aws setup: good and bad (so far)

Avatar
Ethrbunny
Created

Good: desktop app works now that I have an ACM cert working

Bad: cloning from repo not working. 

 

# git clone ssh://git@space-git.mydomain.com:12222/infrastructure/terraform.git
Cloning into 'terraform'...
ssh: connect to host space-git.mydomain.com port 12222: Operation timed out
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

 

I've created a new keyset and uploaded the public key. Also added the appropriate entry to ~/.ssh/config.

 

Interestingly - cloning via https: works.. except that it wants a user/pw. 

Votes

0

Share

6 comments
Avatar
Pavel Boger
Created

Ethrbunny, could you please share the output of the following command with me?

ssh -vvv ssh://git@space-git.mydomain.com:12222
0
Avatar
Ethrbunny
Created

# ssh -vvv ssh://git@space-git.mydomain.com:12222

OpenSSH_9.0p1, LibreSSL 3.3.6
debug1: Reading configuration data /Users/jon/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: include /etc/ssh/ssh_config.d/* matched no files
debug1: /etc/ssh/ssh_config line 54: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/Users/jon/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/Users/jon/.ssh/known_hosts2'
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to space-git.mydomain.com port 12222.
ssh: connect to host space-git.mydomain.com port 12222: Operation timed out

0
Avatar
Pavel Boger
Created

Ethrbunny, is the 12222 port configured as a TCP proxy on the Ingress Controller? Would you be able to share the configs for both the Ingress Controller and VCS? Thanks!

0
Avatar
Ethrbunny
Created

Im not sure where to find that information. There have been many many config files involved in this process to date.

0
Avatar
Pavel Boger
Created

Ethrbunny, thanks for sharing! Note that TCP proxy is only required for VCS, so the config should have one port defined:

12222: "jb-space/jb-space-vcs:12222"

Nevertheless, it's not yet clear why it's not resolved when accessing via ssh. Any change I could take a look at the whole values.yaml file?

0
Avatar
Ethrbunny
Created

elastic: &elastic-host
  hostname: "99.99.99.99"
  port: "9200"
s3:
  storage: &s3-storage
    region: "food"
    accessKey: "REDACTED"
    secretKey: "REDACTED"
    url: "https://s3.food.amazonaws.com"
postgres: &pg-db
  name: "space"
  hostname: "space-db.redacted.amazonaws.com"
  port: "5432"
  username: "postgres"
  password: "spacespace"
redis: &redis-host
  hostname: "space-redis.redacted.amazonaws.com"
  port: "6379"
portal-external-url: &portal-external-url "https://space-portal.mydomain.com"
packages-external-url: &packages-external-url "https://space-packages.mydomain.com"
git-external-url: &git-external-url "https://space-git.mydomain.com"

space:
  ingress:
    hostname: "space-portal.mydomain.com"
    enabled: true
    selfSigned: false
    tls: true
  masterSecret: "REDACTED"
  webHookSecret: "REDACTED"
  localAdministrator:
    firstName: "Administrator"
    lastName: "Administrator"
    username: "admin"
    password: "REDACTED"
    email: "admin@space-admin.mydomain.com"
  oauth:
    messageEncodingKey: "REDACTED"
    encodingKey2fa: "REDACTED"
    encodingKey: "REDACTED"
    messageSigningRsaPublic: "REDACTED"
    messageSigningRsaPrivate: "REDACTED"
    accessTokenRsaPublic: "REDACTED"
    accessTokenRsaPrivate: "REDACTED"
  database: *pg-db
  organization:
    name: "food"
  eventbus: *redis-host
  objectStorage:
    << : *s3-storage
    bucketName: "mgmt-space-objectstorage"
  mail:
    enabled: true
    username: "REDACTED"
    password: "REDACTED"
    hostname: "email-smtp.REDACTED.amazonaws.com"
    port: "587"
    protocol: "TLS"

    settings:
     fromAddress: "mailer@no-reply.mydomain.com"
     rateLimitPerSecond: "1"
     aggregationDelaysInSec: "60"
     messageQueuePrefix: "mailQueue"
  elastic:
    search: *elastic-host
    audit: *elastic-host
    metrics: *elastic-host
  vcs:
    token: "REDACTED"
  externalUrl: *portal-external-url
  altUrls: *portal-external-url
  packages:
    oauth:
      clientId: "space-to-packages"
      clientSecret: "REDACTED"
    externalUrl: *packages-external-url
  automation:
    logs:
      storage:
        << : *s3-storage
        bucketName: "mgmt-space-automation"
    worker:
      storage:
        << : *s3-storage
        bucketName: "mgmt-space-worker"
    dslCompiler:
      storage:
        << : *s3-storage
        bucketName: "mgmt-space-dslcompiler"
packages:
  ingress:
    hostname: "space-packages.mydomain.com"
    enabled: true
    selfSigned: false
    tls: true
  database: *pg-db
  eventbus: *redis-host
  objectStorage:
    << : *s3-storage
    bucketName: "mgmt-space-packages"
  elastic:
    search:  *elastic-host
  externalUrl: *packages-external-url
  oauth:
    clientId: "space-to-packages"
    clientSecret: "REDACTED"
  space:
    externalUrl: *portal-external-url
vcs:
  resources:
    requests:
      cpu: 2000m
      memory: 2048Mi
    limits:
      cpu: 4000m
      memory: 8192Mi
  defaultInitContainers:
    requests:
      cpu: 2000m
      memory: 2048Mi
    limits:
      cpu: 4000m
      memory: 8192Mi
  storage:
    eventbus: *redis-host
    objectStorage:
      << : *s3-storage
      bucketName: "mgmt-space-vcs"
    database: *pg-db
  secrets:
    spaceAccessKey: "REDACTED"
  externalUrl: *git-external-url
  spaceExternalUrl: *portal-external-url
  ingress:
    hostname: "space-git.mydomain.com"
    enabled: true
    selfSigned: false
    tls: true

0

Please sign in to leave a comment.