#Unable to reference private module on GitHub

v0.12.6 question with the new private git support via SSH. I have a mono-repo of private Dagger modules in a private GitHub Organization.

Testing on a Mac, I get a failed to load cache key error:

dagger -m git@github.com:org/daggerverse.git functions
Setup tracing at https://dagger.cloud/traces/setup. To hide: export GOAWAY=1

✔ connect 2.0s
✘ initialize 1.3s
! failed to get configured module: failed to get module ref kind: input: moduleSource resolve: failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository git@github.com:org/daggerverse.git: git error: exit status 128
  ✘ resolving module ref 1.3s
  ! failed to get configured module: failed to get module ref kind: input: moduleSource resolve: failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository git@github.com:org/daggerverse.git: git error: exit status 128
    ✘ moduleSource(refString: "git@github.com:org/daggerverse.git"): ModuleSource! 0.9s
    ! failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository git@github.com:org/daggerverse.git: git error: exit status 128
      ✘ cache request: git://github.com/org/daggerverse.git 0.6s
      ! error fetching default branch for repository git@github.com:org/daggerverse.git: git error: exit status 128
Error: failed to get configured module: failed to get module ref kind: input: moduleSource resolve: failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository git@github.com:org/daggerverse.git: git error: exit status 128
stderr:
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

cc @lime cobalt

Hey,

Oh no, given the error message, I think it is an issue with the SSH_AUTH_SOCK env. Do you have it set on your host?

@lime cobalt Hi -- Yes, it's configured on my host, appears to be a standard Mac configuration. It's currently set to:

SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.OSQZnA8ndp/Listeners

and do you have an SSH agent running ? Did you ssh-add with an ssh key used to authenticate against the corresponding private repo ?

Here is the pending docs: https://github.com/grouville/dagger/commit/9aa6bd8e3e3c879c8366dcb6196dfb6cf469a41e

That did it! Thanks!

I didn't able to use private module either. I tried all styles in docs but result is same.

dagger -m ssh://git@gitlab.com/aweris/daggerverse.git call --help
Full trace at https://dagger.cloud/ (rotate dagger.cloud token for full url)

✔ connect 1.1s
✘ initialize 1.1s
! failed to get configured module: failed to get module ref kind: input: moduleSource resolve: failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository ssh://xxxxx@gitlab.com/aweris/daggerverse.git: git error: exit status 128
  ✘ resolving module ref 1.1s
  ! failed to get configured module: failed to get module ref kind: input: moduleSource resolve: failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository ssh://xxxxx@gitlab.com/aweris/daggerverse.git: git error: exit status 128
    ✘ moduleSource(refString: "ssh://git@gitlab.com/aweris/daggerverse.git"): ModuleSource! 1.0s
    ! failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository ssh://xxxxx@gitlab.com/aweris/daggerverse.git: git error: exit status 128
      ✘ cache request: git://gitlab.com/aweris/daggerverse.git 0.6s
      ! error fetching default branch for repository ssh://xxxxx@gitlab.com/aweris/daggerverse.git: git error: exit status 128

23:47:06 WRN rotate dagger.cloud token for full url
Error: failed to get configured module: failed to get module ref kind: input: moduleSource resolve: failed to resolve git src to commit: failed to load cache key: error fetching default branch for repository ssh://xxxxx@gitlab.com/aweris/daggerverse.git: git error: exit status 128
stderr:
git@gitlab.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Same as above, what is the SSH_AUTH_SOCK ? And is the ssh key linked to key giving access to the repo ?

yes everything was there and working, but I had multiple ssh keys

now i removed one of them and restarted the agent is start working

oh, so now it works but when the ssh-agent is linked to just one key ?

I was using one id_ed25519 key and one id_rsa for different things

yes

mmmh, interesting 🙏

and several were active ? I'll dig into that thanks 🙏

mostly used one, but other was active and added to ssh-agent

which one did you keep ?

id_ed25519 i kept this one. I added this later than id_rsa and mainly used this key

I think this is is indeed something on our end, we might not retry when git tries multiple keys. Will take a look 🙏 OR an issue on our socket forward, but I doubt it

Do you confirm that git didn't break with such multiple keys conf (and that your git auth is not a PAT), with SSH refs

git working perfectly normal wuth multiple keys. Most common senario for me using different keys personal and work accounts if I need to use same machine

yes it's related with multiple keys, since it's working with single key at the moment. Nothing changed at myside other than key

Very helpful, thanks 🙏

One last question: do you have some special configuration on your .ssh/config to specify a specific key per host ? We do not mount this in the engine, which could explain the difference between git behavior and local one

Nonetheless, I'll make a small repro on my end 🙏

Hi @lime cobalt how to use SSH_AUTH_SOCK for helm dagger?

I’m aware of editing helm templates to add env, if you have any suggestion.

[Not working] Helm:

❯ _EXPERIMENTAL_DAGGER_RUNNER_HOST="kube-pod://$DAGGER_ENGINE_POD_NAME?namespace=dagger"                               
export _EXPERIMENTAL_DAGGER_RUNNER_HOST

❯ dagger -m ssh://git@github.com/raghavendramallela/daggermodules.git/node@main functions
✔ connect 0.3s
✘ initialize 5.2s
! input: moduleSource.asModule resolve: failed to create module: select: failed to update codegen and runtime: failed to generate code: failed to call sdk module codegen: select: call function "Codegen": process "/runtime" did not complete successfully: exit code: 2
  ✔ resolving module ref 4.9s
  ✘ installing module 0.3s
  ! input: moduleSource.asModule resolve: failed to create module: select: failed to update codegen and runtime: failed to generate code: failed to call sdk module codegen: select: call function "Codegen": process "/runtime" did not complete successfully: exit code: 2
    ✘ ModuleSource.asModule: Module! 0.3s
    ! failed to create module: select: failed to update codegen and runtime: failed to generate code: failed to call sdk module codegen: select: call function "Codegen": process "/runtime" did not complete successfully: exit code: 2
Error: input: moduleSource.asModule resolve: failed to create module: select: failed to update codegen and runtime: failed to generate code: failed to call sdk module codegen: select: call function "Codegen": process "/runtime" did not complete successfully: exit code: 2

Stdout:
invoke: failed to create codegen base: failed to setup module: could not list module source entries: input: currentModule.source resolve: select: failed to compute cache key: failed to apply diffs: 1 error occurred:
        * failed to handle changes: failed to retrieve user.overlay.opaque attr: operation not supported

[working] docker container:

❯ docker ps -a                                                                                                        
CONTAINER ID   IMAGE                               COMMAND                  CREATED          STATUS          PORTS     NAMES
988b8bc320ea   registry.dagger.io/engine:v0.12.6   "dagger-entrypoint.s…"   15 minutes ago   Up 15 minutes             dagger-engine-d522a778c2389390

❯ dagger -m ssh://git@github.com/raghavendramallela/daggermodules.git/node@main functions
✔ connect 1.6s
✔ initialize 19.5s

Name          Description
commands      Execute commands in the container.
container     -
install       Downloads dependencies in the container.
version       -
with-npm      Add npm as package manager in the container.
with-npmrc    Add npmrc to the module container.
with-source   Add source to the module container.

❯ echo $SSH_AUTH_SOCK                                                                                                  
/run/user/8055/keyring/ssh

Ive only just got around to trying this out, also facing this issue.

Right now im using 1Password, and my SSH keys are not stored on my machine, theyre injected into the SSH Pipeline from my 1Password vault. Ssh git clone is working fine for me, but I'm not sure what I need to do to "pull a private module" which I created on github. I'm having almost identical output

I'm using this at the moment : https://developer.1password.com/docs/ssh/agent/config (I also have 2 keys)

SSH_AUTH_SOCK is not a Windows supported feature

I wonder if i can setup my 1Password to use WSL dagger :S

\.\pipe\openssh-ssh-agent is how Windows handles SSH

in theory, if i can run ssh.exe -T git@github.com and auth from a WSL terminal, and it works. Then i should be able to also clone a private module

Hmm, im struggling with this part

https://developer.1password.com/docs/ssh/agent/compatibility#configure-ssh_auth_sock-for-the-terminal-1

so i manage to run this successfully: SSH_AUTH_SOCK=~/.1password/agent.sock ssh-add -l and it does list my SSH key

I think i'll make a new HELP post here, i've kind of hijacked this existing one, but the Dagger Windows binary + ssh needs proper documenting/confirming it works also

Hey raghu, thanks for the ping 🙏

What's the current helm chart you're following ? Is it the official Helm chart from the docs ? https://docs.dagger.io/integrations/kubernetes/#example

The mount of the socket shall be occurring from the CLI context and not the engine one. As you seem to use _EXPERIMENTAL_DAGGER_RUNNER_HOST, one issue could be that it's actually the engine's being taken into account. I'll check tomorrow

@fallow breach can you validate that your k8s pod is also running Dagger v0.12.7?

Yes

Just wondering if ssh socket using helm dagger engine is mounted the same way as in local docker engine.

@umbral marsh let me confirm about the helm chart version & image I’m using, I remember upgrading it.

should be the same, yes. the socket is mounted by the dagger client, not the engine

@fallow breach @lime cobalt just validated this works using a local kind cluster

with minikube kvm im unsuccessful

@fallow breach seems like it worked?

I see this error at the end of the dagger call

        ! failed to resolve image docker.io/library/node:20-alpine@sha256:df01469346db2bf1cfc1f7261aeab86b2960efa840fe2bd46d83ff339f463665: failed to resolve source metadata for docker.io/library/node:20-alpine@sha256:df01469346db2bf1cfc1f7261aeab86b2960efa840fe2bd46d83ff339f463665: failed to do request: Head "https://registry-1.docker.io/v2/library/node/manifests/sha256:df01469346db2bf1cfc1f7261aeab86b2960efa840fe2bd46d83ff339f463665": context canceled
          ✘ resolving docker.io/library/node:20-alpine@sha256:df01469346db2bf1cfc1f7261aeab86b2960efa840fe2bd46d83ff339f463665 0.0s
          ! failed to do request: Head "https://registry-1.docker.io/v2/library/node/manifests/sha256:df01469346db2bf1cfc1f7261aeab86b2960efa840fe2bd46d83ff339f463665": context canceled

that seems to be related around your kube cluster not being able to pull from the registry

but seems like the module is being loaded correctly

oh the image pull? kk

ill try with some other private module

it is working as expected ty

im getting same error with other ts module..... cant resolve node:20 image
but with go it worked.

it was due to firewall in kvm node..... everything is working as expected.