Chef Git Cookbook：如何修复克隆私人存储库时被拒绝的权限？ [英] Chef git cookbook: how to fix permission denied while cloning private repo?

问题描述

我有一本食谱，该食谱使用 deploy_key食谱生成部署密钥& git cookbook可以克隆私人gitlab项目。

I have a cookbook, that uses deploy_key cookbook to generate deploy key & git cookbook to clone private gitlab project.

厨师总是说他已经成功部署了密钥并赋予了它们适当的权限。

Chef always says that he has deployed keys successfully and gave them proper rights.

但是有时它可以正常工作，有时它会给出以下错误，而我不知道为什么。

But sometimes it works fine, sometimes it gives following error, and i can't get why.

==> default: ================================================================================
==> default: Error executing action `sync` on resource 'git[/home/vagrant/webtest]'
==> default: ================================================================================
==> default: Mixlib::ShellOut::ShellCommandFailed
==> default: ------------------------------------
==> default: Expected process to exit with [0], but received '128'
==> default: ---- Begin output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Permission denied, please try again.
==> default: Permission denied, please try again.
==> default: Permission denied (publickey,password).
==> default: fatal: Could not read from remote repository.
==> default: Please make sure you have the correct access rights
==> default: and the repository exists.
==> default: ---- End output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Ran git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" returned 128

此外，如果厨师无法使用以下消息克隆项目，则进行第二项准备（为此我尝试了无用条款），尝试可以正常工作（与我将登录虚拟机并手动克隆该项目。）

Moreover, if chef fails to clone project with following message, second provision (i've tried vagrant provision for this) try will work fine (same as i will login on the VM and manually clone the project).

我认为有时密钥不能及时部署..但是根据厨师的输出，它们必须准备就绪。

I thought that sometimes keys are not deployed in time.. but according to chef output they must be ready.

可能是什么问题？

我正在部署密钥（每个部署新密钥都是通过以下方式生成的： gitlab project_id和令牌）：

I am deploying keys (each deployment new keys are generated following way using gitlab project_id and token):

deploy_key "my_project_deploy_key" do
    provider Chef::Provider::DeployKeyGitlab
    path "#{node['webtest']['home_dir']}/.ssh"
    credentials({
        :token => node['webtest']['gitlab']['token']
    })
    api_url "#{node['webtest']['gitlab']['api_scheme']}://#{node['webtest']['gitlab']['api_domain']}"
    repo  node['webtest']['gitlab']['project_id']
    owner node['webtest']['user']
    group node['webtest']['group']
    mode 00600
    action :add
end

我以这种方式克隆存储库：

I am cloning repo this way:

git "#{node['webtest']['home_dir']}/webtest" do
    repository node['webtest']['git']['repo']
    checkout_branch node['webtest']['git']['branch']
    ssh_wrapper "#{node['webtest']['home_dir']}/.ssh/wrap-ssh4git.sh"
    user node['webtest']['user']
    group node['webtest']['group']
    enable_checkout false
    action :sync
end

推荐答案

要运行此示例，您需要使gitlab.example.com知道您的公钥，以便ssh可以使用您的私钥进行连接。

For the example to work, you need to make gitlab.example.com aware of your public key so ssh can use your private key to connect.

方法各不相同，但是对于现代Linux机器， ssh-copy-id 可能使您更容易获得公钥正确复制。

The method varies, but for modern Linux machines the ssh-copy-id may make it easier to get your public key copied correctly.

这篇关于Chef Git Cookbook：如何修复克隆私人存储库时被拒绝的权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！