You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Aggelos Karalias (JIRA)" <ji...@apache.org> on 2019/02/14 14:16:01 UTC
[jira] [Commented] (NIFIREG-207) Failure to push to a cloned git
repository, despite ability to push from command line
[ https://issues.apache.org/jira/browse/NIFIREG-207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16768293#comment-16768293 ]
Aggelos Karalias commented on NIFIREG-207:
------------------------------------------
I think I had the same issue and there are actually 2 issues here:
*ISSUE 1 - the actual exception in the log:*
For my case it turned out that JGit wasn't capable to understand ECDSA known_hosts keys and modern distributions default to that. Check your known_hosts file for entries that contain
_ecdsa-sha2-nistp256_ and if you see only that kind of entries then I think that is your problem.
You can try to add the rsa public key using the command below:
{code:java}
ssh mali.corp.sensis.com ssh-keyscan -t rsa mali.corp.sensis.com >> ~/.ssh/known_hosts{code}
Then you can see the entry in the file as:
{code:java}
mali.corp.sensis.com ssh-rsa PUBLIC_KEY_BASE64{code}
That solved the _authenticity_ issue for me but I got Auth Fail just after that and the actual problem was that I cloned the ssh variant of the repo which leads us to ISSUE 2 and the actual solution.
*ISSUE 2 - the actual solution to connect nifi-registry to a git provider:*
You need to clone the _https_ variant of your git repo.
Cloning the ssh version is problematic for 2 reasons:
*a.* if the user that nifi-registry executes hasn't ssh keys set on your git server then authentication fails and you can't move on as the username and password configuration is not used
*b.* in the rare case that the user that nifi-registry executes as has the ssh keys set then you should be warned that you have full access in the repo and the permissions you applied when you generated the token (as proposed by nifi-registry + git integration) are not used as you didn't use the token to authenticate.
> Failure to push to a cloned git repository, despite ability to push from command line
> -------------------------------------------------------------------------------------
>
> Key: NIFIREG-207
> URL: https://issues.apache.org/jira/browse/NIFIREG-207
> Project: NiFi Registry
> Issue Type: Bug
> Reporter: David Sargrad
> Priority: Major
>
> I've configured a GIT repository to serve as the flow storage provider. I created a clone of the repository and configured nifi registry to point to that clone. The clone is in directory
> {noformat}
> /var/lib/nifiregistry/git/eids-registry{noformat}
> as seen in the following diff of my providers configuration.
> {noformat}
> diff providers.xml providers.xml.old
> 18d17
> < <!--
> 23d21
> < -->
> 24a23
> > <!--
> 27,30c26,29
> < <property name="Flow Storage Directory">/var/lib/nifiregistry/git/eids-registry</property>
> < <property name="Remote To Push">origin</property>
> < <property name="Remote Access User">git</property>
> < <property name="Remote Access Password">abc123</property>
> ---
> > <property name="Flow Storage Directory">./flow_storage</property>
> > <property name="Remote To Push"></property>
> > <property name="Remote Access User"></property>
> > <property name="Remote Access Password"></property>
> 31a31
> > -->
> 54c54
> < </providers>
> ---
> > </providers>
> {noformat}
> The concise view of my flowPersistenceProvider configuration.
> {noformat}
> <flowPersistenceProvider>
> <class>org.apache.nifi.registry.provider.flow.git.GitFlowPersistenceProvider</class>
> <property name="Flow Storage Directory">/var/lib/nifiregistry/git/eids-registry</property>
> <property name="Remote To Push">origin</property>
> <property name="Remote Access User">git</property>
> <property name="Remote Access Password">abc123</property>
> </flowPersistenceProvider>
> {noformat}
> The clones remote points to the corresponding origin.
> {noformat}
> [root@sensis-90076 eids-registry]# pwd
> /var/lib/nifiregistry/git/eids-registry
> [root@sensis-90076 eids-registry]# git remote -v show
> origin git@mali.corp.sensis.com:eids-registry.git (fetch)
> origin git@mali.corp.sensis.com:eids-registry.git (push)
> [root@sensis-90076 eids-registry]#
> {noformat}
>
> Upon a flow change, and a commit of the change from NIFI, NIFI-REGISTRY updates the clone properly.. but fails to push to origin.
>
> {noformat}
> 2018-10-17 07:26:28,119 ERROR [GitFlowMetaData Push thread] o.a.n.r.p.flow.git.GitFlowMetaData Failed to push commits to origin due to org.eclipse.jgit.api.errors.TransportException: git@mali.corp.sensis.com:eids-registry.git: remote hung up unexpectedly
> org.eclipse.jgit.api.errors.TransportException: git@mali.corp.sensis.com:eids-registry.git: remote hung up unexpectedly
> at org.eclipse.jgit.api.PushCommand.call(PushCommand.java:180) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.apache.nifi.registry.provider.flow.git.GitFlowMetaData.lambda$startPushThread$1(GitFlowMetaData.java:220) ~[nifi-registry-framework-0.3.0.jar:0.3.0]
> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) ~[na:1.8.0_181]
> at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) ~[na:1.8.0_181]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) ~[na:1.8.0_181]
> at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) ~[na:1.8.0_181]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[na:1.8.0_181]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[na:1.8.0_181]
> at java.lang.Thread.run(Thread.java:748) ~[na:1.8.0_181]
> Caused by: org.eclipse.jgit.errors.TransportException: git@mali.corp.sensis.com:eids-registry.git: remote hung up unexpectedly
> at org.eclipse.jgit.transport.TransportGitSsh$SshPushConnection.<init>(TransportGitSsh.java:363) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.eclipse.jgit.transport.TransportGitSsh.openPush(TransportGitSsh.java:176) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.eclipse.jgit.transport.PushProcess.execute(PushProcess.java:160) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.eclipse.jgit.transport.Transport.push(Transport.java:1344) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.eclipse.jgit.api.PushCommand.call(PushCommand.java:169) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> ... 8 common frames omitted
> Caused by: org.eclipse.jgit.errors.UnsupportedCredentialItem: ssh://git@mali.corp.sensis.com:22: org.eclipse.jgit.transport.CredentialItem$YesNoType:The authenticity of host 'mali.corp.sensis.com' can't be established.
> RSA key fingerprint is ac:77:d6:6b:28:5f:6c:70:b8:34:13:b1:4b:ec:ad:c0.
> Are you sure you want to continue connecting?
> at org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider.get(UsernamePasswordCredentialsProvider.java:127) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.eclipse.jgit.transport.CredentialsProviderUserInfo.promptYesNo(CredentialsProviderUserInfo.java:137) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at com.jcraft.jsch.Session.checkHost(Session.java:793) ~[jsch-0.1.54.jar:na]
> at com.jcraft.jsch.Session.connect(Session.java:345) ~[jsch-0.1.54.jar:na]
> at org.eclipse.jgit.transport.JschConfigSessionFactory.getSession(JschConfigSessionFactory.java:136) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:140) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> at org.eclipse.jgit.transport.TransportGitSsh$SshPushConnection.<init>(TransportGitSsh.java:338) ~[org.eclipse.jgit-4.11.0.201803080745-r.jar:4.11.0.201803080745-r]
> {noformat}
> This would seem to be an issue with the SSH known_hosts.
>
> {noformat}
> Caused by: org.eclipse.jgit.errors.UnsupportedCredentialItem: ssh://git@mali.corp.sensis.com:22: org.eclipse.jgit.transport.CredentialItem$YesNoType:The authenticity of host 'mali.corp.sensis.com' can't be established.{noformat}
> Yet I am able to push just fine from the command line.. SSH is quite happy with the configuration and i am not prompted to add the host to KNOWN_HOSTS. It is already there.
>
> {noformat}
> [root@sensis-90076 eids-registry]# pwd
> /var/lib/nifiregistry/git/eids-registry
> [root@sensis-90076 eids-registry]# ls
> FAA_Terminal_Procedures_Publications hi
> [root@sensis-90076 eids-registry]# git push
> warning: push.default is unset; its implicit value is changing in
> Git 2.0 from 'matching' to 'simple'. To squelch this message
> and maintain the current behavior after the default changes, use:
> git config --global push.default matching
> To squelch this message and adopt the new behavior now, use:
> git config --global push.default simple
> See 'git help config' and search for 'push.default' for further information.
> (the 'simple' mode was introduced in Git 1.7.11. Use the similar mode
> 'current' instead of 'simple' if you sometimes use older versions of Git)
> git@mali.corp.sensis.com's password:
> Counting objects: 34, done.
> Delta compression using up to 8 threads.
> Compressing objects: 100% (30/30), done.
> Writing objects: 100% (30/30), 3.18 KiB | 0 bytes/s, done.
> Total 30 (delta 12), reused 0 (delta 0)
> To git@mali.corp.sensis.com:eids-registry.git
> 35c4861..72fd26c master -> master
> [root@sensis-90076 eids-registry]#
> {noformat}
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)