salt: Salt fails to fetch from a git remote in VSTS

Description of Issue/Question

Salt fails to fetch from a git remote using ssh auth. The following logentries appear: Interestingly It’s possible to git clone manually using ssh auth. ssh -T also works.

[DEBUG   ] Set update lock for gitfs remote 'ssh://{path-to-repo-in-vsts}'
[DEBUG   ] Fetching gitfs remote 'ssh://ssh://{path-to-repo-in-vsts}'
[ERROR   ] Error occured fetching gitfs remote 'ssh://ssh://{path-to-repo-in-vsts}': Failed to start SSH session: Unable to exchange encryption keys
[DEBUG   ] Removed update lock for gitfs remote 'ssh://ssh://{path-to-repo-in-vsts}'

Setup

  • In general, follow this video
  • Install a vanilla salt-master and salt-minion on Ubuntu 16.04
  • Create a VSTS (visualstudio.com) git repository
  • Create a SSH keypair and upload the public key to VSTS
  • Copy the keypair to /etc/salt/master.d
  • Apply the following settings to /etc/salt/master
fileserver_backend:
  - git

gitfs_remotes:
  - ssh://{Your Repo}
gitfs-pubkey: /etc/salt/master.d/{pubkey}
gitfs_privkey: /etc/salt/master.d/{privkey}
gitfs_base: master
gitffs_env_whitelist:
  - base

pillar_roots:
  base:
    - /srv/pillar
file_roots:
  base:
    - /srv/salt

Steps to Reproduce Issue

Start the salt-master as a process with --log-level=debug

Versions Report

Salt Version:
           Salt: 2015.8.8

Dependency Versions:
         Jinja2: 2.8
       M2Crypto: Not Installed
           Mako: 1.0.6
         PyYAML: 3.12
          PyZMQ: 15.2.0
         Python: 2.7.12 (default, Nov 19 2016, 06:48:10)
           RAET: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4
           cffi: 1.9.1
       cherrypy: Not Installed
       dateutil: 2.6.0
          gitdb: 2.0.0
      gitpython: 2.1.0
          ioflo: Not Installed
        libgit2: 0.24.0
        libnacl: 1.5.0
   msgpack-pure: Not Installed
 msgpack-python: 0.4.8
   mysql-python: Not Installed
      pycparser: 2.17
       pycrypto: 2.6.1
         pygit2: 0.24.0
   python-gnupg: Not Installed
          smmap: 2.0.1
        timelib: Not Installed

System Versions:
           dist: Ubuntu 16.04 xenial
        machine: x86_64
        release: 4.4.0-47-generic
         system: Ubuntu 16.04 xenial

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 25 (13 by maintainers)

Most upvoted comments

Thanks for bumping thsi for me. @mmisztal1980 sorry for missing this.

I can now replicate this thanks to @mmisztal1980’s help on this.

[ERROR   ] Error occurred fetching gitfs remote 'ssh://ch3ll@ch3ll.visualstudio.com:22/_git/MyFirstProject': Failed to start SSH session: Unable to exchange encryption keys
Traceback (most recent call last):
  File "/home/ch3ll/git/salt/salt/utils/gitfs.py", line 1406, in _fetch
    fetch_results = origin.fetch(**fetch_kwargs)
  File "/usr/lib64/python2.7/site-packages/pygit2/remote.py", line 221, in fetch
    check_error(err)
  File "/usr/lib64/python2.7/site-packages/pygit2/errors.py", line 56, in check_error
    raise GitError(message)
GitError: Failed to start SSH session: Unable to exchange encryption keys

Here is my config:

fileserver_backend:
  - git

gitfs_remotes:
  - ssh://ch3ll@ch3ll.visualstudio.com:22/_git/MyFirstProject
gitfs_pubkey: /home/ch3ll/.ssh/key.pub
gitfs_privkey: /home/ch3ll/.ssh/key
gitfs_base: master
gitffs_env_whitelist:
  - base

pillar_roots:
  base:
    - /srv/pillar
file_roots:
  base:
    - /srv/salt

I also verified that I could do a git clone with that repo and key just fine.

@terminalmage maybe you have any quick ideas as to why we are getting this error? If you need I can give you access to my repo so you can use that exact config and test.

+2
Ch3LL on Mar 8, 2017

I’ve @Ch3LL add my pubkey to her VSTS repo, and will look at this when time allows (currently tied up making Python 3 compatibility changes).

+1
terminalmage on Mar 15, 2017
Read more comments on GitHub
← salt: salt fails on startup with transport: raet
salt: salt hangs indefinitely when trying to restart a service →