问题
I have a cookbook, that uses deploy_key cookbook to generate deploy key & git cookbook to clone private gitlab project.
Chef always says that he has deployed keys successfully and gave them proper rights.
But sometimes it works fine, sometimes it gives following error, and i can't get why.
==> default: ================================================================================
==> default: Error executing action `sync` on resource 'git[/home/vagrant/webtest]'
==> default: ================================================================================
==> default: Mixlib::ShellOut::ShellCommandFailed
==> default: ------------------------------------
==> default: Expected process to exit with [0], but received '128'
==> default: ---- Begin output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Permission denied, please try again.
==> default: Permission denied, please try again.
==> default: Permission denied (publickey,password).
==> default: fatal: Could not read from remote repository.
==> default: Please make sure you have the correct access rights
==> default: and the repository exists.
==> default: ---- End output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Ran git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" returned 128
Moreover, if chef fails to clone project with following message, second provision (i've tried vagrant provision for this) try will work fine (same as i will login on the VM and manually clone the project).
I thought that sometimes keys are not deployed in time.. but according to chef output they must be ready.
What could be the problem?
I am deploying keys (each deployment new keys are generated following way using gitlab project_id and token):
deploy_key "my_project_deploy_key" do
provider Chef::Provider::DeployKeyGitlab
path "#{node['webtest']['home_dir']}/.ssh"
credentials({
:token => node['webtest']['gitlab']['token']
})
api_url "#{node['webtest']['gitlab']['api_scheme']}://#{node['webtest']['gitlab']['api_domain']}"
repo node['webtest']['gitlab']['project_id']
owner node['webtest']['user']
group node['webtest']['group']
mode 00600
action :add
end
I am cloning repo this way:
git "#{node['webtest']['home_dir']}/webtest" do
repository node['webtest']['git']['repo']
checkout_branch node['webtest']['git']['branch']
ssh_wrapper "#{node['webtest']['home_dir']}/.ssh/wrap-ssh4git.sh"
user node['webtest']['user']
group node['webtest']['group']
enable_checkout false
action :sync
end
回答1:
For the example to work, you need to make gitlab.example.com aware of your public key so ssh can use your private key to connect.
The method varies, but for modern Linux machines the ssh-copy-id may make it easier to get your public key copied correctly.
来源:https://stackoverflow.com/questions/31496405/chef-git-cookbook-how-to-fix-permission-denied-while-cloning-private-repo