使用 SSH 代理与 Docker 组合和 Dockerfile
[英]Using SSH agent with Docker Compose and Dockerfile
问题描述
I am having issues using a private github repo in one of my NestJS apps.
我在我的一个 NestJS 应用程序中使用私有 github 存储库时遇到问题。 When I create the docker image using the docker build command, the image is successfully created and everything works fine.当我使用docker build命令创建 docker 映像时,映像已成功创建并且一切正常。 However I can't use the Dockerfile with docker-compose .但是我不能将 Dockerfile 与docker-compose一起使用。
Here's the part of Dockerfile where I use the BuildKit mount feature:这是我使用BuildKit安装功能的Dockerfile的一部分:
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
RUN --mount=type=ssh npm install
When building the image with Dockerfile alone I pass the --ssh default argument, like this and it successfully installs the private repo:单独使用Dockerfile构建映像时,我传递了--ssh default参数,如下所示,它成功安装了私有仓库:
docker build --ssh default -t CONTAINER_NAME .
Following this article , inside the docker-compose.yml file I have included the $SSH_AUTH_SOCK like this:在 这篇文章之后,在docker-compose.yml文件中,我包含了这样的$SSH_AUTH_SOCK :
environment:
- NODE_ENV:${NODE_ENV}
- SSH_AUTH_SOCK:${SSH_AUTH_SOCK}
volumes:
- $SSH_AUTH_SOCK:${SSH_AUTH_SOCK}
However I get this error whenever I try to run docker-compose up但是,每当我尝试运行docker-compose up时,我都会收到此错误
#11 44.97 npm ERR! code 128
#11 44.97 npm ERR! An unknown git error occurred
#11 44.97 npm ERR! command git --no-replace-objects ls-remote ssh://git@github.com/organization/repo.git
#11 44.97 npm ERR! git@github.com: Permission denied (publickey).
#11 44.97 npm ERR! fatal: Could not read from remote repository.
#11 44.97 npm ERR!
#11 44.97 npm ERR! Please make sure you have the correct access rights
#11 44.97 npm ERR! and the repository exists.
Any idea what I am doing wrong?知道我做错了什么吗?
2 个解决方案
解决方案1
0 2022-05-25 22:59:31
Your environment syntax is incorrect.您的environment语法不正确。 The environment block can either be a list of NAME=VALUE pairs: environment块可以是NAME=VALUE对的列表:
environment:
- SSH_AUTH_SOCK=${SSH_AUTH_SOCK}
Or it can be a dictionary:或者它可以是一个字典:
environment:
SSH_AUTH_SOCK: ${SSH_AUTH_SOCK}
Yours is neither of those things, so your container has no SSH_AUTH_SOCK environment variable.你的不是这些东西,所以你的容器没有SSH_AUTH_SOCK环境变量。
If I use this docker-compose.yaml file:如果我使用这个docker-compose.yaml文件:
version: "3"
services:
ssh:
image: fedora:35
environment:
- SSH_AUTH_SOCK=${SSH_AUTH_SOCK}
volumes:
- ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}
command:
- sh
- -c
- |
yum -y install openssh-clients
sleep inf
I can exec into the container (after waiting for the package installation to complete) and verify that it is able to talk to my agent:我可以执行到容器中(在等待exec安装完成之后)并验证它是否能够与我的代理对话:
$ docker-compose exec ssh ssh-add -l
2048 SHA256:... (RSA)
4096 SHA256:... (RSA)
Also, one unrelated comment about your volumes: block: you're being inconsistent in how you refer to variables.另外,关于您的volumes:块:您在引用变量的方式上不一致。 This isn't a problem, but it hurts my brain (and inconsistencies like this can sometimes lead to weird problems in other contexts).这不是问题,但它伤害了我的大脑(像这样的不一致有时会在其他情况下导致奇怪的问题)。 You might as well just always use the ${varname} syntax when referring to environment variables:在引用环境变量时,您不妨始终使用${varname}语法:
volumes:
- ${SSH_AUTH_SOCK}:${SSH_AUTH_SOCK}
解决方案2
0 2022-08-14 20:29:14
They have added the ssh flag as option to the build key in compose: https://github.com/compose-spec/compose-spec/pull/234他们在 compose 中添加了 ssh 标志作为构建密钥的选项: https://github.com/compose-spec/compose-spec/pull/234
services:
sample:
build:
context: .
ssh:
- default
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.