search

Salamek / gitlab-tools

Web application providing tools not avaiable in GitLab CE (Gitlab push/pull mirror and more)
GNU General Public License v3.0
99 stars 15 forks source link

Pull mirrors, SSH, Fingerprint #39

Closed onyxPC closed 1 year ago

onyxPC commented 1 year ago

Hello.

gitlab and gitlab-tools [1.2.9] will be deployed in my docker.

After adding to "Pull Mirrors" repository.

In "FingerPrints" I get two entries with the type of key SSH-ED25519:

After I click "Trigger Sync" in "Pull Mirrors" in the log I get:

Traceback (most recent call last): File "/opt/gitlab-tools/venv/lib/python3.9/site-packages/celery/app/trace.py", line 409, in trace_task R = retval = fun(*args, kwargs) File "/opt/gitlab-tools/venv/lib/python3.9/site-packages/flask_celery/init.py", line 96, in call return task_base.call(self, *_args, *_kwargs) File "/opt/gitlab-tools/venv/lib/python3.9/site-packages/celery/app/trace.py", line 701, in __protected_call__ return self.run(args, kwargs) File "/opt/gitlab-tools/venv/lib/python3.9/site-packages/flask_celery/init.py", line 150, in wrapped ret_value = func(*args, **kwargs) File "/opt/gitlab-tools/gitlab_tools/tasks/gitlab_tools.py", line 371, in sync_pull_mirror Git.sync_mirror(namespace_path, str(mirror.id), git_remote_source, git_remote_target) File "/opt/gitlab-tools/gitlab_tools/tools/Git.py", line 39, in sync_mirror repo.remotes.gitlab.push( File "/opt/gitlab-tools/venv/lib/python3.9/site-packages/git/remote.py", line 1045, in push return self._get_push_info(proc, progress, kill_after_timeout=kill_after_timeout) File "/opt/gitlab-tools/venv/lib/python3.9/site-packages/git/remote.py", line 893, in _get_push_info proc.wait(stderr=stderr_text) File "/opt/gitlab-tools/venv/lib/python3.9/site-packages/git/cmd.py", line 559, in wait raise GitCommandError(remove_password_if_present(self.args), status, errstr) git.exc.GitCommandError: Cmd('git') failed due to: exit code(128) cmdline: git push --porcelain --mirror --force --prune gitlab stderr: 'fatal: Could not read from remote repository.'

I watched the file "repositories/1/pull/1/1/config"

[remote "gitlab"] url = ssh://git@gitlab.mydomain.com_1:10022/thirdparty/date.git

If I make from the container: ssh git@gitlab.mydomain.com_1 -p 10022

The authenticity of host '[gitlab.mydomain.com]:10022 ([192.168.xxx.xxx]:10022)' can't be established. ECDSA key fingerprint is SHA256:oc1Buil1L3tCDGRTh1QvQdaK6R9nfGE2JvjaD+W3hZI. Are you sure you want to continue connecting (yes/no/[fingerprint])?

ECDSA

I introduced "yes" A record was made in .ssh/known_host_1 with key type ecdsa-sha2-nistp256

After this, the updates were earned from gitlab-tools. But I don't like to do this for every user.

I made an appointment with a file /etc/ssh/ssh_config

Host * HostKeyAlgorithms ^ssh-ed25519

And repeated ssh git@gitlab.mydomain.com_1 -p 10022

The authenticity of host '[gitlab.mydomain.com]:10022 ([192.168.xxx.xxx]:10022)' can't be established. ED25519 key fingerprint is SHA256:oc1Buil1L3tCDGRTh1QvQdaK6R9nfGE2JvjaD+W3hZI. Are you sure you want to continue connecting (yes/no/[fingerprint])?

He asked for "fingerprint"

How to fix it? In order not to make ssh git@gitlab.mydomain.com_X -p 10022 for each user. Thank you.

Salamek commented 1 year ago

It is this? #17 There were some issues reported with custom port usage, but it was not resolved...

onyxPC commented 1 year ago

No. This is not about that.

Push does not work in gitlab. $: git push gitlab - not work. Until I enter the container and $: ssh git@gitlab.mydomain.com_1 -p 10022 After the "fingerprint" everything works. And $: git push gitlab & gitlab-tools - "trigger sync".

System SSH does not perceive the "fingerprint" made by gitlab-tools. because of this does not work to git push gitlab

Salamek commented 1 year ago

Can you test it? Like using gitlab.com as your giltab instance and try to mirror some OSS project... Yop it is #17 since https://github.com/Salamek/gitlab-tools/blob/ef716656f31177058ca44c066384f7aa3bf99c75/gitlab_tools/tools/fingerprint.py#L6 checks for hostkey on default port (22)

Salamek commented 1 year ago

Ok i have added support for ports in https://github.com/Salamek/gitlab-tools/commit/ccf0fc8ffc209a5fc32535d085ec9e2d1e3af4d8 released as version 1.3

There is new configuration option you should set in your /etc/gitlab-tools/config.yml in your case:

GITLAB_SSH: 'gitlab.mydomain.com:10022'
onyxPC commented 1 year ago

Thank you very match. You are so fast. But I wanted to offer you a slightly different way. More versatile.

https://github.com/Salamek/gitlab-tools/blob/9649ca7f1b71e0fd26c5e378505b0b1f85680cd9/gitlab_tools/tasks/gitlab_tools.py#L185-L202

ssh_url_to_repo just contains the address and port. Gitlab returns all the necessary information.

Salamek commented 1 year ago

@onyxPC yes i know, gitlab returns ssh info for a project, but currently a gitlab project is created in async task after gitlab-tools mirror is created and fingerprint check is done "realtime" in UI when creating gitlab-tools mirror (so user can interact with it yes/no stuff)... so i need to know SSH info before i create a project. I have already checked if Gitlab API provides a way to fetch generic SSH info and it does not. So without any refactoring of background job/mirror creation, simple fix was to provide ssh info manually in config...

onyxPC commented 1 year ago

Thanks again. I'll try it on Monday.

onyxPC commented 1 year ago

Thank you very match. Everything is working.

In order not to start a separate question, I want to clarify: When you add the same repository from different users, he writes that such a repository is already taken. Why?

Salamek commented 1 year ago

@onyxPC most likely incorrect check for repository duplicity under user (missing PullMirror.user == current_user in filter arguments) tracked in #42

Salamek commented 1 year ago

@onyxPC check 1.3.4 if it is working for you...