GIT repo issues in SCS 3.1.19 and lower
Article ID: 298106
Updated On:
Products
Issue/Introduction
Config repository is updated but not being pulled by mirror service. Re-binding the config server service and when that did not work, we deleted the service and re-deployed it, re-bound config server service and that still had old commit.
Environment
Resolution
SCS 3.1.20 resolved the issue. Cannot Update Credentials for Git Repositories that use HTTP(S) URLs In Spring Cloud Services v3.1.0–v3.1.5, you cannot update credentials for a Git repository that were originally added to a Config Server service instance using a HTTP or HTTPS URL. This means that if the repository's credentials are rotated, the Config Server's mirror service will be unable to update its mirror of the repository. To resolve this issue, you can update the Config Server to use SSH, rather than HTTP or HTTPS, to access the Git repository.
SSH Repository Access
You can configure a Config Server configuration source so that the Config Server accesses it using the Secure Shell (SSH) protocol. To do so, you must specify a URI using a supported URI format, and you must supply a private key. You may also supply a host key with which the server will be identified. If you do not provide a host key, the Config Server will not verify the host key of the configuration source's server.
Note: In Spring Cloud Services v3.1.15 and earlier, Config Server does not support ssh:// URIs. Config Server support for ssh:// URIs was added in Spring Cloud Services v3.1.16.
A SSH URI must include a username, host, and repository path. This might be specified as shown in the following command:
cf create-service p.config-server standard config-server -c '{"git": { "uri": "ssh://[email protected]/spring-cloud-services-samples/cook.git"} }'
An equivalent Secure Copy Protocol (SCP) style URI might be specified as shown in the following command:
cf create-service p.config-server standard config-server -c '{"git": { "uri": "[email protected]:spring-cloud-services-samples/cook-config.git"} }'
The parameters used to configure SSH for a Config Server configuration source's URI are listed below.
| Parameter | Function |
hostKey | The host key of the Git server. If you have connected to the server via git on the command line, this is in your .ssh/known_hosts. Do not include the algorithm prefix; this is specified in hostKeyAlgorithm. (Optional.) |
hostKeyAlgorithm | The algorithm of hostKey: one of "ssh-dss", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", and "ecdsa-sha2-nistp521". (Required if supplying hostKey.) |
privateKey | The private key that identifies the Git user, with all newline characters replaced by \n. Passphrase-encrypted private keys are not supported. |
strictHostKeyChecking | Whether the Config Server should fail to start if it encounters an error when using the provided hostKey. (Optional.) Valid values are true and false. Default is true. |
To configure a Config Server service instance that uses SSH to access a configuration source, allowing for host key verification, use the following command:
cf create-service p.config-server standard config-server -c '{"git": { "uri": "[email protected]/spring-cloud-services-samples/cook.git", "hostKey": "EXAMPLEcccc1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+...", "hostKeyAlgorithm": "ssh-rsa", "privateKey": "-----BEGIN EXAMPLE RSA PRIVATE KEY-----\nMIIJKQIB..."} }'
To configure a Config Server service instance that uses SSH to access a configuration source, without host key verification, use the following command:
cf create-service p.config-server standard config-server -c '{"git": { "uri": "[email protected]/spring-cloud-services-samples/cook.git", "privateKey": "-----BEGIN EXAMPLE RSA PRIVATE KEY-----\nMIIJKQIB..."} }'
https://docs.vmware.com/en/Spring-Cloud-Services-for-VMware-Tanzu/3.1/spring-cloud-services/GUID-config-server-configuring-with-git.html#ssh-repository-access
Feedback
