Chef & git ssh 身份验证问题。比特桶
Chef & git ssh authentication woes. Bitbucket
编辑:我的工作解决方案基于以下答案。
include_recipe 'chef-vault'
include_recipe 'build-essential'
#installation of git
package 'git' do
action :install
end
repo = 'emrwebapp'
application "/root/#{repo}" do
owner 'root'
group 'root'
git "/root/#{repo}" do
repository "git@bitbucket.org:sgreen22/#{repo}.git"
deploy_key chef_vault_item(:credentials, 'git')['bitbucketKey']
end
end
'-1 家伙' - 粉丝们!祝你今天愉快。
我是 Chef 的新手,我正在尝试克隆一个 repo 来完成我自己设置的一个简单的学习任务。
我已经学习了很多教程并尝试了很多建议,但由于 public 键错误,我仍然无法克隆 repo。
我正在本地终端上复制步骤,以确保我没有弄乱 url 或任何东西。
我已经:
创建了一个确保未设置密码的新密钥,将 public 密钥上传到 bitbucket 广告并使用 ssh -T hg@bitbucket.org 从本地计算机测试了该密钥。
然后我将此密钥添加到 Chef 保险库中,验证它在那里并且可见。
然后我使用 chef 将密钥复制到客户端节点上的某个位置,然后尝试克隆存储库。
有趣的是,当我在客户端节点上 运行 hg@bit... 命令时,系统提示我输入密码,我按回车键但失败了。
我已经搜索了本地和客户端的文件,可以确认它们是正确的。
我运行在客户端节点上以 root 身份运行,并将密钥放在 /root/.ssh 中,再次由 pwd 验证。
运行 详细的 hg@bit... 客户端上的命令再次要求输入密码,输入权限被拒绝。
非常感谢任何帮助。下面是日志和厨师食谱,谢谢。
/root/.ssh
[root@ip-172-22-4-44 .ssh]# ssh -T hg@bitbucket.org -v
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [104.192.143.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version conker_1.0.287-a1d21a7 app-126
debug1: no match: conker_1.0.287-a1d21a7 app-126
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: kex: curve25519-sha256@libssh.org need=20 dh_need=20
debug1: kex: curve25519-sha256@libssh.org need=20 dh_need=20
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/root/.ssh/id_rsa':
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
[root@ip-172-22-4-44 .ssh]#
include_recipe 'chef-vault'
#installation of git
package 'git' do
action :install
end
#declare the vault
gitKey = chef_vault_item(:credentialsGit, 'git')
file "/root/.ssh/id_rsa" do
content gitKey['git-key']
mode 0600
owner node['user']
action :create
notifies :run, 'execute[git ssh]', :immediately
end
execute 'git ssh' do
command 'GIT_SSH_COMMAND="ssh -i /root/.ssh/id_rsa"'
user node['user']
end
#pull down the repo
git "/home/ec2-user/spring-app" do
repository "git@bitbucket.org:sgreen22/emrwebapp.git"
#I've tried a variety of these using the ext helper as per a guide, but still no good.
# repository "ext::ssh -i /root/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no git@bitbucket.org %S /sgreen22/emrwebapp.git"
# repository "ext::ssh -i /root/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no git@bitbucket.org:sgreen22/emrwebapp.git"
checkout_branch "master"
action :sync
# ssh_wrapper "ssh -i /home/ec2-user/.ssh/id_rsa" #I've tried this but no effect
end
这是一个示例,说明如何使用 ssh 包装器从 GitHub 更新 chef 存储库。
repo = 'emrwebapp'
wrapper = "git_wrapper_#{repo}.sh"
file wrapper do
owner 'ec2-user'
group 'ec2-user'
mode 00755
content "#!/bin/sh\nexec /usr/bin/ssh -o UserKnownHostsFile=/dev/null "\
'-o StrictHostKeyChecking=no '\
"-i /home/ec2-user/.ssh/id_rsa \"$@\""
end
git repo do
repository "git@bitbucket.org:sgreen22/#{repo}.git"
reference 'master'
ssh_wrapper wrapper
user 'ec2-user'
group 'ec2-user'
end
最后你会得到 git_wrapper_emrwebapp.sh 由 chef 生成的文件,该文件将用于 ssh_wrapper 和 git resource。
SSH 包装器文件如下所示:
#!/bin/sh
exec /usr/bin/ssh -o UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no -i /home/ec2-user/.ssh/id_rsa "$@"
作为上述问题的一个更简单的解决方案,application_git cookbook 有一个资源可以为您处理所有这些,只需提供 deploy_key 值,它会处理其余的事情。
编辑:我的工作解决方案基于以下答案。
include_recipe 'chef-vault'
include_recipe 'build-essential'
#installation of git
package 'git' do
action :install
end
repo = 'emrwebapp'
application "/root/#{repo}" do
owner 'root'
group 'root'
git "/root/#{repo}" do
repository "git@bitbucket.org:sgreen22/#{repo}.git"
deploy_key chef_vault_item(:credentials, 'git')['bitbucketKey']
end
end
'-1 家伙' - 粉丝们!祝你今天愉快。
我是 Chef 的新手,我正在尝试克隆一个 repo 来完成我自己设置的一个简单的学习任务。
我已经学习了很多教程并尝试了很多建议,但由于 public 键错误,我仍然无法克隆 repo。
我正在本地终端上复制步骤,以确保我没有弄乱 url 或任何东西。
我已经:
创建了一个确保未设置密码的新密钥,将 public 密钥上传到 bitbucket 广告并使用 ssh -T hg@bitbucket.org 从本地计算机测试了该密钥。
然后我将此密钥添加到 Chef 保险库中,验证它在那里并且可见。
然后我使用 chef 将密钥复制到客户端节点上的某个位置,然后尝试克隆存储库。
有趣的是,当我在客户端节点上 运行 hg@bit... 命令时,系统提示我输入密码,我按回车键但失败了。
我已经搜索了本地和客户端的文件,可以确认它们是正确的。
我运行在客户端节点上以 root 身份运行,并将密钥放在 /root/.ssh 中,再次由 pwd 验证。
运行 详细的 hg@bit... 客户端上的命令再次要求输入密码,输入权限被拒绝。
非常感谢任何帮助。下面是日志和厨师食谱,谢谢。
/root/.ssh
[root@ip-172-22-4-44 .ssh]# ssh -T hg@bitbucket.org -v
OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to bitbucket.org [104.192.143.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1
debug1: Remote protocol version 2.0, remote software version conker_1.0.287-a1d21a7 app-126
debug1: no match: conker_1.0.287-a1d21a7 app-126
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: kex: curve25519-sha256@libssh.org need=20 dh_need=20
debug1: kex: curve25519-sha256@libssh.org need=20 dh_need=20
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa:46:46:74:7c:40
debug1: Host 'bitbucket.org' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/id_rsa
debug1: key_parse_private2: missing begin marker
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/root/.ssh/id_rsa':
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Trying private key: /root/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
[root@ip-172-22-4-44 .ssh]#
include_recipe 'chef-vault'
#installation of git
package 'git' do
action :install
end
#declare the vault
gitKey = chef_vault_item(:credentialsGit, 'git')
file "/root/.ssh/id_rsa" do
content gitKey['git-key']
mode 0600
owner node['user']
action :create
notifies :run, 'execute[git ssh]', :immediately
end
execute 'git ssh' do
command 'GIT_SSH_COMMAND="ssh -i /root/.ssh/id_rsa"'
user node['user']
end
#pull down the repo
git "/home/ec2-user/spring-app" do
repository "git@bitbucket.org:sgreen22/emrwebapp.git"
#I've tried a variety of these using the ext helper as per a guide, but still no good.
# repository "ext::ssh -i /root/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no git@bitbucket.org %S /sgreen22/emrwebapp.git"
# repository "ext::ssh -i /root/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no git@bitbucket.org:sgreen22/emrwebapp.git"
checkout_branch "master"
action :sync
# ssh_wrapper "ssh -i /home/ec2-user/.ssh/id_rsa" #I've tried this but no effect
end
这是一个示例,说明如何使用 ssh 包装器从 GitHub 更新 chef 存储库。
repo = 'emrwebapp'
wrapper = "git_wrapper_#{repo}.sh"
file wrapper do
owner 'ec2-user'
group 'ec2-user'
mode 00755
content "#!/bin/sh\nexec /usr/bin/ssh -o UserKnownHostsFile=/dev/null "\
'-o StrictHostKeyChecking=no '\
"-i /home/ec2-user/.ssh/id_rsa \"$@\""
end
git repo do
repository "git@bitbucket.org:sgreen22/#{repo}.git"
reference 'master'
ssh_wrapper wrapper
user 'ec2-user'
group 'ec2-user'
end
最后你会得到 git_wrapper_emrwebapp.sh 由 chef 生成的文件,该文件将用于 ssh_wrapper 和 git resource。
SSH 包装器文件如下所示:
#!/bin/sh
exec /usr/bin/ssh -o UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no -i /home/ec2-user/.ssh/id_rsa "$@"
作为上述问题的一个更简单的解决方案,application_git cookbook 有一个资源可以为您处理所有这些,只需提供 deploy_key 值,它会处理其余的事情。