puppet git clone private repo as user with vcsrepo module

Question

I'm using a masterless puppet install to configure my dev box and I need to clone a private repo, but vcsrepo won't run as a specific user so the wrong ssh key is being used.

According to the vcsrepo docs this should run as my non-root user:

vcsrepo { '/path/to/repo':
  ensure   => present,
  provider => git,
  source   => 'git://example.com/repo.git',
  user     => 'blake',
}

But every time it runs I think it is still running as root because I get this error:

Error: Execution of 'git clone git@github.com:private-org/private-repo.git /home/blake/code/private-repo' returned 128: Cloning into '/home/blake/code/private-repo'...
Host key verification failed.
fatal: Could not read from remote repository.

If I manually execute git clone it works just fine so I know the correct ssh key is setup for my user account.

update 1:

Okay I added the --debug flag but it doesn't really give any more info.

Debug: Executing 'git clone git@github.com:private-org/private-repo.git /home/blake/code/private-repo'

But I think it has something to do with my 'known_hosts' file. If the host is known it works just fine, otherwise it shows the error above. So somehow I need to figure out how to populate the 'known_hosts' file so the the vcsrepo command will work.

Answer 1

The Host key verification failed error in this case has to do with a missing host in the 'known_hosts' file.

If you do a git clone from the command line it will prompt you do add the host entry to the 'known_hosts' file, but this won't work if puppet runs the git clone command.

To solve the problem I added the output of ssh-keyscan -t rsa github.com to my 'known_hosts' file via puppet using the file_line type. I also turned off 'HashKnownHosts' in my .ssh/config file.