Configuration of Spring Cloud Service Config Server Instance with a git url using SSH protocol

Products

VMware Tanzu Spring Runtime

Issue/Introduction

When creating a Spring Cloud Service Config Server Instance with a git url using SSH protocol we might see below error.

2025-03-11T10:50:29.593Z  INFO 6 --- [   scheduling-1] i.p.s.c.mirrorservice.mirrors.ShellUtil  : Running shell command: git -c "core.sshCommand=ssh -i /var/vcap/store/mirror/ed2343e4435942b2f8e6e2db244f0c4d/private-key -o StrictHostKeyChecking=no" fetch origin

2025-03-11T10:50:30.026Z  INFO 6 --- [   scheduling-1] i.p.s.c.mirrorservice.mirrors.ShellUtil  : Load key "/var/vcap/store/mirror/ed2343e4435942b2f8e6e2db244f0c4d/private-key": error in ibcrypto

2025-03-11T10:50:30.026Z  INFO 6 --- [   scheduling-1] i.p.s.c.mirrorservice.mirrors.ShellUtil  : [email protected]: Permission denied (publickey).

2025-03-11T10:50:30.026Z  INFO 6 --- [   scheduling-1] i.p.s.c.mirrorservice.mirrors.ShellUtil  : fatal: Could not read from remote repository.

Environment

VMware Tanzu Application Service for VMs

Cause

This issue is due to the configuration or formatting of the private keys.

Resolution

Follow below steps to resolve mirror sync issue.

We followed below steps to resole mirror sync issue.

1) Generating the new ssh keys

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This creates a new SSH key(2 keys, private and public), using the provided email as a label.

-rw------- 1 ubuntu ubuntu 3389 Apr 14 04:39 id_rsa
-rw-r--r-- 1 ubuntu ubuntu  748 Apr 14 04:39 id_rsa.pub

Public key needs to be updated in the GitHub account.

https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account
Private key needs to be passed to the config service in the next steps.

2) Update the private key to config server with below format.

cf update-service si1 -c '{"git": { "uri": "[email protected]:kmk371661/testing.git", "privateKey": "-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaCxxxxxxxxxxxxxbQECAwQF\n-----END OPENSSH PRIVATE KEY-----\n"}}'

private key should be in a single line. To convert the private key id_rsa to a single line, use the below command.

awk -v ORS='\\n' '1' id_rsa

ubuntu@opsmanager-3-0:~/.ssh$ ls -l
total 32

-rw------- 1 ubuntu ubuntu 3389 Apr 14 04:39 id_rsa
-rw-r--r-- 1 ubuntu ubuntu  748 Apr 14 04:39 id_rsa.pub

ubuntu@opsmanager-3-0:~/.ssh$ awk -v ORS='\\n' '1' id_rsa

3) Verify the status of the service update.

ubuntu@opsmanager-3-0:~/.ssh$ cf services
Getting service instances in org test3 / space ns1 as admin...

name   offering          plan       bound apps   last operation     broker               upgrade available

si1    p.config-server   standard                update succeeded   scs-service-broker   no

Login to the apps manager, find the config server and click on sync mirror to verify the status.

https://techdocs.broadcom.com/us/en/vmware-tanzu/spring/spring-cloud-services-for-cloud-foundry/3-2/scs-tanzu/config-server-using-the-dashboard.html

Additional Information

Relavent Kb's

https://knowledge.broadcom.com/external/article?articleNumber=297402

https://knowledge.broadcom.com/external/article/298319/troubleshooting-config-server-service-in.html

https://knowledge.broadcom.com/external/article/380599/scs-config-server-service-instance-fails.html