OpenShift 3:无法克隆私有BitBucket存储库 [英] OpenShift 3 : unable to clone a private BitBucket repository
问题描述
我正在尝试从OpenShift 2迁移到OpenShift 3. 我已经在OpenShift 3上创建了一个新应用,但是我正在努力将我的BitBucket私有git存储库克隆到该应用. (我对OpenShift 2没问题).
I'm trying to migrate from OpenShift 2 to OpenShift 3. I have created a new app on OpenShift 3 but I'm struggling to clone my BitBucket private git repository to it. (I had no problem with OpenShift 2).
我尝试在构建/高级选项"中设置机密(SSH或基本身份验证),但是没有运气.
I have tried setting secrets (SSH or Basic Authentication) in Build/Advanced Options but without luck.
这是错误消息:
Cloning "git@bitbucket.org:(myusername)/(myrepository).git" ... error:
build error: Host key verification failed. fatal: Could not read from
remote repository. Please make sure you have the correct access rights
and the repository exists.
推荐答案
从命令行运行的步骤如下:
The steps if working from the command line are as follows:
1)创建一个用于存储库的新SSH密钥对.这不能有密码短语.
1) Create a new SSH key pair for use with the repository. This cannot have a passphrase.
ssh-keygen -C "openshift-source-builder/repo@bitbucket" -f repo-at-bitbucket -N ''
这将生成文件:
repo-at-bitbucket
repo-at-bitbucket.pub
是私钥和公钥文件.
2)转到BitBucket上存储库的 Settings-> Access keys ,选择 Add key ,然后在弹出窗口中输入密钥名称openshift-source-builder并粘贴公钥文件的内容.在这种情况下,repo-at-bitbucket.pub.在弹出窗口中单击添加键确认创建.
2) Go to Settings->Access keys for the repository on BitBucket, select Add key and in the popup window enter the key name openshift-source-builder and paste in the contents of the public key file. In this case repo-at-bitbucket.pub. Confirm creation by clicking on Add key on the popup window.
3)通过运行以下命令在OpenShift中为密钥创建一个秘密:
3) Create a secret in OpenShift for the key by running:
oc secrets new-sshauth repo-at-bitbucket --ssh-privatekey=repo-at-bitbucket
4)允许从builder服务帐户访问机密.
4) Enable access to the secret from the builder service account.
oc secrets link builder repo-at-bitbucket
5)为了使OpenShift知道秘密是针对此特定的私有Git存储库并自动使用它,请使用存储库的SSH URI注释该秘密.
5) In order that OpenShift knows the secret is for this specific private Git repository and automatically uses it, annotate the secret with the SSH URI for the repository.
oc annotate secret/repo-at-bitbucket \
'build.openshift.io/source-secret-match-uri-1=ssh://bitbucket.org/yourusername/private-repo.git'
这里非常重要的是URI的形式.在BitBucket Web界面中,它将显示为:
Very important here is the form of the URI. In the BitBucket web interface it will show it as:
git@bitbucket.org:yourusername/private-repo.git
请勿使用.您需要在此处使用URI的SSH形式.
Do not use that. You need to use the SSH form of the URI here.
6)然后,我们可以从私有Git存储库中部署应用程序.
6) We can then deploy the application from the private Git repository.
oc new-app httpd~git@bitbucket.org:yourusername/private-repo.git --name mysite
可以在这里使用git@bitbucket.org:yourusername/private-repo.git,或者也可以使用URI的SSH形式.
Okay to use git@bitbucket.org:yourusername/private-repo.git here, or could also use the SSH form of the URI.
您也可以从Web控制台执行所有这些操作.如果在执行此操作时将密码作为Web控制台中单独的步骤来链接builder服务帐户,则非常重要.如果在部署时创建了源机密,它将自动链接builder服务帐户.
You can also do all this from the web console instead. Important if creating the secret as a separate step in web console to link the builder service account when doing that. If create the source secret when deploying, then it will automatically link the builder service account.
请注意,如果OpenShift实例之间有防火墙,并且BitBucket和SSH连接被阻止,则此方法将无效.在这种情况下,您需要回退到使用HTTP基本身份验证通过SSH连接使用个人访问令牌(应用密码).
Note that if the OpenShift instance has a firewall between it and BitBucket and SSH connections are blocked, this will not work. In that case you need to fall back to using a personal access token (app password) over a SSH connection using HTTP basic authentication.
这些细节现在可以通过以下博客文章系列得到更好的解释:
These details are now much better explained by the blog post series starting with:
这篇关于OpenShift 3:无法克隆私有BitBucket存储库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
