Spring Cloud Config Server使用SSH密钥进行Git并在Docker中运行 [英] Spring Cloud Config Server using SSH key for Git and running in Docker
问题描述
我试图在BitBucket上使用部署密钥与Spring Boot Config Server一起使用私人git存储库并让它在Docker中运行。我遇到了很多问题。
- 如何使用application.yml文件进行实际配置。
我似乎不知道应该在哪里放置SSH信息。所有教程似乎都是https。
- 如何为配置提供私钥。对于开发者来说,YML内联的语法是一种痛苦。对于生产,您必须通过环境变量来提供它,这是另一种语法杂事。
我一直收到一个错误, key是无效的。
- 如何获得Docker容器信任主机密钥而不讨厌你相信这个人提示。
似乎有几种方法可以完成这项工作,但只有一种适用于我。
第一部分是配置。您希望忽略标准私钥并将其用作环境变量。 (SSH_KEY)。此外,git仓库是一个EV(GIT_URL),但你可以根据需要硬编码。
spring:
云:
config:
服务器:
git:
uri:$ {GIT_URL}
ignore-local-ssh-settings:true
private-key: $ {SSH_KEY}
第2部分很棘手。对于开发人员,您需要内联键,所以您需要使用管道在YAML中为块添加前缀。 (请注意,这个键在我刚刚生成的时候已经丢掉了,现在已经抛弃了它)
private-key:|
----- BEGIN RSA私钥-----
MIIEpAIBAAKCAQEAszmCR06LVHk / kNYV6LoYgEfHlK4rp75sCsRJ7rdAbWNED + YB
bneOm5gue0LGIhT7iTP9D7aN6bKVHv1SBconCA7Pa2NMA9epcMT5ecJc8ndpZOFn
iqM77jmMMPvj8EIC06w5oK5zoYwpGotYQFHllf8M + 20HtW2fZdPYAYwLcVdmc5tI
VLOS + 10qw5D3X9zrwk2Cbt37Iqnz1cHOQq + g7sxgVgt18aIKKeg0JslaGqSlWMoT
ICUMHj89E4BMHj8ND8otSXHL + VHN + ghd7w1MpckxLWBsNs1 + G1FuiJEVAtRq / J + 8
SOilxgifvI1LqpZ5kO01XFlmkcuN4NMT03qpcwIDAQABAoIBAB5oQGk2sz7mv1kk
aV0tzaBeDUd1cWSpUw1UljKRFrY4ZEDLYH5MfH57iE9TWehIZRC3KFU1JMikitZS
JktjK9IbKSfQFgKE4XOHh8gXqMteZRw / feCwpydYzic1ZUvK903QZ4qSbn3XGNYv
FA79lhUny50Qt4EZkzSkh35js0FMSR9VmyXENxN6IgXUZyoaNAATr44Vkd488BY2
7PvdOniemo8 / 8p4Ij0Aq9Q7rOtm77ZXjyFRX5mDTi2ndSllMEhVcWXHSii + ukbvF
117Ns + 8M7VWroNfRzI +伊尔姆/子XZ / ePOLlNoYcY0h5 + QM9vMPTX9Cpl5WofgOMK1sKd
mSdI4ukCgYEA12kcu0aDyIrEPHcyaT9izSFply0Uon2QKS9EQn6cr83vaEGViamh
f5q1coYouGnsLfbgKolEMKsYtbmJvInPFDCdc2x0Fmc207Wp1OECsN + HwElEXkrs
uPDpGQgs5odjN5Grue9837920oG3UBBdVDAKly2dTOcvoWW + 88seFSUCgYEA1P7f
p78HDMQ8zTy5 + 3Rd4 + lmJjPsY618XxSQ80j8Elrhi / DyTMA0XGc5c3cKRPmSj + JD
GN34WQbw7JO2mKM7YJs + tkSBeTKce8F3cZQy1jy3LNHCtfXylOxmxOFKynV5h2b /
JNO + pGdmAPK5yvnGASd2eujtzt + AL07XiD2LnLcCgYEAsFRz131WfP / SuShdlLf1
WbODKuQVIxojuwLdHo1kF6k805v0G / dGoxzycOgPRz41vj57q3Yn4qr8FC3n6PTq
FT3idUyPDpO41r67Ye469KxWBHo1Q / aTJqTWOs5tatvixOcyqoa3MrUZQCI8 + 4YZ
z8Nvt + B3 / 66zV6vhDtHzMx0CgYAvWW2M0 + MUS / ecRHivzqGkrdkYewh87C8uz9qd
SsdGqU9kla63oy7Ar + 3Unkz5ImYTeGAkIgw4dlOOtBOugPMNOdXKHRaPQ9IHrO2J
oUFf4OVzoDnhy4ge1SLPd6nxsgXP NPVwzfopABdr9Ima9sWusgAjuK5NA + ByI9vE
HLJxpwKBgQCTM938cdx457ag1hS6EaEKyqljS1 / B8ozptB4cy3h0hzw0crNmW84 /
1Lt9MJmeR4FrWitQkkVLZL3SrYzrP2i + uDd4wVVD5epvnGP / Bk6g05 / eB9LgDRx /
EeBgS282jUBkXZ6WpzqHCcku3Avs3ajzsC1WaEYx0tCiBxSkiJlaLQ ==
----- END RSA私钥-----
在生产环境中,您需要在命令提示符处使用bash变量来存储密钥它到运行你的容器的Docker命令。例子:
pre $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ docker run -eSSH_KEY = $ pemconfigserver
此时您应该有应用程序照顾。现在,您只需要通过ssh主机不可信任的问题。为此,请在Dockerfile中添加这些行。用你想要的任何主机替换bitbucket.org。这些命令将创建ssh config目录,修复权限,然后创建并填充knownhosts文件。
pre $
RUN mkdir -p / root / .ssh
RUN chmod 700 /root/.ssh
RUN ssh-keyscan bitbucket.org> /root/.ssh/known_hosts
I found many questions and tutorials before finally putting this all together. Wanted to document it so somebody else can save many hours of frustration.
I am trying to get a private git repository on BitBucket to work with Spring Boot Config Server using deploy keys and have it run in Docker. I am running into many issues.
- How to actually configure using the application.yml files.
I cant seem to figure out where I should put the SSH info. All tutorials seem to be for https.
- How to provide the private key to the configuration. For Dev the syntax for inline in YML is a pain. For production, you have to provide it via an environment variable, which is another syntax chore.
I keep getting an error that the private key is invalid.
- How to get the Docker container to trust the host key without that pesky "do you trust this guy" prompt.
There seems to be several ways to make this work, but only one that worked for me.
First piece is the configuration. You want to ignore the standard private key and use one provided as an environment variable. (SSH_KEY). Also, the git repo is an EV (GIT_URL) but you can hardcode if you want.
spring:
cloud:
config:
server:
git:
uri: ${GIT_URL}
ignore-local-ssh-settings: true
private-key: ${SSH_KEY}
Part 2 is tricky. For Dev, you want the key inline, so you need to use a pipe to prefix the block in YAML. (Note this key is throw away as in I just generated it and have now thrown it away)
private-key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAszmCR06LVHk/kNYV6LoYgEfHlK4rp75sCsRJ7rdAbWNED+yB
bneOm5gue0LGIhT7iTP9D7aN6bKVHv1SBconCA7Pa2NMA9epcMT5ecJc8ndpZOFn
iqM77jmMMPvj8EIC06w5oK5zoYwpGotYQFHllf8M+20HtW2fZdPYAYwLcVdmc5tI
vLoS+10qw5D3X9zrwk2Cbt37Iqnz1cHOQq+g7sxgVgt18aIKKeg0JslaGqSlWMoT
ICUMHj89E4BMHj8ND8otSXHL+VhN+ghd7w1MpckxLWBsNs1+G1FuiJEVAtRq/j+8
SOilxgifvI1LqpZ5kO01XFlmkcuN4NMT03qpcwIDAQABAoIBAB5oQGk2sz7mv1kk
aV0tzaBeDUd1cWSpUw1UljKRFrY4ZEDLYH5MfH57iE9TWehIZRC3KFU1JMikitZS
JktjK9IbKSfQFgKE4XOHh8gXqMteZRw/feCwpydYzic1ZUvK903QZ4qSbn3XGNYv
FA79lhUny50Qt4EZkzSkh35js0FMSR9VmyXENxN6IgXUZyoaNAATr44Vkd488BY2
7PvdOniemo8/8p4Ij0Aq9Q7rOtm77ZXjyFRX5mDTi2ndSllMEhVcWXHSii+ukbvF
117Ns+8M7VWroNfRzI+Ilm/Xz/ePOLlNoYcY0h5+QM9vMPTX9Cpl5WofgOMK1sKd
mSdI4ukCgYEA12kcu0aDyIrEPHcyaT9izSFply0Uon2QKS9EQn6cr83vaEGViamh
f5q1coYouGnsLfbgKolEMKsYtbmJvInPFDCdc2x0Fmc207Wp1OECsN+HwElEXkrs
uPDpGQgs5odjN5Grue9837920oG3UBBdVDAKly2dTOcvoWW+88seFSUCgYEA1P7f
p78HDMQ8zTy5+3Rd4+lmJjPsY618XxSQ80j8Elrhi/DyTMA0XGc5c3cKRPmSj+JD
GN34WQbw7JO2mKM7YJs+tkSBeTKce8F3cZQy1jy3LNHCtfXylOxmxOFKynV5h2b/
jno+pGdmAPK5yvnGASd2eujtzt+AL07XiD2LnLcCgYEAsFRz131WfP/SuShdlLf1
WbODKuQVIxojuwLdHo1kF6k805v0G/dGoxzycOgPRz41vj57q3Yn4qr8FC3n6PTq
FT3idUyPDpO41r67Ye469KxWBHo1Q/aTJqTWOs5tatvixOcyqoa3MrUZQCI8+4YZ
z8Nvt+b3/66zV6vhDtHzMx0CgYAvWW2M0+mUS/ecRHivzqGkrdkYewh87C8uz9qd
SsdGqU9kla63oy7Ar+3Unkz5ImYTeGAkIgw4dlOOtBOugPMNOdXKHRaPQ9IHrO2J
oUFf4OVzoDnhy4ge1SLPd6nxsgXPNPVwzfopABdr9Ima9sWusgAjuK5NA+ByI9vE
HLJxpwKBgQCTM938cdx457ag1hS6EaEKyqljS1/B8ozptB4cy3h0hzw0crNmW84/
1Lt9MJmeR4FrWitQkkVLZL3SrYzrP2i+uDd4wVVD5epvnGP/Bk6g05/eB9LgDRx/
EeBgS282jUBkXZ6WpzqHCcku3Avs3ajzsC1WaEYx0tCiBxSkiJlaLQ==
-----END RSA PRIVATE KEY-----
On the production front, you need to use a bash variable at the command prompt to store your key before you pass it to the Docker command that runs your container. Example:
$ pem=$( cat path_to_key )
$ docker run -e "SSH_KEY=$pem" configserver
At this point you should have the application taken care of. Now all you need is to get past the ssh host not trusted problem. For this, add these lines in your Dockerfile. Replace "bitbucket.org" with whatever host you want. These commands create the ssh config directory, fix the permissions, and then create and populate the knownhosts file.
RUN mkdir -p /root/.ssh
RUN chmod 700 /root/.ssh
RUN ssh-keyscan bitbucket.org > /root/.ssh/known_hosts
这篇关于Spring Cloud Config Server使用SSH密钥进行Git并在Docker中运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
