[英]Chef git cookbook: how to fix permission denied while cloning private repo?
I have a cookbook, that uses deploy_key cookbook to generate deploy key & git cookbook to clone private gitlab project. 我有一本食谱,它使用deploy_key cookbook生成deploy key和git cookbook来克隆私有gitlab项目。
Chef always says that he has deployed keys successfully and gave them proper rights. Chef总是说他已经成功部署了密钥并赋予了它们适当的权限。
But sometimes it works fine, sometimes it gives following error, and i can't get why. 但是有时候效果很好,有时候会出现以下错误,我不知道为什么。
==> default: ================================================================================
==> default: Error executing action `sync` on resource 'git[/home/vagrant/webtest]'
==> default: ================================================================================
==> default: Mixlib::ShellOut::ShellCommandFailed
==> default: ------------------------------------
==> default: Expected process to exit with [0], but received '128'
==> default: ---- Begin output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Permission denied, please try again.
==> default: Permission denied, please try again.
==> default: Permission denied (publickey,password).
==> default: fatal: Could not read from remote repository.
==> default: Please make sure you have the correct access rights
==> default: and the repository exists.
==> default: ---- End output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Ran git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" returned 128
Moreover, if chef fails to clone project with following message, second provision (i've tried vagrant provision
for this) try will work fine (same as i will login on the VM and manually clone the project). 此外,如果Chef无法使用以下消息克隆项目,则第二项设置(我已经为此尝试了vagrant provision
)try可以正常工作(与我登录虚拟机并手动克隆项目相同)。
I thought that sometimes keys are not deployed in time.. but according to chef output they must be ready. 我认为有时密钥不能及时部署..但是根据厨师的输出,它们必须准备就绪。
What could be the problem? 可能是什么问题呢?
I am deploying keys (each deployment new keys are generated following way using gitlab project_id and token): 我正在部署密钥(每个部署新密钥都是使用gitlab project_id和token通过以下方式生成的):
deploy_key "my_project_deploy_key" do
provider Chef::Provider::DeployKeyGitlab
path "#{node['webtest']['home_dir']}/.ssh"
credentials({
:token => node['webtest']['gitlab']['token']
})
api_url "#{node['webtest']['gitlab']['api_scheme']}://#{node['webtest']['gitlab']['api_domain']}"
repo node['webtest']['gitlab']['project_id']
owner node['webtest']['user']
group node['webtest']['group']
mode 00600
action :add
end
I am cloning repo this way: 我正在以这种方式克隆仓库:
git "#{node['webtest']['home_dir']}/webtest" do
repository node['webtest']['git']['repo']
checkout_branch node['webtest']['git']['branch']
ssh_wrapper "#{node['webtest']['home_dir']}/.ssh/wrap-ssh4git.sh"
user node['webtest']['user']
group node['webtest']['group']
enable_checkout false
action :sync
end
For the example to work, you need to make gitlab.example.com aware of your public key so ssh can use your private key to connect. 为了使示例生效,您需要使gitlab.example.com知道您的公钥,以便ssh可以使用您的私钥进行连接。
The method varies, but for modern Linux machines the ssh-copy-id
may make it easier to get your public key copied correctly. 该方法有所不同,但是对于现代Linux机器, ssh-copy-id
可能使更容易正确地复制公共密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.