OpenShift Origin Build - unable to use git as a source

796 views Asked by At

I'm trying to do a simple build of a nodejs app I wrote in OpenShift Origin using the following yaml:

kind: "BuildConfig"
apiVersion: "v1"
metadata:
  name: "dyn-kickstart"
spec:
  triggers:
    - type: "GitHub"
      github:
        secret: "secret101"
  source:
    git:
      uri: [email protected]:serverninja02/dynamic-kickstart.git
    sourceSecret:
      name: "github"
  strategy:
    type: Docker
    dockerStrategy:
      dockerfilePath: .
      forcePull: true
      noCache: true
  output:
      to:
        kind: "DockerImage"
        name: "docker-registry-default.apps.reedfamily.local/serverninja/dynamic-kickstart:v0.0.1

The command I'm running to create the build:

$ cat dynamic-kickstart.yml | oc create -f -

What I'm running into is that the build service account doesn't seem to be able to access the github url to clone:

Cloning "[email protected]:serverninja02/dynamic-kickstart.git" ...
error: build error: Warning: Permanently added 'bitbucket.org,192.168.1.81' (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I did follow the instructions on creating the ssh-privatekey secret, placing in the secret store, and linking to the build sa. I also double-checked that key and tested through ssh forwarding that I can log into the OpenShift node and ssh [email protected].

I'm not sure what I'm doing wrong but even with using the http git url and making it a public repo, it still doesn't work as it complains about the peer certificate not being trusted:

Cloning "https://[email protected]/serverninja02/dynamic-kickstart.git" ...
error: build error: fatal: unable to access 'https://[email protected]/serverninja02/dynamic-kickstart.git/': Peer's certificate issuer has been marked as not trusted by the user.

At this point, I'm unsure where to go with this as OpenShift Origin doesn't seem to want to build anything from git as a source.

Any help or suggestions would be greatly appreciated!

OpenShift Version: 1.3.0 OpenShift Kubernetes Version: v1.3.0+52492b4

This is a flat network behind a router. DNS is on Active Directory with a wildcard entry for *.apps.reedfamily.local.

This is a test bed environment in a .local domain. However I'm using this build to potentially build this out as a POC for my company to host OpenShift.

1

There are 1 answers

1
ServerNinja On BEST ANSWER

I figured out the answer to my problem!!! So I'll share:

The /etc/resolv.conf was configured automatically during the build of my OpenShift nodes when I ran openshift-ansible. Unfortunately, there was a search domain placed in /etc/resolv.conf that must have been causing issues.

# Generated by NetworkManager
search apps.reedfamily.local
nameserver 192.168.1.40

Once I removed "search apps.reedfamily.local", that fixed the problem immediately on the next build!