发表新帖
发表新帖

Git authentication in Chef

前端 未结
关注
6 1540
眼角桃花
眼角桃花 2020-12-14 02:11

When deploying an application with Chef, I\'ve got the code base set to be cloned from a private github repository with the following resource:

git \'/mnt/ap
相关标签:
6条回答
  • 南旧
    2020-12-14 02:22

    I went through same problem, Only thing I was missing was this command then everything went well:

    GIT_SSH_COMMAND="ssh -i ~/.ssh/bitbucket_rsa"

    Reference and for my whole steps can be found at my blog: http://www.sadafnoor.com/blog/simplest-way-to-write-your-chef-cookbook-that-git-clone-private-repo-using-bitbucket-deploy-key/

    0 讨论(0)
  • 生来不讨喜
    2020-12-14 02:30

    We use the similar setup for Mercurial, but it should be the same with Git, I hope.

    We use ssh keys to authenticate. The key is stored in encrypted databag (with newlines replaced by "\n"). First of all this private key is created on the node from databag.

    git_key = Chef::EncryptedDataBagItem.load( "private_keys", "git_key" )
file "/some/path/id_rsa" do
  content git_key['private']
end

    And then use it when connecting to git repository using ssh_wrapper:

    git "/opt/mysources/couch" do
  repository "git://git.apache.org/couchdb.git"
  reference "master"
  action :sync
  ssh_wrapper "ssh -i /some/path/id_rsa" #the path to our private key file
end
    0 讨论(0)
  • 南方客
    2020-12-14 02:32 
    ssh_wrapper "ssh -i /some/path/id_rsa"

    In case someone comes across this, the above didn't work for me, I kept getting the error:

    error: cannot run ssh -i /some/path/id_rsa: No such file or directory

    What specifying ssh_wrapper does is it sets the GIT_SSH environment variable, and it turns out you can't provide parameters in the GIT_SSH environment variable (see Git clone with custom SSH using GIT_SSH error).

    Instead, you would need to write your script to a file first, then set GIT_SSH to it.

    So:

    file "/some/path/git_wrapper.sh" do
  owner "your_user"
  mode "0755"
  content "#!/bin/sh\nexec /usr/bin/ssh -i /some/path/id_rsa \"$@\""
end

    And change the git resource part to:

    git "/opt/mysources/couch" do
  repository "git://git.apache.org/couchdb.git"
  reference "master"
  action :sync
  ssh_wrapper "/some/path/git_wrapper.sh"
end
    0 讨论(0)
  • 夕颜
    2020-12-14 02:33

    Based on the hint by sadaf2605, this was the easiest way for me – I just had to make sure to set the correct user/group as well as turn off StrictHostKeyChecking:

    git '/path/to/destination' do
  environment 'GIT_SSH_COMMAND' => 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /path/to/private_key'
  repository 'git@github.com:your/repo.git'
  reference 'master'
  action :sync
  user 'vagrant'
  group 'vagrant'
end
    0 讨论(0)
  • 傲寒
    2020-12-14 02:33

    You should try this cookbook https://github.com/poise/application_git. It solves the problem that you mentioned.

    With this cookbook, you can use application_git resource, specifiyng the private key:

    application_git '/srv/myapp' do
  repository 'git@github.com:organization/repository'
  deploy_key '/some/path/id_rsa'
end
    0 讨论(0)
  • 感情败类
    2020-12-14 02:35

    if you are in a linux distribution store your ssh key in <your home directory>/.ssh and add github.com to <your home directory>/.ssh/known_hosts

    You can add github.com to known_hosts using the following command

    ssh-keyscan -H github.com >> <your home directory>/.ssh/known_hosts

    After doing this you can clone your repo using git resource of chef

    0 讨论(0)
 看不清?
提交回复
热议问题