【问题标题】:Deploying a private repo in Chef: What am I doing wrong with my deploy key?在 Chef 中部署私有仓库:我的部署密钥有什么问题?
【发布时间】:2012-01-11 23:41:21
【问题描述】:

我正在使用 chef 来部署 rails/node 应用程序。当我从公共 github 存储库部署时,一切都部署得很好。不过,我想从私有 github 存储库进行部署,但在这样做时遇到了麻烦。这是我目前正在做的事情

cd ~/.ssh                        # change directory to my .ssh directory
ssh-keygen -f'deploy_key' -N ''  # create a deploy_key key pair without a passphrase
cat deploy_key.pub | pbcopy      # copy the public key into my clipboard

-go to https://github.com/HairyMezican/PrivateRepoName/admin/keys
-click on 'Add another deploy key'
-type 'deploy_key' into 'Title' field
- ⌘V (paste command) into 'Key' field
-click 'Add Key'

tr "\n" "#" < deploy_key | sed 's/#/\\n/g' | pbcopy      #copy the private key into my clipboard, except with all of the newlines replaced with a slash-n
cd ~/chef-repo                                           #change over the the chef repo directory

mate data_bags/apps/my_app.json                          #edit the appropriate data bag in TextMate
--set the following couple of lines before saving
-"repository": "https://HairyMezican@github.com/HairyMezican/PrivateRepoName.git",
-"deploy_key": "⌘V (paste command into here)",

knife data bag from file apps data_bags/apps/my_app.json                        #upload the databag to my chef server
ssh root@12.34.56.789 "mkdir ~/.ssh"                                            #create a ssh directory on my remote server
scp ~/.ssh/id_dsa root@12.34.56.789:.ssh/                                       #copy my private key over to the ssh directory on the remote server
cat ~/.ssh/id_dsa.pub | ssh root@12.34.56.789 'cat - >> ~/.ssh/authorized_keys' #add my public key into the authorized keys list on the remote server
knife bootstrap 12.34.56.789 -dubuntu10.04-gems -rrole[myapp]                   #tell my chef server to bootstrap the remote server

在引导过程尝试从私有存储库进行部署之前,一切正常。它显示了这个:

12.34.56.789 [Sat, 03 Dec 2011 01:41:42 +0000] INFO: Processing deploy_revision[myapp] action deploy (application::rails line 155)
12.34.56.789 Password:

然后几乎冻结(从技术上讲,我仍然可以输入,但我输入的内容不会影响脚本),直到 10 分钟后

12.34.56.789 [Sat, 03 Dec 2011 01:51:51 +0000] ERROR: deploy_revision[myapp] (application::rails line 155) has had an error
12.34.56.789 [Sat, 03 Dec 2011 01:51:51 +0000] ERROR: deploy_revision[myapp] (/var/chef/cache/cookbooks/application/recipes/rails.rb:155:in `from_file') had an error:
12.34.56.789 deploy_revision[myapp] (application::rails line 155) had an error: command timed out:

然后它会在 stdout 和 stderr 中列出一个空白输出,以及它尝试运行命令的堆栈跟踪

我做错了什么以及如何从私有存储库进行部署?

【问题讨论】:

  • 看起来您的 ssh 密钥正在请求释义,以便它可以连接到 github。您可以尝试在没有解释的情况下重新生成密钥然后使用吗? 注意:在 ssh 密钥中不使用释义存在安全风险

标签: github ssh-keys chef-infra


【解决方案1】:

如果这是一个私有 repo,你应该使用 git repo 的 SSH 路径,它也以 git@github.com 开头。

git@github.com:HairyMezican/PrivateRepoName.git

【讨论】:

    【解决方案2】:

    您需要在 github 上创建一个部署密钥,这样您就可以在不输入密码的情况下从您的私有存储库中提取。

    请参阅以下文档: http://help.github.com/deploy-keys/

    【讨论】:

    • 您不能将 SSH 密钥与 HTTPS 方案一起使用,因此情况并非如此。
    【解决方案3】:

    你做得对。注意 cookbooks/application/recipes/rails.rb 的第 85 行:not_if do ::File.exists?("#{app['deploy_to']}/id_deploy"); end

    即尝试手动登录实例并删除(可能是空白的)id_deploy 文件,然后重新初始化进程。

    ^_^

    【讨论】:

      猜你喜欢
      • 2013-08-25
      • 1970-01-01
      • 2019-10-01
      • 2014-11-15
      • 2019-10-27
      • 2012-12-24
      • 1970-01-01
      • 2014-08-16
      • 1970-01-01
      相关资源
      最近更新 更多