This page describes the troubleshooting steps to take if you experience known problems in DAS, OPA, and self-hosted installations.
This section focuses on the troubleshooting areas in self-hosted environment.
Sync failed ssh handshake failed ssh unknown fingerprint.
You received the following error:
2021-09-15 16:27 Sync failed: ssh: handshake failed: ssh: unknown fingerprint for bitbucket.org:22
Get the fingerprint from your Git SSH server.
The SSH host key fingerprints from your Git SSH server can be found in one of the following links:
Alternatively, you can run the following command in your terminal to fetch your git host's SSH key fingerprint:
ssh-keyscan -p 22 GITHOST | ssh-keygen -lf -.
$ ssh-keyscan -p 22 bitbucket.org | ssh-keygen -lf -
2048 SHA256:zzXQOXSRBEiUtuE8AikJYKwbHaxvSc0ojez9YXaGp1A bitbucket.org (RSA)
settingsconfigmap to add the fingerprint.
# By default, the decision logs are searchable for three days and retained
# in storage for 14 days. These can be configured by updating below values (in hours).
# `LOG_VIEW_LIMIT_TIME` (for searchable) and `DECISIONS_GC_HISTORY` (for retension)
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
"DECISIONS_GC_HISTORY": 336, # <- don't forget this comma
To troubleshoot the Slack Integration feature, see the Slack Integration Troubleshooting page.
Open Policy Agent (OPA)
Unable to update OPA in Red Hat Enterprise Linux (RHEL) 7.
The OPA v0.29.4 release changed the pre-built
opa_linux_amd64 binary to better support WebAssembly-based policy execution. The change requires
glibc 2.18+ and
libgcc. RHEL 7 only supports up to glibc_2.17.
If you currently deploy the pre-built OPA binaries to RHEL 7, CentOS 7, and alpine-based Docker images, then update your automation to download
opa_linux_amd64_static instead of
opa_linux_amd64. Going forward, the
opa_linux_amd64_static binary is recommended for systems that do not have the required system libraries.
If you currently build OPA from source and deploy to one of these systems, update your build to produce a statically linked executable by setting the
WASM_ENABLED flags (for example,
make build WASM_ENABLED=0 CGO_ENABLED=0).