Could not push code to the CodeCommit repository - amazon-elastic-beanstalk

I am trying to push my code to the beanstalk but I am getting an error when I hit the eb create command
WARNING: You have uncommitted changes.
Starting environment deployment via CodeCommit
Could not push code to the CodeCommit repository:
ERROR: CommandError - An error occurred while handling git command.
Error code: 128 Error: fatal: unable to access 'https://git-codecommit.us-west-2.amazonaws.com/v1/repos/origin/': The requested URL returned error: 403
I have already created an environment using aws beanstalk, how I should push to that.

This issue could be related to your AccessKey and SecurityKey. Perhaps AK or SK has expired/inactivaded.
In my case with the same error, the problem was an expired key.
After releasing a new key, make sure the git credential store have the new key (if used).

I fixed this by:
Attaching AWSCodeCommitPowerUser to my user group
Generating a CodeCommit credential for my user.
STEP 1
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
In the IAM console, in the navigation pane, choose Users, and then choose the IAM user you want to configure for CodeCommit access.
On the Permissions tab, choose Add Permissions.
In Grant permissions, choose Attach existing policies directly.
From the list of policies, select AWSCodeCommitPowerUser or another managed policy for CodeCommit access. For more information, see AWS managed (predefined) policies for CodeCommit.
STEP 2
On the user details page, choose the Security Credentials tab, and in HTTPS Git credentials for AWS CodeCommit, choose Generate.
Use the Username and Password when prompt to enter credentials for the git repo
Take a look at this article for more information https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html

Related

What server URL should be used for the `oc login` command when using OpenShift's PaaS?

What do I provide for the server URL in the oc login tool, when using the OpenShift PaaS?
I'm trying to migrate my OpenShift Online v2 app to v3, following the instructions for PHP apps linked to from OpenShift's Migration Center. That page says to run something following the pattern oc new-app https://github.com/<github-id>/<repo-name>.git --name=<app-name> -e <ENV_VAR_NAME>=<env_var_value>. After tracking down a download for oc (which wasn't easy), I tried running that command with my repo URL*; this results in:
$ oc new-app https://USERNAME#bitbucket.org/USERNAME/PROJECTNAME.git --name=PROJECTNAME
error: Missing or incomplete configuration info. Please login or point to an existing, complete config file:
1. Via the command-line flag --config
2. Via the KUBECONFIG environment variable
3. In your home directory as ~/.kube/config
To view or setup config directly use the 'config' command.
Not knowing what subcommand of oc config to use, I searched and found Get Started with the CLI, which says to use oc login to start the configuration process. But when I run that, I get:
Server [https://localhost:8443]:
What do I provide for the URL here, when using the OpenShift PaaS (i.e. not a local installation)? I've tried things like https://openshift.com/ and the URL of my web app, but both of them result in
error: The server was unable to respond - verify you have provided the correct host and port and that the server is currently running.
* I decided to use Bitbucket instead of GitHub; I'm not sure if this is unsupported, or (if it's supported) whether I should be providing USERNAME#bitbucket.org.
It is right over there in the web console.
Click on (?) help icon right beside your user name on top right corner. Select 'Command Line Tool' from the drop down menu.
Alternatively, it is there in the URL :
http://<openshift url>/console/command-line
e.g. it is mentioned on the below URL for me:
https://console.starter-ca-central-1.openshift.com/console/command-line
Hope it helps.
In the RedHat OpenShift Online web console, click on the (?) help icon right beside your user name in the top right corner. Select 'Command Line Tools' from the drop down menu.
A pop-up window appears with a section "oc - OpenShift Command Line Interface (CLI)", and there's a link for Copy Login Command. Click that and it takes you to a page like
https://oauth-openshift.apps.ca-central-1.starter.openshift-online.com/oauth/token/display?code=Ge.....
(You may be prompted at this point to log into the Redhat Portal, do that if necessary.)
The page will then show the text
Display Token
Click Display Token
It will show output similar to this:
Log in with this token
oc login --token=... --server=https://api.ca-central-1.starter.openshift-online.com:6443
On the web console, click in your profile and then you can see "copy Login command" like this:
Then you just click on it and do it again on the button "Display token" in the new browser tab. Here is what your token looks like:
I just tried actually signing up for an OpenShift v3 Starter plan (which I hadn't done before because I didn't want to get ahead of myself, and the migration guide hadn't said to do so yet). That course of action did give me access to the "Command Line Tools" menu item under the ? menu, which gives the command line as oc login https://api.starter-us-east-1.openshift.com --token=<hidden>. (The hidden token is copied to the clipboard if you click the clipboard icon to the right of that line.)
I created an account for OpenShift v3 Starter plan.
Then I installed OC Tool available here.
I created a project called spike1 on US west.
Finally when running oc login and set Server URL to https://console.starter-us-west-1.openshift.com/
Hope this helps.
Once you create a project in public OpenShift. It redirect to my console
starter-us-west-1.openshift.com/console/
If you wana login to openshift using CLI.
command is
oc login https://console.starter-us-west-1.openshift.com

OpenShift 3 : unable to clone a private BitBucket repository

I'm trying to migrate from OpenShift 2 to OpenShift 3.
I have created a new app on OpenShift 3 but I'm struggling to clone my BitBucket private git repository to it. (I had no problem with OpenShift 2).
I have tried setting secrets (SSH or Basic Authentication) in Build/Advanced Options but without luck.
Here is the error message :
Cloning "git#bitbucket.org:(myusername)/(myrepository).git" ... error:
build error: Host key verification failed. fatal: Could not read from
remote repository. Please make sure you have the correct access rights
and the repository exists.
The steps if working from the command line are as follows:
1) Create a new SSH key pair for use with the repository. This cannot have a passphrase.
ssh-keygen -C "openshift-source-builder/repo#bitbucket" -f repo-at-bitbucket -N ''
This will generate files:
repo-at-bitbucket
repo-at-bitbucket.pub
being the private and public key files.
2) Go to Settings->Access keys for the repository on BitBucket, select Add key and in the popup window enter the key name openshift-source-builder and paste in the contents of the public key file. In this case repo-at-bitbucket.pub. Confirm creation by clicking on Add key on the popup window.
3) Create a secret in OpenShift for the key by running:
oc secrets new-sshauth repo-at-bitbucket --ssh-privatekey=repo-at-bitbucket
4) Enable access to the secret from the builder service account.
oc secrets link builder repo-at-bitbucket
5) In order that OpenShift knows the secret is for this specific private Git repository and automatically uses it, annotate the secret with the SSH URI for the repository.
oc annotate secret/repo-at-bitbucket \
'build.openshift.io/source-secret-match-uri-1=ssh://bitbucket.org/yourusername/private-repo.git'
Very important here is the form of the URI. In the BitBucket web interface it will show it as:
git#bitbucket.org:yourusername/private-repo.git
Do not use that. You need to use the SSH form of the URI here.
6) We can then deploy the application from the private Git repository.
oc new-app httpd~git#bitbucket.org:yourusername/private-repo.git --name mysite
Okay to use git#bitbucket.org:yourusername/private-repo.git here, or could also use the SSH form of the URI.
You can also do all this from the web console instead. Important if creating the secret as a separate step in web console to link the builder service account when doing that. If create the source secret when deploying, then it will automatically link the builder service account.
Note that if the OpenShift instance has a firewall between it and BitBucket and SSH connections are blocked, this will not work. In that case you need to fall back to using a personal access token (app password) over a SSH connection using HTTP basic authentication.
These details are now much better explained by the blog post series starting with:
https://blog.openshift.com/private-git-repositories-part-1-best-practices/

CruiseControl.net Fails A Build When There Are no Source Code Changes

CruiseControl.net correctly detects that there are "No modifications detected" when I run the program with a visible terminal and shows green build reports but after I quit the program and start the service, the builds fail with the following stack trace:
ThoughtWorks.CruiseControl.Core.CruiseControlException: Source control operation failed: . Process command: C:\Program Files\TortoiseHg\hg.exe pull https://redacted.kilnhg.com/Code/Repositories/Group/HealthTracker
at ThoughtWorks.CruiseControl.Core.Sourcecontrol.ProcessSourceControl.Execute(ProcessInfo processInfo)
at ThoughtWorks.CruiseControl.Core.Sourcecontrol.Mercurial.Mercurial.HgPull(IIntegrationResult result)
at ThoughtWorks.CruiseControl.Core.Sourcecontrol.Mercurial.Mercurial.GetModifications(IIntegrationResult from, IIntegrationResult to)
at ThoughtWorks.CruiseControl.Core.Sourcecontrol.QuietPeriod.GetModifications(ISourceControl sourceControl, IIntegrationResult lastBuild, IIntegrationResult thisBuild)
at ThoughtWorks.CruiseControl.Core.IntegrationRunner.GetModifications(IIntegrationResult from, IIntegrationResult to)
at ThoughtWorks.CruiseControl.Core.IntegrationRunner.Integrate(IntegrationRequest request)
Project: HealthTracker
System Information:
Windows 7 x64
CCnet 1.8.5.0
Where do I start to debug the problem?
When Cruisecontrol runs as a service it runs with the service account's credentials. It is probably running as network service. You will either need to provide a password for Mercurial in the ccnet.config file or you will need to copy your authentication certificates from your user account folder to the network service's account folder. That folder is in different places in different versions of Windows.
Since I use a token provided by FogCreek (documented at http://help.fogcreek.com/8375/access-tokens-and-continuous-integration-servers), I have a kiln.prefix, kiln.username, and a kiln.password. The three values are stored inside mercurial.ini. Unfortunately, there is no corresponding file for the NETWORK SERVICE user account so the solution is to run the CruiseControl.NET service with a normal Windows user account's credentials and configure that account with the correct mercurial.ini settings.

gsutil not working in GCE

So when I bring up a GCE instance using the standard debian 7 image, and issue a "gsutil config" command, it fails with the following message:
jcortez#master:~$ gsutil config
Failure: No handler was ready to authenticate. 4 handlers were checked. ['ComputeAuth', 'OAuth2Auth', 'OAuth2ServiceAccountAuth', 'HmacAuthV1Handler'] Check your credentials.
I've tried it on the debian 6 and centos instances and had the same results. Issuing "gcutil config" works fine however. I gather I need to set up my ~/.boto file but I'm not sure what to.
What am I doing wrong?
Using service account scopes as E. Anderson mentions is the recommended way to use gsutil on Compute Engine, so the images are configured to get OAuth access tokens from the metadata server in /etc/boto.cfg:
[GoogleCompute]
service_account = default
If you want to manage gsutil config yourself, rename /etc/boto.cfg, and gsutil config should work:
$ sudo mv /etc/boto.cfg /etc/boto.cfg.orig
$ gsutil config
This script will create a boto config file at
/home/<...snipped...>/.boto
containing your credentials, based on your responses to the following questions.
<...snip...>
Are you trying to use a service account to have access to Cloud Storage without needing to enter credentials?
It sounds like gsutil is searching for an OAuth access token with the appropriate scopes and is not finding one. You can ensure that your VM has access to Google Cloud Storage by requesting the storage-rw or storage-full permission when starting your VM via gcutil, or by selecting the appropriate privileges under "Project Access" on the UI console. For gcutil, something like the following should work:
> gcutil addinstance worker-1 \
> --service_account_scopes=https://www.googleapis.com/auth/devstorage.read_write,https://www.googleapis.com/auth/compute.readonly
When you configured your GCE instance, did you set it up with a service account configured? Older versions of gsutil got confused when you attempted to run gsutil config when you already had service account credentials configured.
If you already have a service account configured you shouldn't need to run gsutil config - you should be able to simply run gsutil ls, cp, etc. (it will use credentials located elsewhere than your ~/.boto file).
If you really do want to run gsutil config (e.g., to set up credentials associated with your login identity, rather than service account credentials), you could try downloading the current gsutil from http://storage.googleapis.com/pub/gsutil.tar.gz, unpacking it, and running that copy of gsutil. Note that if you do this, the personal credentials you create by running gsutil config will essentially "hide" your service account credentials (i.e., you would need to move your .boto file aside if you ever want to user your service account credentials again).
Mike Schwartz, Google Cloud Storage team
FYI I'm working on some changes to gsutil now that will handle the problem you encountered more smoothly. That version should be out within the next week or two.
Mike

How to setup Authorization Hudson /Jenkins to clone your mercurial repository

After installing and playing around with mercurial , I am trying to get Hudson to clone the repository so it can build my project.
At the moment the following task works.
I Can sync to my external host and the code shows up on that host.
Now I am trying to configure hudson / jenkins to access the code on my host.
But unfortunately I am rolling on a error:
Started by user anonymous
$ hg clone --rev default https://bitbucket.org/*/testproject "F:\Hudson\jobs\testproject\workspace"
abort: http authorization required
ERROR: Failed to clone https://bitbucket.org/*/testproject
[workspace] $ hg log --rev . --template {node}
java.io.IOException: Cannot run program "hg" (in directory "F:\Hudson\jobs\testproject\workspace"): CreateProcess error=267, The directory name is invalid
at java.lang.ProcessBuilder.start(ProcessBuilder.java:460)
at hudson.Proc$LocalProc.<init>(Proc.java:244)
at hudson.Proc$LocalProc.<init>(Proc.java:216)
at hudson.Launcher$LocalLauncher.launch(Launcher.java:698)
at hudson.Launcher$ProcStarter.start(Launcher.java:329)
at hudson.Launcher$ProcStarter.join(Launcher.java:336)
at hudson.plugins.mercurial.MercurialSCM.joinWithPossibleTimeout(MercurialSCM.java:298)
at hudson.plugins.mercurial.HgExe.popen(HgExe.java:191)
at hudson.plugins.mercurial.HgExe.tip(HgExe.java:171)
at hudson.plugins.mercurial.MercurialSCM.calcRevisionsFromBuild(MercurialSCM.java:254)
at hudson.scm.SCM._calcRevisionsFromBuild(SCM.java:304)
at hudson.model.AbstractProject.calcPollingBaseline(AbstractProject.java:1186)
at hudson.model.AbstractProject.checkout(AbstractProject.java:1175)
at hudson.model.AbstractBuild$AbstractRunner.checkout(AbstractBuild.java:523)
at hudson.model.AbstractBuild$AbstractRunner.run(AbstractBuild.java:418)
at hudson.model.Run.run(Run.java:1362)
at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:46)
at hudson.model.ResourceController.execute(ResourceController.java:88)
at hudson.model.Executor.run(Executor.java:145)
Caused by: java.io.IOException: CreateProcess error=267, The directory name is invalid
at java.lang.ProcessImpl.create(Native Method)
at java.lang.ProcessImpl.<init>(ProcessImpl.java:81)
at java.lang.ProcessImpl.start(ProcessImpl.java:30)
at java.lang.ProcessBuilder.start(ProcessBuilder.java:453)
... 18 more
Finished: FAILURE
What actions do i need to do to tell Hudson to use username x and password y to acces the data?
Edited => Found how to integrate ssh .
Used SSH instead of https
Download putty.exe, puttygen.exe, pageant.exe, and plink.exe from the PuTTY website.
Start puttygen and generate a key in OPENSSH FORMAT (hudsons format) (=> How to use Svn + SSH )
Click the Save private key button and save the .PPK file somewhere.
Click the Save public key button and save it.
Go to your website and enter the public ssh-key
Run pageant.exe. The pageant icon (a computer wearing a hat) will show up in the status tray.
Right-click the pageant icon and choose Add Key.
Choose the .PPK file you saved earlier and type in its passphrase.
The following (end part is copied) from Ted Naleid (Thank you!) blog witch can be found here : Hooking up hudson to your ...
Install the Mercurial plugin in Hudson
All that’s left to do now is install
the Mercurial plugin in hudson. In a
browser, go to
http://INSERT_YOUR_IP_HERE:8080.
Hudson should come up.
Click on “Manage Hudson” and go to
“Manage Plugins”. Go to the
“Available” tab, check “Hudson
Mercurial plugin” and hit the
“Install” button. Hudson will prompt
you to restart, and then it’s
installed.
After that, just create a new job and
you’ll have a new “mercurial” option
in the “source control management”
section. Select that and put the ssh
URL in the “Repository URL” field.
Then put “default” in the “branch”
field and set up the rest of the job
to build/test your code (an exercise
left to the reader).
and here it is the first succesfull build !
Conclusion : This is a summary of all the small blogpost scattered arround the internet. I hope this post helps you in starting hudson and mercurial.
I think the problem is not related to username and password. Your stacktrace tells you there's something wrong with the path F:\Hudson\jobs\testproject\workspace.
Cannot run program hg (in directory
"F:\Hudson\jobs\testproject\workspace")
The directory name is invalid
Anyway, you can specify the username and password in the URL like: http://user:password#mydomain.org.
To authenticate the Jenkins/Hudson Mercurial plugin with BitBucket I too found it useful to use the SSH protocol instead of HTTPS particularly since:
there doesn't seem to be a way to store your HTTPS credentials to BitBucket with the Mercurial Jenkins plugin, but with SSH you can safely and securely store your credentials
with SSH you can configure it to use compression, which Mercurial doesn't do natively.
Good instructions for setting up SSH access to BitBucket are available here: http://confluence.atlassian.com/display/BITBUCKET/Using+SSH+to+Access+your+Bitbucket+Repository
Notes:
If you are running Jenkins/Hudson on a *nix server, you will want to login as the user running the Jenkins process and perform these operations from that users home directory, so the configurations will be found by that user (e.g. on my Debian server installation of Jenkins standalone, the user 'jenkins' is created and the home directory is set to '/var/lib/jenkins' [not /home/jenkins] - where I performed the instructions provided at the above link).
I found it very helpful to assure the hg clone command worked from the command line before attempting to have Jenkins call it.
IMPORTANT: In order to get this to work, I had to generate a key ** without ** a passphrase.
You can add the following lines to jenkins .hgrc file (usually /var/lib/jenkins/.hgrc)
[auth]
bitbucket.prefix = https://bitbucket.org/your_user/...
bitbucket.username = your_user
bitbucket.password = ******
See http://www.selenic.com/mercurial/hgrc.5.html#auth
You can add your scm credentials in the 'Credentials` section of Jenkins:
Also change the job configuration to use the credentials: