Permission denied (publickey). Could not read from remote repository.

[jjalexander]

Hi, I am getting this error.

2019-05-28 07:21:03,293 INFO Finding out my current projects... 2019-05-28 07:21:04,527 INFO Fetching merge requests assigned to me in jjalexander/revert-test... 2019-05-28 07:21:05,779 INFO Running git clone --origin=origin git@gitlab.com:jjalexander/revert-test.git /tmpb7fm2umw/tmpbx07ahna 2019-05-28 07:21:08,412 WARNING git returned 128 2019-05-28 07:21:08,413 WARNING stdout: b'' 2019-05-28 07:21:08,413 WARNING stderr: b"Cloning into '/tmpb7fm2umw/tmpbx07ahna'...\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n"

subprocess.CalledProcessError: Command '[b'git', b'clone', b'--origin=origin', b'git@gitlab.com:jjalexander/revert-test.git', b'/tmpb7fm2umw/tmpbx07ahna']' returned non-zero exit status 128.

The repo is on gitlab.com. I have created an access token. I have generated a ssh key pair and added the public key to my gitlab account and the private key file is in the config file.

I have run marge both as a docker container and as a local python application.

Still no luck in getting marge to work.

I know this might not be an issue, rather an error on my part. I was told to create an issue here by Daniel Gorin.

[jjalexander]

Can anyone help me?

[jcpetruzza]

@jjalexander Here marge is trying to clone the repository using git over ssh and the remote ssh server is rejecting the keypair. The options I see here are:

1. The public key is not correctly set up on gitlab. Please confirm that you can do a git clone yourself using the private key you are giving to marge.
   2. Marge is somehow not getting the right key or failing to read the configuration file. Could you please perhaps paste here the command line arguments and configuration file you are using (obfuscating any secrets :)) so we can help you diagnose what's going on?

[jjalexander]

Config file:

gitlab-url: "https://gitlab.com/" project-regexp: "jjalexander/revert-test" auth-token: "SECRET" ssh-key-file: /configuration/centos7

Docker command:

docker run -d --name marge --restart=on-failure -v ~/code/marge:/configuration smarkets/marge-bot --config-file=/configuration/marge-bot-config.yaml

git clone git@gitlab.com:jjalexander/revert-test.git works but asks for the passphrase.

[snim2]

It sounds like maybe you have not uploaded this SSH key to the GitLab user that performs the merges? Or maybe the token doesn't have the right privileges?

[jjalexander]

Access token:

marge | May 28, 2019 | In 7 months | api, read_user

In the SSH Keys, it says the key was used ten minutes ago. That means when I did git clone by hand.

[snim2]

What happens if you both the key and the token in the config rather than a separate file?

[jjalexander]

You mean using ssh-key: instead of ssh-key-file? If yes, I have just tried and the same error message pops up.

[snim2]

OK, but if git clone is asking for the passphrase on the CLI, then the ssh key is not quite right somewhere, so the place to start is probably to ensure that the SSH key is correct on GitLab and that you have added the marge-bot gitlab user to the project with maintainer rights.

BTW is your project owned by a group? If so, is it a subgroup of a larger group?

[jjalexander]

It's my private project, in which I am the maintainer and use my own user as marge-bot.

[snim2]

OK, so once you can clone on the command line without entering a passphrase, your bot should be OK, I would guess.

[jjalexander]

If I use docker exec on that container, how can I see what ssh-keys are in use by marge?

[jjalexander]

@snim2 thanks. I created a new ssh-key pair without a passphrase. It now works. Thanks again for the help.

[jjalexander]

Quick question: can the merged branches not be deleted?

[jcpetruzza]

@jjalexander at the moment it will always delete the source branch, but it shouldn't be hard to add an option to make this optional if you want to give it a go. The relevant line is in marge/single_merge_job.py:

merge_request.accept(remove_branch=True, sha=actual_sha)

[jjalexander]

Thanks again for all the help.