设置与AWS弹性魔豆和Ruby容器私人Github上的访问 [英] Setting up private Github access with AWS Elastic Beanstalk and Ruby container
问题描述
展望由<一个href="http://ruby.awsblog.com/post/Tx2AK2MFX0QHRIO/Deploying-Ruby-Applications-to-AWS-Elastic-Beanstalk-with-Git"相对=nofollow>关于设置AWS弹性魔豆的使用Git的Ruby部署近期教程,我刚刚建立了从我的CI服务器弹性魔豆环境。但是,应用程序未能启动。我经历了日志,找到捆绑安装
已失败,并显示错误消息。
抓取git@github.com:例如/私营repository.git 主机密钥验证失败。 致命的:远程端挂了意外 [31mGit错误:命令
混帐克隆git@github.com:例如/私人repository.git "/var/app/ondeck/vendor/cache/ruby/1.9.1/cache/bundler/git/private-repository-e4bbe6c2b13bb62664e39e345c1b01d80017934c"在目录/ var / APP / ondeck --bare --no-硬链接
已失败。[0米
的Gemfile
我的Rails应用程序包含对gemified托管在一对夫妇的Github上我所拥有的专用仓库插件。类似于
创业板somegemname',:混帐=>'git@github.com:例如/私人repository.git
我曾遇到Capistrano的部署类似的问题这是由建立 ssh_options解决[:forward_agent] = TRUE
。
AWS弹性魔豆红宝石容器支持自定义通过自定义下 .ebextensions
放在的.config
文件中的配置。将建立在这种情况下,SSH转发代理的帮助?是否有任何其他的替代品,同时启动一个弹性魔豆环境达到一个私人Github上库?
更新1:
我刚检查与一个捆绑安装
启动用户。发现了一个脚本 /opt/elasticbeanstalk/hooks/appdeploy/$p$p/10_bundle_install.sh
启动捆绑安装
为根
用户。我试图创建在 /root/.ssh
SSH密钥,并将其添加的pub关键Github上部署键的储存库。至今没有运气。现在将尝试通过SSH酒馆键添加到我的用户账号Github上,使其适用于通过我的Github上的帐户访问的所有私人信息库。
下面是我最后是如何做到的。这是关于建立一个SSH密钥对用户负责捆绑安装
阶段。
- 在启动一个环境,在AWS弹性魔豆 应用
- 的可选的 - 登录亚马逊EC2控制台并更改实例类型为所需的值
- 更新SSH密钥对名称启用远程SSH登录。 (我敢肯定,必须有一种方法来指定实例类型和SSH密钥对的名称,同时启动的环境下)
- 查找无论是在EC2控制台或通过命令行新推出的情况下,需要注意的完全限定域名(FQDN)的此实例。 EB实例是像任何其他情况下,你会创建一个Amazon EC2上。通过SSH登录到这个实例。
- 执行以下命令来创建一个SSH密钥
根
用户$ sudo的苏 - 根
$的ssh-凯基-t RSA -Csome-email@yourdomain.com
-
修改
的.bash_profile
来显式启动的ssh-agent
并添加新生成的SSH密钥。添加以下行(这似乎是不必要的,我做的只是要确定)评估'的ssh-agent
EVAL
的ssh-添加的〜/ .ssh / id_rsa
-
请注意的SSH公钥例如:
的〜/ .ssh / id_rsa.pub
,并把它添加到集合SSH密钥的Github上的帐户具有访问私有仓库 -
在这一点上,您的实例可以访问您的私人Github上库。你可以通过发出
git的克隆
在这些资料库被登录为根
用户测试。 -
创建AMI用标准方法,这种情况下的
-
回到你的AWS弹性魔豆仪表盘和寻找
编辑配置
在应用程序的环境选项。在服务器
标签中,寻找一个选项,它可以让你指定一个自定义AMI
。与新创建的AMI ID例如更新此字段:AMI-4324fd4
-
保存配置通过按
应用更改
。 AWS弹性魔豆将开始部署新的实例,整个环境和终止旧的。这是为了确保所有的自动缩放实例都需要私人Github上的访问白名单SSH密钥。
在完成上述步骤,你可以继续前进,用混帐aws.push
希望这可以帮助其他人谁被卡住了。我很高兴地看到比这更优雅的解决方案,但。
Going by a recent tutorial on setting up AWS Elastic Beanstalk for Ruby deployment using Git, I just set up a Elastic Beanstalk environment from my CI server. However, the application failed to start. I went through the logs to find that bundle install
was failing with an error message.
Fetching git@github.com:example/private-repository.git Host key verification failed. fatal: The remote end hung up unexpectedly [31mGit error: command
git clone 'git@github.com:example/private-repository.git' "/var/app/ondeck/vendor/cache/ruby/1.9.1/cache/bundler/git/private-repository-e4bbe6c2b13bb62664e39e345c1b01d80017934c" --bare --no-hardlinks
in directory /var/app/ondeck has failed.[0m
Gemfile
of my Rails application contains references to gemified plugins hosted on a couple of my owned private repositories on Github. Something like
gem 'somegemname', :git => 'git@github.com:example/private-repository.git'
I had faced similar issues with Capistrano deployments which were resolved by setting up ssh_options[:forward_agent] = true
.
AWS Elastic Beanstalk Ruby container supports custom configuration through custom .config
files placed under .ebextensions
. Would setting up an SSH forward agent help in this case? Are there any other alternatives to reach a private Github repository while starting an Elastic Beanstalk environment?
Update 1:
I just checked for the user with which a bundle install
is initiated. Found out that a script /opt/elasticbeanstalk/hooks/appdeploy/pre/10_bundle_install.sh
starts bundle install
as root
user. I tried creating an SSH Key under /root/.ssh
and added it's pub-key to Github Deploy keys for that repository. No luck so far. Will now try to add an SSH pub-key to my user account on Github so that it applies to all private repositories accessible through my Github account.
Here's how I finally did it. It's all about setting up an SSH Key for the user which is responsible for bundle install
phase.
- Start an environment for an application in AWS Elastic Beanstalk
- Optional - Login to Amazon EC2 console and change instance type to a desired value
- Update SSH Key pair name to enable remote SSH login. (I'm sure there must be a way to specify instance type and SSH key pair name while starting an environment)
- Look for the newly launched instance either in EC2 console or through CLI, note the Fully Qualified Domain Name (FQDN) for this instance. EB instances are like any other instance you would create with Amazon EC2. Login via SSH to this instance.
- Execute the following commands to create an SSH key for
root
user$ sudo su - root
$ ssh-keygen -t rsa -C "some-email@yourdomain.com"
Edit
.bash_profile
to explicitly startssh-agent
and add the newly generated SSH Key. Add the following lines (This might seem unnecessary, I did it just to be sure)eval `ssh-agent
eval
ssh-add ~/.ssh/id_rsa
Note the SSH public key E.g.:
~/.ssh/id_rsa.pub
and add it to the set of SSH Keys for Github account which has access to private repositoriesAt this point, your instance has access to your private Github repositories. You could test this by issuing a
git clone
on those repositories by logging in asroot
user.Create an AMI out of this instance using standard methods
Come back to your AWS Elastic Beanstalk Dashboard and look for
Edit Configuration
option in your application's environment. In theServer
tab, look for an option which lets you specify aCustom AMI
. Update this field with the newly created AMI ID E.g.:ami-4324fd4
.Save configuration by hitting
Apply Changes
. AWS Elastic Beanstalk would start deploying new instances across your environment and terminating the old ones. This is to ensure all your auto-scaled instances have the whitelisted SSH Key required for private Github access.
After the above steps are done, you could go ahead and deploy your Rails application with git aws.push
Hope this helps others who are stuck. I'd be glad to see a more graceful solution than this one though.
这篇关于设置与AWS弹性魔豆和Ruby容器私人Github上的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!