通过AWS EC2实例中的用户数据进行Git-pull

Question

I'm trying to pull a bitbucket repository on an ec2 instance during launch, using userdata. To do so, I've created a keypair and linked it to my bitbucket account. I've put the private key in an S3 bucket reachable by my instance through IAM Role.

Although this all works great when I do each step manually (login on an ec2 instance, download the key from s3, ssh-add the key, git clone my repo), it all goes to hell when I try to to it through userdata.

This is what I've tried so far :

aws s3 cp s3://bucket/private_key private_key
chmod 600 private_key
eval `ssh-agent -s`
ssh-add private_key 
mkdir -p .ssh
ssh-keyscan -t rsa bitbucket.org > .ssh/known_hosts
git clone git@bitbucket.org:user/project.git

Again, this all works perfectly when done manually. Yet, when done through userdata, the output would be :

download: s3://bucket/private_key to ./private_key
Agent pid 1623
Identity added: private_key (id_rsa)
# bitbucket.org SSH-2.0-OpenSSH_5.3
Initialized empty Git repository in /project/.git/
Host key verification failed.
fatal: The remote end hung up unexpectedly

I've tried couple of things, but it's like the ssh used when adding the key isn't the same as the one used to pull the repo... Any input would be greatly appreciated !

Answer 1

What is your Linux distro?

mkdir -p .ssh
ssh-keyscan -t rsa bitbucket.org > .ssh/known_hosts

You are not creating the .ssh directory in the home directory. Depending on your linux distribution, change it to /home/ec2-user/ or /home/ubuntu/ or /root/ etc.,

Example :

mkdir -p /home/ubuntu/.ssh
ssh-keyscan -t rsa bitbucket.org > /home/ubuntu/.ssh/known_hosts