I'm trying to login to an own hosted Travis Enterprise, but usual travis login and travis login --pro are trying to login to usual Travis SAAS environment
Given that your Travis is hosted at travis.fewlaps.com, run
travis login -I -t your-travis-token -e https://travis.fewlaps.com/api --github-token=personal-access-token-from-githubenterprise &&
travis endpoint --set-default -e https://travis.fewlaps.com/api
...and then, to use your own Travis instead of the common one at every travis command,
travis endpoint --set-default -e https://travis.fewlaps.com/api
Remember that Travis will need that your GitHub Enterpise has the needed permissons. Right now, we're giving to that token these permissions:
repo (all of them)
admin:repo_hook
user
For those still struggling with this, the following helped me:
travis login --pro -X --github-token ${github-token}
Make sure you set the github token for your personal account with access to the private repos as detailed here, and create the token with the following permissions:
For private projects:
user:email (read-only)
read:org (read-only)
repo
for open source projects:
user:email (read-only)
read:org (read-only)
repo_deployment
repo:status
write:repo_hook
I have been struggling with this for several months and finally figured it out (accidentally). You can use the -X option to log into enterprise accounts. This might have always been present, but I was not aware of it.
travis login -X --github-token ${my-github-enterprise-token}
Then enter the enterprise domain when prompted and use it as the default endpoint.
Related
I have just installed puppet server enterprise and successfully added a few nodes and got some custom modules running also. I am now wanting to move to Code Manager before we get too deep in it.
I have followed the instructions for creating an empty Bitbucket repo here and initializing it with one single file environment.conf on a production branch as described in that link.
I have then followed the steps here to configure Code Manager but when I get to Test the control repository section to test the connection with puppet-code deploy --dry-run I get the following error:
--dry-run implies --all.
--dry-run implies --wait.
Dry-run deploying all environments.
2021/12/21 20:21:12 ERROR - [POST /deploys][500] Errors while collecting a list of environments to deploy (exit code: 1).
"/opt/puppetlabs/puppet/lib/ruby/gems/2.7.0/gems/rugged-0.27.7/lib/rugged/repository.rb:258: warning: Using the last argument as keyword parameters is deprecated\nERROR\t -\u003e Unable to determine current branches for Git source 'puppet' (/etc/puppetlabs/code-staging/environments)\nOriginal exception:\nFailed to authenticate SSH session: Unable to send userauth-publickey request at /opt/puppetlabs/server/data/code-manager/git/git#git.company.com-1234-in-puppet-control-repo.git\n"
I have added the puppet server's SSH pub key to the bitbucket repo's access tokens.
There are a few things in that error message im not fully understanding.
Unable to determine current branches for Git source 'puppet' - What is meant by source 'puppet' - my repo is called puppet-control-repo...?
Failed to authenticate SSH session: Unable to send userauth-publickey request - My puppet master's SSH keys are in the token list for that repo so confused here also.
Any guidance would be appreciated.
UPDATE (13-01-2022):
I can successfully clone on puppet server using command
git clone ssh://git#git.example.com:1234/project/puppet-control-repo.git --config core.sshCommand="ssh -i /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa"
Note sure why puppet is still returning:
Failed to authenticate SSH session: Unable to send userauth-publickey request
I don't know if you saw the instructions here https://puppet.com/docs/pe/2021.4/control_repo.html#managing_environments_with_a_control_repository but you can run
puppet infrastructure configure
which makes sure the files have right permissions.
I would also test attempting a clone with keys works outside of code deploy
git clone -i /etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa your_gir_url
If this works it may be worth being aware of an issue we experienced on github https://puppet.com/blog/how-githubs-protocol-changes-impact-your-puppet-code-deployments/ which depending on bitbuckets approach to protocal may be having a similar affect.
We are updating docs to recommend the usage of more secure keys ed25519 creating as per the article.
if a manual clone doesnt work it suggests bitbucket doesn't have your public key correctly
Also a more complete debugging command is
runuser -u pe-puppet -- /opt/puppetlabs/puppet/bin/r10k -c /opt/puppetlabs/server/data/code-manager/r10k.yaml deploy environment production --puppetfile --verbose debug2
FOLLOWUP
On investigation we found https://support.puppet.com/hc/en-us/articles/227829007 which showed ssh:// was required at the start of r10k_remote making an example command of ssh://git#bitbucket.org:davidsandilands/control-repo.git
I have requested updates to https://support.puppet.com/hc/en-us/articles/227829007 to highlight this is not a version confined issue and asked for the puppet code manager configuration docs to be updated to reflect this may be required.
I see that you have a .pub file in the ssh directory. I believe it's expecting a private key there.
Also do you have the master class set up to point to your repo inside of Puppet Enterprise web ui?
You'll want to set the following parameters on that class.
code_manager_auto_configure = true
r10k_private_key = $PRIVATE_KEY_IN_SSH_FOLDER_ABSOLUTE_PATH
r10k_remote = Your git URL
The PE Master can be found in Node Groups on the PE Web UI Node Groups -> PE Infrastructure -> PE Master
Thanks to #david-sandilands for helping me resolve this and guiding me to this article via the puppet community slack. Top guy!
EDIT 1:
The solution was documented here: https://support.puppet.com/hc/en-us/articles/227829007-Fix-your-Bitbucket-Stash-Code-Manager-configuration-in-Puppet-Enterprise-2015-3-to-2017-2
However the documentation was out of date as it affected version 2021.4 also.
In short:
r10k_remote = "ssh://git#git.company.com:1234/project/control-repo.git"
Not
r10k_remote = "git#git.company.com:1234/project/control-repo.git"
When working with Bitbucket Server.
EDIT 2:
Puppet have since updated their documentation:
https://puppet.com/docs/pe/2021.5/code_mgr_config.html#code_mgr_enable
I have a Jenkins job to deploy metadata to a given org. This is meant to be used as a first time setup method for new metadata. I have a jenkinsfile that can run the sfdx commands, and I'm trying to run force:auth:web:login.
agent none
steps {
script {
withEnv(["HOME=${env.WORKSPACE}", "MY_TOOL_DIR=${tool name: 'sfdx', type: 'com.cloudbees.jenkins.plugins.customtools.CustomTool'}"]){
def sfdx = "SFDX_USE_GENERIC_UNIX_KEYCHAIN=true ${MY_TOOL_DIR}/sfdx"
sh "${sfdx} force:auth:web:login --setalias deployOrg"
sh "${sfdx} force:mdapi:deploy -c -d ../MetadataFiles -u deployOrg -w 10"
}
}
This runs, but it doesn't open up the prompt to do the actual login. I was trying to do this before with ant, which was running but was refusing to deploy customSite data. So I could do either or, I just have to fix one error or the other. Is there a way to authorize a regular org (not devhub) like with JWT flows, or is that fully impossible?
Any help is much appreciated.
Is there a way to authorize a regular org (not devhub) like with JWT flows, or is that fully impossible?
Yes. The JWT Flow is in no way specific to Dev Hub orgs. You can authorize those orgs using JWT and a stored certificate following the instructions in the Salesforce DX Developer Guide.
On my Travis CI enterprise setup, when I use the Travis CLI to encrypt a password, it complains that I'm not logged in, although I logged in successfully just before.
$ travis login -e https://travis-ci.my-company.corp/api
We need your GitHub login to identify you.
This information will not be sent to Travis CI, only to github.my-company.corp.
The password will not be displayed.
Try running with --github-token or --auto if you don't want to enter your password anyway.
Username: itsme
Password for itsme: ********
Successfully logged in as itsme!
$ travis encrypt
not logged in, please run travis login --pro
Setting a default endpoint for the Travis CLI solved this for me:
travis endpoint --set-default --api-endpoint https://travis-ci.my-company.corp/api
travis login
travis encrypt "escaped_password" --add deploy.password
While you're here, as a side note: When using travis encrypt, remember to escape special characters in your password, because they'll be evaluated by bash in the build environment...
I am trying to encrypt some signature details using travis cli:
travis encrypt SONATYPE_USERNAME=xxxx
I get an error saying :
not logged in, please run travis login --pro
Is it required to have a pro login to use encrypt? Can I not use org login and use this command?
To encrypt, Travis-CLI will require being logged in first. The --pro flag provided with the help string is a good default (travis.com (paid) users are more likely to use the CLI), but not strictly necessary and can be replaced with --org, which will use the travis.org (free) endpoint.
for https://travis-ci.org
travis login --org
travis encrypt <string> --org
when I am trying to clone a rails app repo I have got permission to, I am getting this issue.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Even after adding public key by generating one, I am unable to solve this.
Although I am able to clone using he https method but after making changes, the same error comes while I try to push the code.
Please suggest an answer for this.
First, cd into your .ssh directory. Open up the terminal and run:
cd ~/.ssh && ssh-keygen
Second, you need to copy this to your clipboard:
cat id_rsa.pub | pbcopy # On OSX
cat id_rsa.pub | xclip # On Linux
Third, add your newly generated ssh key to your account via the github/bitbucket website (just paste there).
Next, setup your git config:
git config --global user.name 'your_user_name'
git config --global user.email 'your_email'
Finally, restart your command line to make sure the config is reloaded.
Now, you should be able to clone and push from/to your github repository.
For more information on this, see this github page or this bitbucket page.
When attempting to clone, push, or pull over SSH with Git, you may receive one of these messages if Bitbucket couldn't authenticate with the keys that your SSH agent offered.
Here are the most common reasons why you may see these messages:
You used sudo when attempting the connection
You shouldn't use sudo when cloning, pushing, or pulling because the ssh-agent runs on the user level, not the root level.
Your public key isn't loaded into Bitbucket
To check if your public key is loaded into Bitbucket, do the following:
From Bitbucket, choose Personal settings from your avatar in the lower left.
The Account settings page displays.
Click SSH keys.
The SSH keys page shows a list of any existing keys.
If you don't have any keys listed, you can follow our Set up an SSH key documentation to set one up.
Your key isn't loaded into your SSH agent
If your SSH agent doesn't know to offer Bitbucket a key, the connection fails. You may run into this issue if you've recently restarted your system.
You can refer to this Article for more informations:
https://support.atlassian.com/bitbucket-cloud/docs/troubleshoot-ssh-issues/
Check few things.
Is the generated new key is the one your ssh agent using when trying to ssh to server.
(Your ssh agent might be using a different key than the one you generated)
use this to list currently loaded keys by agent.
ssh-add -L
You properly added public key to your repository hosting location.
The keys corresponding to above 1 and 2 should match.
Please see this article: GitHub: Generating SSH Keys. What happens when you run:
ssh -T git#bitbucket.org
?
You may have added the wrong key to authenticate with.
I faced this error when I created another repository in my local. My ssh-keys were already set up and I was trying to push code through vs code.
The issue got resolved when I git push-ed through git bash like I was doing before.
For bit bucket I think I have tried everything with ssh. I have tried the answer from this stackoverflow question as well. But it doesn't work. So finally I just changed the clone command from SSH to HTTPS and it worked. Only then it asked for password for my account.