I'm trying to migrate from OpenShift 2 to OpenShift 3. I have created a new app on OpenShift 3 but I'm struggling to clone my BitBucket private git repository to it. (I had no problem with OpenShift 2).
I have tried setting secrets (SSH or Basic Authentication) in Build/Advanced Options but without luck.
Here is the error message :
Cloning "[email protected]:(myusername)/(myrepository).git" ... error:
build error: Host key verification failed. fatal: Could not read from
remote repository. Please make sure you have the correct access rights
and the repository exists.
The steps if working from the command line are as follows:
1) Create a new SSH key pair for use with the repository. This cannot have a passphrase.
ssh-keygen -C "openshift-source-builder/repo@bitbucket" -f repo-at-bitbucket -N ''
This will generate files:
repo-at-bitbucket
repo-at-bitbucket.pub
being the private and public key files.
2) Go to Settings->Access keys for the repository on BitBucket, select Add key and in the popup window enter the key name openshift-source-builder
and paste in the contents of the public key file. In this case repo-at-bitbucket.pub
. Confirm creation by clicking on Add key on the popup window.
3) Create a secret in OpenShift for the key by running:
oc secrets new-sshauth repo-at-bitbucket --ssh-privatekey=repo-at-bitbucket
4) Enable access to the secret from the builder
service account.
oc secrets link builder repo-at-bitbucket
5) In order that OpenShift knows the secret is for this specific private Git repository and automatically uses it, annotate the secret with the SSH URI for the repository.
oc annotate secret/repo-at-bitbucket \
'build.openshift.io/source-secret-match-uri-1=ssh://bitbucket.org/yourusername/private-repo.git'
Very important here is the form of the URI. In the BitBucket web interface it will show it as:
[email protected]:yourusername/private-repo.git
Do not use that. You need to use the SSH form of the URI here.
6) We can then deploy the application from the private Git repository.
oc new-app [email protected]:yourusername/private-repo.git --name mysite
Okay to use [email protected]:yourusername/private-repo.git
here, or could also use the SSH form of the URI.
You can also do all this from the web console instead. Important if creating the secret as a separate step in web console to link the builder
service account when doing that. If create the source secret when deploying, then it will automatically link the builder
service account.
Note that if the OpenShift instance has a firewall between it and BitBucket and SSH connections are blocked, this will not work. In that case you need to fall back to using a personal access token (app password) over a SSH connection using HTTP basic authentication.
These details are now much better explained by the blog post series starting with:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With