che
che copied to clipboard
eclipse-che
Not possible to clone GitLab repository
Describe the bug
It's not possible to use GitLab repository with self signed certificate in Workspace
Che version
7.50
Steps to reproduce
- Install GitLab operator on OCP 4.9 cluster (expose it via Route, every other settings can remain default)
- If not instructed otherwise GitLab operator will use self signed certs
- Install Dev Spaces on OCP 4.10
- Enable GitLab OAuth as per the documentation
- Import GitLab cert secret into Dev Spaces as per the documentation
- Create a GitLab repository
- Attempt to create the Workspace from the GitLab repository
- The workspaces will get created successfully but the clone will fail
Expected behavior
The clone would fail even locally, but it can be solved by following:
git config --global http.sslVerify false
This suggests that the certs are somewhat corrupted, but the expected behaviour is that it should be possible (for dev/demo/trial) purposes allow using even these repositories (perhaps via some configuration property on the CheCluster CR)
Runtime
OpenShift
Screenshots
No response
Installation method
OperatorHub
Environment
other (please specify in additional context)
Eclipse Che Logs
2022/09/13 10:22:21 Using temporary directory /projects/project-clone-1983114771
2022/09/13 10:22:21 Read DevWorkspace at /devworkspace-metadata/flattened.devworkspace.yaml
2022/09/13 10:22:21 Processing project test-project
2022/09/13 10:22:21 Cloning project test-project to /projects/project-clone-1983114771/test-project
Cloning into '/projects/project-clone-1983114771/test-project'...
fatal: unable to access 'https://gitlab.apps.cluster-5q5jt.5q5jt.sandbox1447.opentlc.com/dev-team1/test-project.git/': SSL certificate problem: unable to get local issuer certificate
2022/09/13 10:22:21 Encountered error while setting up project test-project: failed to clone project: failed to git clone from https://gitlab.apps.cluster-5q5jt.5q5jt.sandbox1447.opentlc.com/dev-team1/test-project.git: exit status 128
Additional context
No response
Another solution (tested locally) is to run:
git config --system http.sslCAInfo /path/to/gitlab/cert
I then executed this in the theia-ide pod:
git clone https://gitlab.apps.cluster-5q5jt.5q5jt.sandbox1447.opentlc.com/dev-team1/test-project.git
and it was successful.
The working gitconfig looked like:
$ cat ~/.gitconfig
[filter "lfs"]
clean=git-lfs clean -- %f
smudge=git-lfs smudge -- %f
process=git-lfs filter-process
required=true
[user]
name=admin
email=admin@che
[http]
sslCAInfo=/public-certs/gitlab-certs.cert-java.cer
@agiertli hello, could you please clarify if the flow with cloning GitLab is still failing for you against the latest version of Eclipse Che with vscode editor. There were some fixes in place related to lfs.
Also, it would be interesting to know if it works if you put the certificate in /tmp/che/secret/ca.crt of the started works, and clone the gitlab repository.
[1] https://github.com/che-incubator/che-code/blob/8caf1e587dccdab8b009deaafa261ef06b7f5fbe/build/scripts/entrypoint-volume.sh#L72
Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.
Mark the issue as fresh with /remove-lifecycle stale in a new comment.
If this issue is safe to close now please do so.
Moderators: Add lifecycle/frozen label to avoid stale mode.
