fix: install openssh in Dockerfile in order to be able to clone repo using ssh keys #1126
Conversation
|
Thanks for making a pull request! 😃 |
gabriel-farache
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1126 +/- ##
=======================================
Coverage 14.85% 14.85%
=======================================
Files 90 90
Lines 8379 8379
=======================================
Hits 1245 1245
Misses 6813 6813
Partials 321 321 ☔ View full report in Codecov by Sentry. |
could be replaced by calls to |
Dockerfile
Outdated
|
|
||
| RUN microdnf install -y openssh openssh-clients | ||
| RUN mkdir -p $HOME/.ssh | ||
| RUN printf "bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO\ngithub.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==\ngitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf\ngitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9\ngitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=\nbitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==" > $HOME/.ssh/known_hosts |
There was a problem hiding this comment.
Can you please explain this part? Do we really need to hardcode the public keys?
could be replaced by calls to ssh-scan for each of the 3 domains, should I do that instead?
Even if we do that, the public keys will be hardcoded in that image forever at the time of creation docker build.
There was a problem hiding this comment.
Those public keys are hard coded in the codebase, in the spirit of consistency I added them there too but I am more than happy to remove them :)
There was a problem hiding this comment.
@gabriel-farache Does this allow cloning from Github Enterprise? like github.mycompany.com ?
I think most often the private repos will be in a private company wide Github/GitLab.
There was a problem hiding this comment.
go-git library internally can pick up the SSH agent on the host/container for remote repository pulling.
There was a problem hiding this comment.
@kmehant Well, I am using the latest image from quay and I got the following error:
$ move2kube plan -s git+ssh://bitbucket.org/gfarache31/m2k-test
INFO[0000] Cloning the repository using git into '/tmp/move2kube2496147635/m2ksources' . This might take some time.
FATA[0000] failed to create the plan. Error: "failed to clone the repo 'git+ssh://bitbucket.org/gfarache31/m2k-test'. Error: failed to clone using vcs url 'git+ssh://bitbucket.org/gfarache31/m2k-test' and clone options {CommitDepth:1 Overwrite:true MaxSize:-1 CloneDestinationPath:/tmp/move2kube2496147635/m2ksources}. Error: failed to perform clone operation using git with options {URL:git@bitbucket.org:gfarache31/m2k-test Auth:<nil> RemoteName:origin ReferenceName:refs/heads/main SingleBranch:true Mirror:false NoCheckout:false Depth:1 RecurseSubmodules:0 Progress:<nil> Tags:2 InsecureSkipTLS:false CABundle:[] ProxyOptions:{URL: Username: Password:}} and {CommitDepth:1 Overwrite:true MaxSize:-1 CloneDestinationPath:/tmp/move2kube2496147635/m2ksources}. Error: error creating SSH agent: \"SSH agent requested but SSH_AUTH_SOCK not-specified\""
How did you have that working for you?
There was a problem hiding this comment.
@HarikrishnanBalagopal I'll remove the Dockerfile entry for the known hosts
There was a problem hiding this comment.
@gabriel-farache I have not tested it, but, as I mentioned here (#1126 (comment)) go-git would pick up ssh agent from the host/container and thanks for adding openssh to the Dockerfile so go-git should now have an ssh agent to pick up.
There was a problem hiding this comment.
@kmehant if it's tested and working we can merge this PR.
There was a problem hiding this comment.
@HarikrishnanBalagopal just tested it, we need to start the ssh-agent and init the .ssh/ keys.
For which we need to run
eval "$(ssh-agent)" && ssh-add
This should go after spawning the container with .ssh folder mounted, so should we be adding that to docs somewhere? if so let me merge this PR.
gabriel-farache
force-pushed
the
fix/add_openssh
branch
from
c76052f
to
383bfd6
Compare
|
@gabriel-farache can you fetch and rebase your PR branch? Thank you. |
gabriel-farache
force-pushed
the
fix/add_openssh
branch
from
9563543
to
d0ffac3
Compare
@kmehant done :) |
Signed-off-by: gabriel-farache <gfarache@redhat.com>
kmehant
force-pushed
the
fix/add_openssh
branch
from
888415e
to
2885948
Compare
|
@gabriel-farache Thank you for the contribution. I want to confirm, on top of the dependencies that you have added, while running the container mounting |
Yes it fulfill my needs for our use case. Thank you for merging :) |
When I try to use ssh key to clone the git repo:
I get the following error:
If in install openssh I run the following, it works:
So in order to fix this, I add the following in the Dockerfile:
The values added in the known_hosts file are copied from
common/sshkeys/sshkeys.go