temp/DockerConfig_1564846219701
##[debug]agent.tempDirectory=/home/vsts/work/_temp
##[debug]Found the Docker Config stored in the temp path. Docker config path: /home/vsts/work/_temp/DockerConfig_1564846219701/config.json, Docker config: {"auths": { "***": {"auth": "***", "email": "ServicePrincipal#AzureRM" } }, "HttpHeaders":{"X-Meta-Source-Client":"VSTS"} }
##[debug]Deleting Docker config directory. Path: /home/vsts/work/_temp/DockerConfig_1564846219701/config.json
##[debug]DOCKER_CONFIG=/home/vsts/work/_temp/DockerConfig_1564846219701
##[debug]agent.tempDirectory=/home/vsts/work/_temp
##[debug]Deleting Docker config directory. Path: /home/vsts/work/_temp/DockerConfig_1564846219701
##[debug]set DOCKER_CONFIG=
##[debug]Processed: ##vso[task.setvariable variable=DOCKER_CONFIG;issecret=false;]
##[debug]task result: Failed
##[error]The process '/usr/bin/docker' failed with exit code 1
##[debug]Processed: ##vso[task.issue type=error;]The process '/usr/bin/docker' failed with exit code 1
##[debug]Processed: ##vso[task.complete result=Failed;]The process '/usr/bin/docker' failed with exit code 1
package: bitbucket.org/grabpay/ignite
import:
- package: bitbucket.org/myrepositoryname/common
repo: git#bitbucket.org:myrepositoryname/common.git
version: devel
subpackages:
- crimson
- track
- package: bitbucket.org/myrepositoryname/myfolder1
repo: git#bitbucket.org:myrepositoryname/myfolder1.git
version: fface9afbb72a739d0de8c8969e0fa06fda44614
- package: bitbucket.org/myrepositoryname/myfolder2
repo: git#bitbucket.org:myrepositoryname/myfolder2.git
version: master
- package: github.com/imdario/mergo
version: 2b9c8687f09d230f37f169eea24e1951bb7d1191
- package: gopkg.in/go-playground/validator.v9
- package: github.com/segmentio/kafka-go
- package: github.com/golang/protobuf
version: ^1.3.1
The above file is the dependency repos that are to be fetched using glide.yml file.
I fixed it finally, what I needed was a service account which has read access to all the repos that glide is trying to access. Read access was required for all those repos with a Bitbucket Service Connection in Azure Pipeline. The error is not specific to glide, it is more inclined with the git repo access.
Related
I am trying to use a plugin in my eks based k8s cluster,
I am using a Github Action controller that spawns on demand Container as Self Hosted runner
When the Github action start this plugin or any other that needs to build itself as a docker image fails with below error, any thoughts or ideas ?
This is my self hosted runner image Link
FYI : If i run a standalone alpine container in the cluster all typical cmd works, and this also works with default ubuntu based self hosted runner, so i dont think its the cluster
/usr/local/bin/docker build -t 60e226:1b6fc15462134e6fb8520b7df48cf7fd -f "/runner/_work/_actions/aquasecurity/trivy-action/master/Dockerfile" "/runner/_work/_actions/aquasecurity/trivy-action/master"
Sending build context to Docker daemon 644.6kB
Step 1/5 : FROM ghcr.io/aquasecurity/trivy:0.[3](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:3)7.1
0.37.1: Pulling from aquasecurity/trivy
c158987b0551: Pulling fs layer
67a7d067ef7d: Pulling fs layer[6]Download complete
67a7d067ef7d: Pull complete
2ec1cdd48f38: Verifying Checksum
2ec1cdd48f38: Download complete
2ec1cdd48f38: Pull complete
fe56e6aa700e: Pull complete
Digest: sha256:7c[16](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:16)7f7f3002948f1ec099555aa968bd8b8b097780603a38cc801fe965da0a69
Status: Downloaded newer image for ghcr.io/aquasecurity/trivy:0.37.1
---> c3e68408cd24
Step 2/5 : COPY entrypoint.sh /
---> 1f1da443ea86
Step 3/5 : RUN apk --no-cache add bash curl npm
---> Running in 647f7f479cac
fetch https://dl-cdn.alpinelinux.org/alpine/v3.[17](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:17)/main/x86_64/APKINDEX.tar.gz
48ABC73BEB7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:[18](https://github.com//docker-images/actions/runs/4134005760/jobs/7147011143#step:3:18)89:
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/main: Permission denied
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
48ABC73BEB7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889:
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/community: Permission denied
ERROR: unable to select packages:
bash (no such package):
required by: world[bash]
curl (no such package):
required by: world[curl]
npm (no such package):
required by: world[npm]
The command '/bin/sh -c apk --no-cache add bash curl npm' returned a non-zero code: 3
Warning: Docker build failed with exit code 3, back off 6.807 seconds before retry.
It was expected to build the docker image and proceed with the github action workflow
Tried different flavors of image and nothing worked except for ubunut-latest
the plugin in question
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action#master
with:
image-ref: 'test:latest'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
Until now I worked a lot with github/bitbucket and jenkins/bamboo. Right now I'm trying to setup a Gitlab CE server with a private kubernetes cluster.
I want to run a hello world project in java with gitlabs AutoDevOps in kubernetes, this is the repo I'm using:
https://github.com/dstar55/docker-hello-world-spring-boot
Everything works fine until runner gets created in kubernetes, downloads the image but gets stuck on downloading maven resources.
Running on runner-h6cwaztm-project-8-concurrent-0jvd9f via runner-gitlab-runner-6dcf7dd458-jl69h...
Fetching changes with git depth set to 50...
00:02
Initialized empty Git repository in /builds/.../hello-world-spring/.git/
Created fresh repository.
From https://.../hello-world-spring
* [new ref] refs/pipelines/14 -> refs/pipelines/14
* [new branch] master -> origin/master
Checking out ad24ac6b as master...
Skipping Git submodules setup
$ if [[ -z "$CI_COMMIT_TAG" ]]; then # collapsed multi-line command
$ /build/build.sh
Logging to GitLab Container Registry with CI credentials...
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
Building Dockerfile-based application...
Step 1/10 : FROM maven:3.5.2-jdk-8-alpine AS maven_build
3.5.2-jdk-8-alpine: Pulling from library/maven
22bc7fb81913: Pull complete
Digest: sha256:7cebda60f8a541e1bf2330306d22f9786f989187f4ec96539d398a0d4dbfdadb
Status: Downloaded newer image for maven:3.5.2-jdk-8-alpine
---> 293423a981a7
Step 2/10 : COPY pom.xml /tmp/
---> c0e609a509a8
Step 3/10 : COPY src /tmp/src/
---> e735a08f2b39
Step 4/10 : WORKDIR /tmp/
---> Running in 90620c0ca3ad
Removing intermediate container 90620c0ca3ad
---> a5d9fdc62aa9
Step 5/10 : RUN mvn package
---> Running in dc90f43fc83b
[INFO] Scanning for projects...
Downloading from central: https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-starter-parent/2.2.1.RELEASE/spring-boot-starter-parent-2.2.1.RELEASE.pom
It never throws an error (until it timesout) and it never goes past this point.
Kubernetes has 4 nodes 1 master and 3 slaves, using flannel and MetalLB
Edit:
I added a curl command instead of mvn package and it seems the download speed is 0, how is that possible?
Step 5/11 : RUN curl https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-starter-parent/2.2.1.RELEASE/spring-boot-starter-parent-2.2.1.RELEASE.pom --output test.pom
---> Running in db2bc24c6a4f
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:05:00 --:--:-- 0
curl: (28) Operation timed out after 300689 milliseconds with 0 out of 0 bytes received
The command '/bin/sh -c curl https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-starter-parent/2.2.1.RELEASE/spring-boot-starter-parent-2.2.1.RELEASE.pom --output test.pom' returned a non-zero code: 28
ERROR: Job failed: command terminated with exit code 1
According to place where CI hangs, your pipeline stuck at mvn package:
Step 5/10 : RUN mvn package
---> Running in dc90f43fc83b
[INFO] Scanning for projects...
Downloading from central: https://repo.maven.apache.org/maven2/org/springframework/boot/spring-boot-starter-parent/2.2.1.RELEASE/spring-boot-starter-parent-2.2.1.RELEASE.pom
So, you can try to restart Artifactory.
Also, you can debug mvn packages with mvn clean package -X -e
See: this answer :
java - Maven hanging indefinitely while checking for updates - Stack Overflow
mvn clean package -X -e
I've been trying to setup Cloud Code with VSCode and I've been running in to problems when starting the deploy process with Cloud Code: Deploy.
I've tried deploying the samples, python-hello-world-1 as well as the go-hello-world-1, to my kubernetes cluster on GKE but always end up getting errors when the deploy process starts package downloading:
Go Output
Running: skaffold run --enable-rpc -v info --rpc-http-port 49869 --filename skaffold.yaml --default-repo gcr.io/abx-lernende
starting gRPC server on port 50051
starting gRPC HTTP server on port 49869
Using kubectl context: gke_abx-lernende_europe-west4-a_joshu-test-cluster
Generating tags...
- go-hello-world -> gcr.io/abx-lernende/go-hello-world:latest
Checking cache...
- go-hello-world: Not found. Building
Building [go-hello-world]...
Sending build context to Docker daemon 57.86kB
Step 1/8 : FROM golang:1.13
---> 6586e3d10e96
Step 2/8 : RUN go get -u -v github.com/go-delve/delve/cmd/dlv
---> Running in b75ce8e5dae9
[91mgithub.com/go-delve/delve (download)
[0m[91m# cd .; git clone -- https://github.com/go-delve/delve /go/src/github.com/go-delve/delve
Cloning into '/go/src/github.com/go-delve/delve'...
fatal: unable to access 'https://github.com/go-delve/delve/': Failed to connect to github.com port 443: Connection refused
package github.com/go-delve/delve/cmd/dlv: exit status 128
[0mfailed to build: build failed: building [go-hello-world]: build artifact: unable to stream build output: The command '/bin/sh -c go get -u -v github.com/go-delve/delve/cmd/dlv' returned a non-zero code: 1
Exited with code 1.
Python Output
Running: skaffold run --enable-rpc -v info --rpc-http-port 50185 --filename
skaffold.yaml --default-repo gcr.io/abx-lernende
starting gRPC server on port 50051
starting gRPC HTTP server on port 50185
Skaffold &{Version:v1.3.1 ConfigVersion:skaffold/v2alpha3 GitVersion: GitCommit:6ba887a42438d1da578a005cf550e618fee6dfb8 GitTreeState:clean BuildDate:2020-01-31T19:55:18Z GoVersion:go1.13.4 Compiler:gc Platform:windows/amd64}
Using kubectl context: gke_abx-lernende_europe-west4-a_joshu-test-cluster
Generating tags...
- python-hello-world -> Tags generated in 0s
gcr.io/abx-lernende/python-hello-world:latest
Checking cache...
- python-hello-world: Cache check complete in 6.0001ms
Not found. Building
Building [python-hello-world]...
Sending build context to Docker daemon 4.608kB
Step 1/7 : FROM python:3.8
---> efdecc2e377a
Step 2/7 : WORKDIR /app
---> Using cache
---> a131b81cad66
Step 3/7 : COPY requirements.txt .
---> Using cache
---> 4625ef1862bd
Step 4/7 : RUN pip install --trusted-host pypi.python.org -r requirements.txt
---> Running in 4da23a158ae3
[91mWARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ConnectTimeoutError(<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f17ba9c9d60>, 'Connection to pypi.org timed out. (connect timeout=15)')': /simple/flask/
Im assuming this is due to me being behind a corporate proxy. As counter measures I have explicitly configured VSCode, Git, pip, go and google cloud sdk all to use said proxy. On top of that I set the Windows ENV variables for the proxy. sadly without success.
Thanks!
You can configure docker to pass through proxy information into the containers by adding something like the following to your ~/.docker/config.json:
{
"proxies": {
"default": {
"httpProxy": "http://192.168.1.12:3128",
"httpsProxy": "http://192.168.1.12:3128"
}
}
}
Docker will set the HTTP_PROXY/HTTPS_PROXY environment variables within the container which is picked up by many tools.
As the title describes, choco install openvpn returns the below error;
ERROR: Unable to import PGP key 'C:\ProgramData\chocolatey\lib\openvpn\tools\openvpn_public_key.asc' in the temporary keyring (C:\ProgramData\chocolatey\lib\openvpn\tools\e090a0df-7709-xxxx-xxxx-xxxxxxxxxxxx\pubring.gpg).
The install of openvpn was NOT successful.
Error while running 'C:\ProgramData\chocolatey\lib\openvpn\tools\chocolateyInstall.ps1'.
See log for details.
Failures
- openvpn (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\openvpn\tools\chocolateyInstall.ps1'.
See log for details.
I am using a Windows 10, v1803 machine.
Below is the part of the log that shows the complete traced error;
[DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\openvpn.2.4.7\.arguments".
[DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\openvpn.2.4.7\.extra".
[DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\openvpn.2.4.7\.version".
[DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\openvpn.2.4.7\.sxs".
[DEBUG] - Attempting to delete file "C:\ProgramData\chocolatey\.chocolatey\openvpn.2.4.7\.pin".
[DEBUG] - Attempting to delete directory "C:\ProgramData\chocolatey\lib-bad\openvpn".
[DEBUG] - Sending message 'HandlePackageResultCompletedMessage' out if there are subscribers...
[ERROR] - The install of openvpn was NOT successful.
[ERROR] - Error while running 'C:\ProgramData\chocolatey\lib\openvpn\tools\chocolateyInstall.ps1'.
See log for details.
[DEBUG] - Moving 'C:\ProgramData\chocolatey\lib\openvpn'
to 'C:\ProgramData\chocolatey\lib-bad\openvpn'
[DEBUG] - Attempting to delete file "C:\Users\XXX\AppData\Local\NuGet\Cache\openvpn.2.4.7.nupkg".
[WARN ] -
Chocolatey installed 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
[INFO ] -
[ERROR] - Failures
[ERROR] - - openvpn (exited -1) - Error while running 'C:\ProgramData\chocolatey\lib\openvpn\tools\chocolateyInstall.ps1'.
See log for details.
[DEBUG] - Sending message 'PostRunMessage' out if there are subscribers...
[DEBUG] - Exiting with -1
I found out the solution which is disabling the git PATH used where as it puts the version of gpg.exe shipped with git ahead of the one from openvpn package on my environment variables.
This could be done in two ways;
The first is editing the environment PATH variables and moving git PATH below the C:\Program Files (x86)\GNU\GnuPG\pub PATH, see the picture below.
The second is removing/deleting the git PATH variables then start a new powershell session, run choco install openvpn then returning the git PATH back to the env variables.
In my case, the fist option worked just fine.
I have been facing issues while trying to build a project in jenkins which fetches the files from github .
Below is the error log i got :
p.s: for security reason i have removed the ssh url of git .I can able to clone from my locally but when im trying it from jenkins it fails . I have generated ssh key in linux server and its able to connect to github .Can anyone please help me on this
Building in workspace /var/lib/jenkins/jobs/tr-data-events-testing/workspace
> /usr/local/bin/git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
> /usr/local/bin/git config remote.origin.url git#github.url---------git # timeout=10
Fetching upstream changes from git#github.url-----------s.git
> /usr/local/bin/git --version # timeout=10
using GIT_SSH to set credentials jenkins dxc key
> /usr/local/bin/git fetch --tags --progress git#----url--------------.git +refs/heads/*:refs/remotes/origin/*
ERROR: Error fetching remote repo 'origin'
hudson.plugins.git.GitException: Failed to fetch from git#---url-------.git
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:766)
at hudson.plugins.git.GitSCM.retrieveChanges(GitSCM.java:1022)
at hudson.plugins.git.GitSCM.checkout(GitSCM.java:1053)
at hudson.scm.SCM.checkout(SCM.java:485)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1282)
at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:610)
at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:532)
at hudson.model.Run.execute(Run.java:1741)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:529)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:381)
Caused by: hudson.plugins.git.GitException: Command "/usr/local/bin/git fetch --tags --progress git#github.-------events.git +refs/heads/*:refs/remotes/origin/*" returned status code 128:
stdout:
stderr: error: The requested URL returned error: 503 while accessing https://--url-----------/info/refs
fatal: HTTP request failed
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandIn(CliGitAPIImpl.java:1693)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.launchCommandWithCredentials(CliGitAPIImpl.java:1441)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl.access$300(CliGitAPIImpl.java:62)
at org.jenkinsci.plugins.gitclient.CliGitAPIImpl$1.execute(CliGitAPIImpl.java:313)
at hudson.plugins.git.GitSCM.fetchFrom(GitSCM.java:764)
... 11 more
ERROR: null
Started calculate disk usage of build
Finished Calculation of disk usage of build in 0 seconds
Started calculate disk usage of workspace
Finished Calculation of disk usage of workspace in 0 seconds
Finished: FAILURE
Help us localize this page
i resolved this issue by un setting the proxy in .gitconfig file . thank you for your answers
First, make sure Jenkins is running with the same user account you have created your ssh keys with.
It it does not, it would search for ~/.ssh/id_rsa in its own $HOME.
Second, to debug, you can launch Jenkins with this environment variable set first:
export GIT_SSH_COMMAND='ssh -Tv'
That way, any time it will try a git command involving ssh, you will see exactly where Jenkins/git tries to look for ssh keys, and what is the error.
Make sure you Git is recent enough to support this (Git 2.3+, Q4 2015).
But your logs show:
The requested URL returned error: 503 while accessing https://
So this has nothing to do with ssh. As mentioned, a proxy can interfere.