Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(0.37.0) flux bootstrap git failed with 'unable to checkout repo with an empty set of auth options' #3358

Closed
1 task done
karunsiri opened this issue Dec 1, 2022 · 9 comments · Fixed by #3377
Closed
1 task done

(0.37.0) flux bootstrap git failed with 'unable to checkout repo with an empty set of auth options' #3358

karunsiri opened this issue Dec 1, 2022 · 9 comments · Fixed by #3377
Assignees
@aryan9600
Labels
area/bootstrap Bootstrap related issues and pull requests area/git Git related issues and pull requests bug Something isn't working
Milestone
GitOps GA

Comments

@karunsiri
Copy link

karunsiri commented Dec 1, 2022
edited
Loading

Describe the bug

After each Flux release, I would re-run the bootstrap command to upgrade flux resources running within a cluster.
The problem occurs when I try to upgrade from 0.36.0 to 0.37.0. When I run bootstrap, the command fails and outputs
failed to clone repository: unable to checkout repo with an empty set of auth options.

The pass versions can be re-bootstrapped (upgraded) successfully.

Steps to reproduce

  1. To Rerun bootstrap onto existing flux-ready cluster. Given cluster currently running flux 0.36.0.
  2. Upgrade flux cli to 0.37.0
  3. Rerun bootstrap command:
flux bootstrap git \
  --url ssh://git@github.com/ORG/REPO.git \
  --branch master \
  --path path/to/manifests \
  --interval 1m0s \
  --ssh-key-algorithm ed25519

Expected behavior

The command should succeed and upgrade flux resources running within the cluster to the latest version.

Screenshots and recordings

image

OS / Distro

Fedora 37

Flux version

0.37.0

Flux check

► checking prerequisites
✔ Kubernetes 1.21.14-eks-fb459a0 >=1.20.6-0
► checking controllers
✔ helm-controller: deployment ready
► ghcr.io/fluxcd/helm-controller:v0.26.0
✔ kustomize-controller: deployment ready
► ghcr.io/fluxcd/kustomize-controller:v0.30.0
✔ notification-controller: deployment ready
► ghcr.io/fluxcd/notification-controller:v0.28.0
✔ source-controller: deployment ready
► ghcr.io/fluxcd/source-controller:v0.31.0
► checking crds
✔ alerts.notification.toolkit.fluxcd.io/v1beta1
✔ buckets.source.toolkit.fluxcd.io/v1beta2
✔ gitrepositories.source.toolkit.fluxcd.io/v1beta2
✔ helmcharts.source.toolkit.fluxcd.io/v1beta2
✔ helmreleases.helm.toolkit.fluxcd.io/v2beta1
✔ helmrepositories.source.toolkit.fluxcd.io/v1beta2
✔ kustomizations.kustomize.toolkit.fluxcd.io/v1beta2
✔ ocirepositories.source.toolkit.fluxcd.io/v1beta2
✔ providers.notification.toolkit.fluxcd.io/v1beta1
✔ receivers.notification.toolkit.fluxcd.io/v1beta1
✔ all checks passed

Git provider

GitHub

Container Registry provider

No response

Additional context

Additional Info: I can git clone <repo_url> directly just fine.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@aryan9600
Copy link
Member

hi @karunsiri, could you describe what your ~/.ssh/config looks like?

@karunsiri
Copy link
Author

Hello @aryan9600, here it is

Host *
ServerAliveInterval 120
IdentityFile ~/.ssh/private-key

Host github.com
User git
Hostname github.com

Additional Info: I can git clone <repo_url> directly just fine with this config. I'll update the issue to include this info.

@aryan9600
Copy link
Member

is your private key file not protected by a passphrase? also could you try passing in --private-key-file=~/.ssh/private-key to command? (if you have a passphrase, then you can specify with it via the --password arg). that should probably fix it.

@karunsiri
Copy link
Author

@aryan9600 It does work, yes, but that's going to replace the secret flux-system within the cluster, which is different than my private-key. It's basically uploading my key pair to be used by the cluster, on my behalf, right?

I never had to do this for the past version up to 0.36.0. I can upgrade progressively by running the same command, and flux will pickup the existing secret (flux-system) from the cluster and use that.

@pjbgf pjbgf added this to the Bootstrap GA milestone Dec 1, 2022
@pjbgf pjbgf added bug Something isn't working area/git Git related issues and pull requests area/bootstrap Bootstrap related issues and pull requests labels Dec 1, 2022
@aryan9600 aryan9600 self-assigned this Dec 2, 2022
@aryan9600 aryan9600 mentioned this issue Dec 5, 2022
Merged
@pjbgf pjbgf moved this to In Progress in Maintainers' Focus Dec 5, 2022
@aryan9600 aryan9600 mentioned this issue Dec 6, 2022
Merged
@aryan9600
Copy link
Member

hey @karunsiri, i've opened PR #3377 which should fix this. would you be able to test it? these steps should work:

  • git clone https://github.com/fluxcd/flux2
  • gh pr checkout 3377
  • make build
  • ./bin/flux bootstrap git ....

@jjzazuet
Copy link

jjzazuet commented Dec 7, 2022

Can confirm that --private-key-file= can be used as a work-around.

Thanks.

@karunsiri
Copy link
Author

@aryan9600 Sorry for delay response, I was on vacation.
I tried the given steps but the build failed while building helm-controller.yaml.

The build log:

❯❯❯ make build
./manifests/scripts/bundle.sh
[INFO]  using {kustomize/v4.5.7  2022-08-02T16:35:54Z  }
[INFO]  building helm-controller.yaml
Error: accumulating resources: accumulation err='accumulating resources from 'https://github.com/fluxcd/helm-controller/releases/download/v0.27.0/helm-controller.deployment.yaml': URL is a git repository': evalsymlink failure on '/tmp/kustomize-588017855/releases/download/v0.27.0/helm-controller.deployment.yaml' : lstat /tmp/kustomize-588017855/releases: no such file or directory
make: *** [Makefile:53: cmd/flux/.manifests.done] Error 1

@aryan9600
Copy link
Member

i just ran the command after doing a fresh clone of the repo and checking out to the PR branch and its working. its probably an issue on GitHub's side. could you try again? @karunsiri

@ppmathis
Copy link

ppmathis commented Dec 11, 2022
edited
Loading

I have been facing the same issue as @karunsiri and noticed that I suddenly could no longer rely on Flux using the default SSH configuration for bootstrapping, which would then use my SSH authentication agent to communicate with GitHub.

Based on the instructions in #3358 (comment) I tested #3377 by @aryan9600 and can indeed confirm that said PR fixed the issue for me. Unlike the current release, this allowed me once again to bootstrap Flux with an SSH-based Git repository without specifying any credentials.

Repository owner moved this from In Progress to Since Last Dev Meeting in Maintainers' Focus Dec 12, 2022
@pjbgf pjbgf moved this from Since Last Dev Meeting to Done in Maintainers' Focus Dec 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aryan9600 aryan9600

Labels
area/bootstrap Bootstrap related issues and pull requests area/git Git related issues and pull requests bug Something isn't working
Projects
Maintainers' Focus
Status: Done
Milestone
GitOps GA
Development

Successfully merging a pull request may close this issue.

bootstrap: fallback to default known_hosts aryan9600/flux2
5 participants
@jjzazuet @ppmathis @karunsiri @pjbgf @aryan9600