Flux: Flux does not support private git URLs with non-default SSH port

Created on 24 Jul 2019  路  9Comments  路  Source: fluxcd/flux

Describe the bug
Flux seems to not support private git URLs with non-default SSH port.

We are using a self-hosted bitbucket instance for our git repositories, the git clone URL is:

git@mybitbuckethost:7999/myproject/myrepo.git

The string "7999" is the port for the SSH service, it is the default on self-hosted bitbucket.

To Reproduce
Steps to reproduce the behavior:

  1. What's your setup?

self-hosted flux service which uses self-hosted bitbucket for the git repo.

  1. Go to '...'

flux deployment https://github.com/fluxcd/flux/blob/master/deploy/flux-deployment.yaml#L121
And use "git@mybitbuckethost:7999/myproject/myrepo.git" for --git-url

  1. See error

ts=2019-07-23T16:56:36.483567234Z caller=loop.go:85 component=sync-loop err="git repo not ready: git repo has not been cloned yet"

Expected behavior
Flux should identify by itself that port 7999 is the correct port.

Additional context
Add any other context about the problem here, e.g

  • Flux version: 1.13.2
  • Kubernetes version: 1.12
  • Git provider: self hosted bitbucket
question
Source
picture mzachh

Most helpful comment

I think I found the issue now, if the protocol ssh:// is used, it parses the port correctly. If it is omitted it defaults to port 22.

So if I use --git-url=ssh://git@mybitbuckethost:7999/myproject/myrepo.git it works as expected.

Thanks a lot!

Maybe the example in https://github.com/fluxcd/flux/blob/master/deploy/flux-deployment.yaml#L121 should also use ssh:// ?

(Note: in my initial example I wrongly used "ssh://" already, therefore I edited it)

picture mzachh on 24 Jul 2019
👍2

All 9 comments

As workaround we added an entry to /root/.ssh/config with the correct port and left our the port in the git URL:

    Host mybitbuckethost
        HostName mybitbuckethost
        Port 7999
        User git

and --git-url=git@mybitbuckethost:/myproject/myrepo.git

mzachh picture mzachh on 24 Jul 2019

Given the fact that I use a git repository in my development setup with a non default port (2022), I almost can't imagine it was unable to clone due to the port.

Did you ssh-keyscan _with -p_, and add the result to the known_hosts, as described in our docs? https://github.com/fluxcd/flux/blob/b0bf40809c1b1fe9682a3426f10f6499222f1a24/chart/flux/README.md#to-install-flux-with-a-private-git-host

hiddeco picture hiddeco on 24 Jul 2019

yes, I verified the host keys. I actually started the troubleshooting in that area, because flux connected to port 22 (which uses a different host key).

Does your git-url have the same form?

mzachh picture mzachh on 24 Jul 2019

My URL omits .git: ssh://git@<ip>:2022/home/git/repo

hiddeco picture hiddeco on 24 Jul 2019

I think I found the issue now, if the protocol ssh:// is used, it parses the port correctly. If it is omitted it defaults to port 22.

So if I use --git-url=ssh://git@mybitbuckethost:7999/myproject/myrepo.git it works as expected.

Thanks a lot!

Maybe the example in https://github.com/fluxcd/flux/blob/master/deploy/flux-deployment.yaml#L121 should also use ssh:// ?

(Note: in my initial example I wrongly used "ssh://" already, therefore I edited it)

mzachh picture mzachh on 24 Jul 2019
👍2

The problem with the ssh:// example is that this also confuses people, as the most well known format is the shorthand that is integrated in git ([email protected]:some/repository.git). See for example #2275.

hiddeco picture hiddeco on 24 Jul 2019

I see, thanks for clarifying it.

mzachh picture mzachh on 1 Aug 2019

I ran into this when setting up an air-gapped environment.
We should definitely mention info about git's url parser since it's such a huge gotcha.

I'll patch the docs.

stealthybox picture stealthybox on 1 Aug 2019

Hi,
sorry for reviving this issue here.. but I am running into weird SSH port parsing issues. My flux install line is:

fluxctl install --git-user=git [email protected] --git-url=ssh://[email protected]:2222/christian.rebischke/flux-get-started --git-path=namespaces,workloads --namespace=flux | k apply -f -

When I trigger fluxctl sync --k8s-fwd-ns flux I get this error here:

Error: git repository ssh://[email protected]/2222/christian.rebischke/flux-get-started is not ready to sync

Full error message: git clone --mirror: running git command: git [clone --mirror [email protected]:2222/christian.rebischke/flux-get-started /tmp/flux-gitclone376348852]: context deadline exceeded
Run 'fluxctl sync --help' for usage.

You can see in the first message that flux has altered the repository URL and thinks 2222 is a path instead of a port.

shibumi picture shibumi on 6 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cloudpea picture cloudpea  路  3Comments
leroy0211 picture leroy0211  路  3Comments
brantb picture brantb  路  3Comments
MaralKay picture MaralKay  路  3Comments
errordeveloper picture errordeveloper  路  4Comments