Im new with Nexus Repository ( using OSS 3.37 in RHEL 7.7). Im trying to add a simple Yum repo. What i do:
Name: TestRepo
Proxy > Remote Storage: "http://mirror.centos.org/centos/"
Storage > Blob Store: "default"
Finally URL to access will be http://<IP_OF_NEXUS>:8081/repository/TestRepo/
When i try to access by using the URL i got:
*This yum proxy repository is not directly browseable at this URL.*
I found in DOC from Sonatype web same steps that i made.
I made the same steps using a APT repo and i can access using http://<IP_OF_NEXUS>:8081/repository/UbuntuRepo/
Config:
Name: UbuntuRepo
Proxy > Remote Storage: "http://archive.ubuntu.com/ubuntu/"
Storage > Blob Store: "default"
Related
I am using Jenkins with Kubernetes agents, trying to build a Gitea-hosted git repository using an organizational folder configuration. When my build triggers, I get
stderr: fatal: unable to access 'https://<servername.com>/homelab/java-spring-microservice.git/': server certificate verification failed. CAfile: none
The repository (also hosted within the kubernetes cluster) has a valid LetsEncrypt certificate on its ingress (managed by cert-manager.) I'm able to clone this repo fine from git command-line (without having TLS disabled.)
My Jenkinsfile looks like this:
podTemplate(containers: [
containerTemplate(
name: 'maven',
image: 'maven:3.8.4-openjdk-11',
command: 'sleep',
args: '30d'
)
]) {
node(POD_LABEL) {
stage('Checkout') {
checkout scm
container('maven') {
stage('Build') {
sh '''
mvn clean package
'''
}
}
}
}
}
I've looked around and seen ways to get around this by disabling TLS for the git operation, but that seems wrong-headed to me, since TLS appears to be working. I'll admit to being a bit uncertain of how exactly all this works when things are under kubernetes (where should I be looking to see if the CA trust chain is correct, etc.)
After some digging, I determined that both the version of jenkins/inbound-agent and the version of jenkins itself were built against base images that did not have up-to-date CA trust chains. I was able to resolve the problem by updating to the latest Jenkins, updating the pod template for kubernetes, and updating the kubernetes plugin for jenkins.
I am trying to connect my Spring Cloud Config to a repo on AWS CodeCommit using HTTPS but I keep getting an error saying Cannot clone or checkout repository.
This is what I have done so far:
Created a user in AWS IAM and generated HTTPS GIT username and password credentials.
Added the AWS CodeCommit git URL and user credentials into the application.yml file
server:
port: 8888
spring:
cloud:
config:
discovery:
enabled: true
server:
encrypt.enabled: false
git:
uri: https://git-codecommit.eu-west-2.amazonaws.com/v1/repos/XXXXX
username: XXXXXXXXXX
password: XXXXXXXXXX
Added the AWS java-sdk-core library as a build dependency.
Is there anything else I need to do?
Document encrypt.* values need to go in bootstrap.{yml|properites}
I have a problem with my registry docker. My "server" VM is on kali-linux. I created the registry docker in HTTP and use a centOS VM as a client. I declared the registry insecure in the client VM and it worked perfectly.
Now I try to put it in HTTPS. In order to do that, I use nginx as a proxy. I followed this tutorial : Step 5 — Setting Up SSL except for Part 8 to make it a service (I don't know why but i can't do it).
Because I don't have a domain name, I used a fake one. In order to be recognized, I added my IP (192.168.X.X) and the domain name I used (myregistryexemple) to the /etc/hosts file on both VM.
As asked by the tutorial, I generated the certificat on my "server" VM (the kali one), and send it by scp to my client VM. I make the centOS vm trust the certificate thanks to this commands :
yum install ca-certificates
update-ca-trust force-enable
cp cert.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
I restart the service docker on the client VM. And launch the docker registry and the nginx proxy with "docker-compose up" on my kali VM.
I tag and try to push an ubuntu on the registry :
docker tag ubuntu myregistryexemple/ubuntu
docker push myregistryexemple/ubuntu
But I get this error :
The push refers to a repository [docker.io/myregistryexemple/ubuntu]
56827159aa8b: Preparing
440e02c3dcde: Preparing
29660d0e5bb2: Preparing
85782553e37a: Preparing
745f5be9952c: Preparing
denied: requested access to the resource is denied
Then I try to push to localhost directly :
docker tag ubuntu localhost:5000/ubuntu & docker push localhost:5000/ubuntu
then I docker login on the domain from the client VM, it worked, but when i tried to pull from my domain registry on the client VM, docker cannot find on the registry the docker images i tried to push.
Do someone has any idea why and knows how to help me ?
Ok so i found a way to make it work.
It is quite simple : Juste follow the complete tutorial I quote on the question ( https://www.digitalocean.com/community/tutorials/how-to-set-up-a-private-docker-registry-on-ubuntu-14-04#step-5-%E2%80%94-setting-up-ssl )
After you created the repository, and before you push/pull a docker image.
You need to go, in both client and server VM, on /etc/hosts .
Add the line : domainChosen serverVmIp
Save and quit it.
Now we need the client to trust the certificate generated. In order to do that, you can use this tutorial : http://kb.kerio.com/product/kerio-connect/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html .
Then restart your registry and your docker deamon. And you normaly can use your domain name to push/pull in your registry in https.
I'm trying to do a simple build of a nodejs app I wrote in OpenShift Origin using the following yaml:
kind: "BuildConfig"
apiVersion: "v1"
metadata:
name: "dyn-kickstart"
spec:
triggers:
- type: "GitHub"
github:
secret: "secret101"
source:
git:
uri: git#bitbucket.org:serverninja02/dynamic-kickstart.git
sourceSecret:
name: "github"
strategy:
type: Docker
dockerStrategy:
dockerfilePath: .
forcePull: true
noCache: true
output:
to:
kind: "DockerImage"
name: "docker-registry-default.apps.reedfamily.local/serverninja/dynamic-kickstart:v0.0.1
The command I'm running to create the build:
$ cat dynamic-kickstart.yml | oc create -f -
What I'm running into is that the build service account doesn't seem to be able to access the github url to clone:
Cloning "git#bitbucket.org:serverninja02/dynamic-kickstart.git" ...
error: build error: Warning: Permanently added 'bitbucket.org,192.168.1.81' (ECDSA) to the list of known hosts.
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I did follow the instructions on creating the ssh-privatekey secret, placing in the secret store, and linking to the build sa. I also double-checked that key and tested through ssh forwarding that I can log into the OpenShift node and ssh git#bitbucket.org.
I'm not sure what I'm doing wrong but even with using the http git url and making it a public repo, it still doesn't work as it complains about the peer certificate not being trusted:
Cloning "https://serverninja02#bitbucket.org/serverninja02/dynamic-kickstart.git" ...
error: build error: fatal: unable to access 'https://serverninja02#bitbucket.org/serverninja02/dynamic-kickstart.git/': Peer's certificate issuer has been marked as not trusted by the user.
At this point, I'm unsure where to go with this as OpenShift Origin doesn't seem to want to build anything from git as a source.
Any help or suggestions would be greatly appreciated!
OpenShift Version: 1.3.0
OpenShift Kubernetes Version: v1.3.0+52492b4
This is a flat network behind a router. DNS is on Active Directory with a wildcard entry for *.apps.reedfamily.local.
This is a test bed environment in a .local domain. However I'm using this build to potentially build this out as a POC for my company to host OpenShift.
I figured out the answer to my problem!!! So I'll share:
The /etc/resolv.conf was configured automatically during the build of my OpenShift nodes when I ran openshift-ansible. Unfortunately, there was a search domain placed in /etc/resolv.conf that must have been causing issues.
# Generated by NetworkManager
search apps.reedfamily.local
nameserver 192.168.1.40
Once I removed "search apps.reedfamily.local", that fixed the problem immediately on the next build!
My ultimate goal is to be able to do pip installs from our github enterprise server using the Elastic Beanstalk. The issue is that the ec2 instances will not trust our SSL certificate from Network Solutions.
Traceback from an Elastic Beanstalk Python EC2 instance:
>> git clone https://my.ghe.com/some/repo.git
Cloning into 'squire'...
fatal: unable to access 'https://my.ghe.com/some/repo.git/': Peer's Certificate issuer is not recognized.
I've tried a half-dozen possible fixes to no avail. Has anyone had any success cloning over https? I'd like to avoid cloning over ssh so I don't have to deal with the ssh keys in eb.
Check out this answer about using git config to disable SSL verification and other SSL-overriding options:
How can I make git accept a self signed certificate?