尝试点子在DockerFile中安装私有仓库
[英]Trying to pip install a private repo in a DockerFile
问题描述
I'm trying to install a custom Python package to run in a Flask Server. 
我正在尝试安装一个自定义Python程序包以在Flask Server中运行。 The server will be in a Docker image. 该服务器将在Docker映像中。 Therefore, I'm trying to do a manipulation of the sort of RUN pip install git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName However, nothing that I have tried works. 因此,我正在尝试对RUN pip install git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName进行某种操作RUN pip install git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName但是,我尝试过的任何方法都RUN pip install git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName 。
I've tried the two formats that I've found: 我尝试了找到的两种格式:
1) git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName 1) git+ssh://git@bitbucket.org:teamName/reponame.git@dev#egg=packageName
2) git+ssh://bitbucket.org/team/reponame.git@dev#egg=packageName 2) git+ssh://bitbucket.org/team/reponame.git@dev#egg=packageName
Both of these technic give a similar error: 这两种技术都给出类似的错误:
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
or 要么
ssh: Could not resolve hostname bitbucket.org:TeamName: Name does not resolve
fatal: Could not read from remote repository.
or 要么
root@bitbucket.org: Permission denied (publickey).
fatal: Could not read from remote repository.
Even though my public key is set in BitBucket 即使我的公钥已在BitBucket中设置
Here is the Dockerfile: 这是Dockerfile:
Use an official Python runtime as a parent image
FROM python:3.6-alpine
#Preparation to pull from Github
ARG SSH_PRIVATE_KEY
RUN echo "Oh dang look at that ${SSH_PRIVATE_KEY}"
RUN apk update
RUN apk add --no-cache openssh \
git
RUN mkdir /root/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa
RUN chmod 600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan bitbucket.org >> /root/.ssh/known_hosts
#install dependencies
RUN apk add --no-cache gcc \
bash \
tzdata \
g++ \
tiff-dev \
openssl \
poppler \
poppler-dev \
poppler-utils \
&& pip install --trusted-host pypi.python.org <THE_URL>
&& cp /usr/share/zoneinfo/America/that_place /etc/localtime \
&& echo "America/that_place" > /etc/timezone \
&& date
# Set the working directory to /app
WORKDIR ./my_dir
# Make port 5000 available to the world outside this container
EXPOSE 5000
#Remove SSH
RUN rm /root/.ssh/id_rsa
# Define environment variable
ENV NAME __main__
ENV FLASK_APP app/app.py
ENV FLASK_RUN_HOST 0.0.0.0
ENV GOOGLE_APPLICATION_CREDENTIALS ./resources/google/credentials.json
ENV GOOGLE_CLOUD_BUCKET_NAME bucket_name
# Run app.py when the container launches
CMD ["flask", "run"]
The SSH key is passed as an Argument to the build with $(cat ./ssh/id_rsa) SSH密钥作为参数传递给$(cat ./ssh/id_rsa)
1 个解决方案
解决方案1
1 已采纳 2019-07-26 20:44:22
You don't want to pass in an SSH key that way: it will end up inside the resulting image, so anyone who has access to the image will have access to your SSH key. 您不希望以这种方式传递SSH密钥:它将最终出现在生成的映像中,因此有权访问该映像的任何人都可以访问您的SSH密钥。
Options: 选项:
- Use BuildKit, which has built-in SSH agent forwarding ( https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds ). 使用BuildKit,它具有内置的SSH代理转发( https://docs.docker.com/develop/develop-images/build_enhancements/#using-ssh-to-access-private-data-in-builds )。
- Technique I describe here, too complex to cover in short scope of answer: https://pythonspeed.com/articles/docker-build-secrets/ 我在这里描述的技术太复杂,无法涵盖简短的答案: https : //pythonspeed.com/articles/docker-build-secrets/
- If you're not worried about leaking your private SSH key, fix this setup. 如果您不担心泄漏私人SSH密钥,请修复此设置。 My guess is you also need to
chmod 700 /root/.ssh.我的猜测是您还需要chmod 700 /root/.ssh。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.