[BUG] salt-master unable to connect gitfs of ext_pillar

See original GitHub issue

Description I’am rebuilding my salt-master and configuring gitfs and ext_pillar git but gitfs is unable to connect to the git repo.

The ssh keys are working and have been tested using ssh client as does a git clone on the server with these keys.

The salt master config has been used on the original server without problems, only the keys are renewed, i have tested ED25519 and RSA type keys.

Setup

fileserver_backend:
  - roots
  - gitfs

gitfs_provider: pygit2

gitfs_remotes:
  - git@git.mydomain.coml:saltstack/salt-gitfs-remote-enviroments.git:
    - pubkey: /usr/local/etc/salt/ssh_keys/saltstack-repo_id_rsa.pub
    - privkey: /usr/local/etc/salt/ssh_keys/saltstack-repo_id_rsa
    - root: states
    - saltenv:
      - base:
        - ref: master

ext_pillar:
  - git:
    - master git@git.newimage.nl:saltstack/salt-gitfs-remote-enviroments.git:
      - pubkey: /usr/local/etc/salt/ssh_keys/saltstack-repo_id_rsa.pub
      - privkey: /usr/local/etc/salt/ssh_keys/saltstack-repo_id_rsa
      - root: pillar
      - env: base

Steps to Reproduce the behavior Start the salt-master , maybe in debug mode and check log of output.

Expected behavior Connection to Git

Screenshots

[ERROR   ] Error occurred fetching gitfs remote 'git@git.mydomain.com:saltstack/salt-gitfs-remote-enviroments.git': Failed to retrieve list of SSH authentication methods: Failed getting response
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/salt/utils/gitfs.py", line 1741, in _fetch
    fetch_results = origin.fetch(**fetch_kwargs)
  File "/usr/local/lib/python3.7/site-packages/pygit2/remote.py", line 423, in fetch
    check_error(err)
  File "/usr/local/lib/python3.7/site-packages/pygit2/errors.py", line 61, in check_error
    raise GitError(message)
_pygit2.GitError: Failed to retrieve list of SSH authentication methods: Failed getting response

[DEBUG   ] Set update lock for git_pillar remote 'master git@git.newimage.nl:saltstack/salt-gitfs-remote-enviroments.git'
[DEBUG   ] Fetching git_pillar remote 'master git@git.newimage.nl:saltstack/salt-gitfs-remote-enviroments.git'
[ERROR   ] Error occurred fetching git_pillar remote 'master git@git.newimage.nl:saltstack/salt-gitfs-remote-enviroments.git': Failed to retrieve list of SSH authentication methods: Failed getting response
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/salt/utils/gitfs.py", line 1741, in _fetch
    fetch_results = origin.fetch(**fetch_kwargs)
  File "/usr/local/lib/python3.7/site-packages/pygit2/remote.py", line 423, in fetch
    check_error(err)
  File "/usr/local/lib/python3.7/site-packages/pygit2/errors.py", line 61, in check_error
    raise GitError(message)
_pygit2.GitError: Failed to retrieve list of SSH authentication methods: Failed getting response
[DEBUG   ] Removed update lock for git_pillar remote 'master git@git.mydomain.com:saltstack/salt-gitfs-remote-enviroments.git'

Versions Report

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) 
Salt Version:
           Salt: 2019.2.4
 
Dependency Versions:
           cffi: 1.14.0
       cherrypy: unknown
       dateutil: Not Installed
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.10.1
        libgit2: 1.0.0
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.6.2
   mysql-python: Not Installed
      pycparser: 2.19
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: 1.2.0
         Python: 3.7.7 (default, Apr 12 2020, 21:25:06)
   python-gnupg: Not Installed
         PyYAML: 5.3.1
          PyZMQ: 19.0.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.3.1
 
System Versions:
           dist:   
         locale: UTF-8
        machine: amd64
        release: 12.1-RELEASE-p3
         system: FreeBSD
        version: Not Installed

Used relevant OS Packages
git-lite-2.26.2                Distributed source code management tool (lite package)
libgit2-1.0.0                  Portable, pure C implementation of the Git core
py37-pygit2-1.2.0_1            Python bindings for libgit2
libssh2-1.8.2,3                Library implementing the SSH2 protocol

Additional context

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:8 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
gvecchicertcommented, Apr 8, 2022

HI there,

I had the same issue using gitfs as fileserver backend and github repos. Starting from 15/03/2022, github.com is not accepting rsa keys anymore (see https://github.blog/2021-09-01-improving-git-protocol-security-github/); libssh2 can handle ECDSA and Ed25519 keys starting from 1.9.0 but ubuntu package is stuck to 1.8.0 My workaround was to upgrade libssh2 from sources:

sudo aptitude purge libssh2-1 -y
sudo aptitude install libssl-dev python3-pygit2 -y
wget https://www.libssh2.org/download/libssh2-1.10.0.tar.gz
tar xvzf libssh2-1.10.0.tar.gz
cd libssh2-1.10.0
sudo ./configure
sudo make
sudo make install
sudo ln -s /usr/local/lib/libssh2.so.1.0.1 /usr/lib/x86_64-linux-gnu/libssh2.so.1

An ECDSA key was succesfully used, Ed25519 seems broken

0reactions
gvecchicertcommented, May 13, 2022

Just a little update: I was able to get everything working even with libssh2-1 ubuntu package, but pygit2 needs to be installed through pip in order to get later version (1.9.1 for me); I can confirm that ed25519 keys are still not working even in this scenario:

Salt Version:
          Salt: 3004.1
 
Dependency Versions:
          cffi: 1.15.0
      cherrypy: Not Installed
      dateutil: 2.7.3
     docker-py: Not Installed
         gitdb: 2.0.6
     gitpython: 3.0.7
        Jinja2: 2.10.1
       libgit2: 1.4.2
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 0.6.2
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.6.1
        pygit2: 1.9.1
        Python: 3.8.10 (default, Mar 15 2022, 12:22:08)
  python-gnupg: 0.4.5
        PyYAML: 5.3.1
         PyZMQ: 18.1.1
         smmap: 2.0.5
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.3.2
 
System Versions:
          dist: ubuntu 20.04 focal
        locale: utf-8
       machine: x86_64
       release: 5.13.0-1017-aws
        system: Linux
       version: Ubuntu 20.04 focal
Read more comments on GitHub >

github_iconTop Results From Across the Web

[salt-users] need help using gifts /ext_pillar with git backends ...
Hi, I'm unable to get data from a git repo when using a non-master branch. I've tried with both gitpython and pygit2 (0.21-...
Read more >
salt man page - salt-master - Miscellanea | ManKier
Configuring the Salt Master; Primary Master Configuration ... Salt 0.16.x minions cannot communicate with a 0.17.x master ... I think I found a...
Read more >
Salt master not able to connect to gitfs remote - Stack Overflow
I am trying to configure remote github repo as the salt server root but it can't make the authentication successful ...
Read more >
SaltStack: salt/master.py - Fossies
There are " 531 "known connection keep-alive issues with ZMQ < 3.2 which " 532 ... If this " 581 "value is too...
Read more >
Configuring the Salt Master - Salt Project Documentation
Specify the returner to use for the job cache. The job cache will only be interacted with from the salt master and therefore...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found