如何使用Docker中的部署密钥从Github部署代码?

时间:2018-04-12 18:45:04

标签: git docker ssh-agent

我想在构建时将Github中的代码拖入我的Docker镜像中。我有一个从存储库生成的部署密钥,但在我看来,ssh-agent不能处理我的Docker镜像。

我做了什么(我的Dockerfile):

FROM python:2.7-stretch
ADD ./id_rsa /root/.ssh/id_rsa
RUN eval "$(ssh-agent -s)"
RUN ssh-add -K /root/.ssh/id_rsa

输出:

Step 12/22 : RUN eval "$(ssh-agent -s)"
 ---> Running in f9ad80981cee
Agent pid 6
Removing intermediate container f9ad80981cee
 ---> d773f7ce5917
Step 13/22 : RUN ssh-add -K /root/.ssh/id_rsa
 ---> Running in 95efeed6a7ad
Could not open a connection to your authentication agent.
The command '/bin/sh -c ssh-add -K /root/.ssh/id_rsa' returned a non-zero code: 2

如您所见,ssh-agent已启动,但密钥未添加。

如果我跳过ssh-add步骤,那么我的git pull会因为特权而失败,因为特权没有按预期失败,因为没有发生认证。

3 个答案:

答案 0 :(得分:1)

实际上,您不需要将私钥复制到容器中(最好不要这样做)。

您需要的是ssh-agent已安装并在两者上启动:您的主机和Docker容器,然后您需要做的就是安装ssh-aget的套接字文件:

如果您使用 docker-compose 

environment:
  - "SSH_AUTH_SOCK=/tmp/ssh-agent"
volumes:
  - $SSH_AUTH_SOCK:/tmp/ssh-agent

使用 docker 

docker run -v $SSH_AUTH_SOCK:/tmp/ssh-agent 8be57bbc9561 sleep 1000000 # 8be57bbc9561 is an id of the image
docker exec -it -e SSH_AUTH_SOCK=/tmp/ssh-agent 5b6f4a8f8661 /bin/ash # 5b6f4a8f8661 is an id of the container

<强> P.S

根据您的情况,我认为问题可能与export命令有关,evaled命令通常来自ssh-agent输出的代码SSH_AUTH_SOCK

它应该为您提供两个变量:SSH_AGENT_PIDexport。但RUN不会在图像中持续存在。

您已经两次使用ssh-agent:首先启动RUN并导出变量,然后添加密钥。并且每个Dockerfile指令都会生成一个中间容器(并且导出它们不会持续存在)。

如果您仍然希望以这种方式使用它(我强烈建议避免),您可以尝试将两个命令绑定在一个RUN eval "$(ssh-agent -s)" && ssh-add /root/.ssh/id_rsa 中:

.

我根据上面的回答写了short post

答案 1 :(得分:0)

从此link

  

-K选项是Apple的标准版ssh-add,它存储了.sh   在您的钥匙串中为您添加密钥时的密码   SSH-剂。

     

如果您没有安装Apple的标准版本,您可能会收到   错误。

尝试删除-K选项并再次构建它。以下对我有用:

FROM python:2.7-stretch
ADD ./id_rsa /root/.ssh/id_rsa
RUN eval "$(ssh-agent -s)" && ssh-add /root/.ssh/id_rsa

答案 2 :(得分:-1)

修改Starting the Java application using /opt/run-java/run-java.sh ... ERROR: Neither $JAVA_MAIN_CLASS nor $JAVA_APP_JAR is set and 0 JARs found in /deployments (1 expected) exec java -javaagent:/opt/jolokia/jolokia.jar=config=/opt/jolokia/etc/jolokia.properties -Xms256m -Xmx256m -XX:+UseParallelGC -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MaxMetaspaceSize=100m -XX:ParallelGCThreads=1 -Djava.util.concurrent.ForkJoinPool.common.parallelism=1 -XX:CICompilerCount=2 -XX:+ExitOnOutOfMemoryError -cp . -jar Error: -jar requires jar file specification Usage: java [-options] class [args...] (to execute a class) or java [-options] -jar jarfile [args...] (to execute a jar file) where options include: -d32 use a 32-bit data model if available -d64 use a 64-bit data model if available -server to select the "server" VM The default VM is server, because you are running on a server-class machine. -cp <class search path of directories and zip/jar files> -classpath <class search path of directories and zip/jar files> A : separated list of directories, JAR archives, and ZIP archives to search for class files. -D<name>=<value> set a system property -verbose:[class|gc|jni] enable verbose output -version print product version and exit -version:<value> Warning: this feature is deprecated and will be removed in a future release. require the specified version to run -showversion print product version and continue -jre-restrict-search | -no-jre-restrict-search Warning: this feature is deprecated and will be removed in a future release. include/exclude user private JREs in the version search -? -help print this help message -X print help on non-standard options -ea[:<packagename>...|:<classname>] -enableassertions[:<packagename>...|:<classname>] enable assertions with specified granularity -da[:<packagename>...|:<classname>] -disableassertions[:<packagename>...|:<classname>] disable assertions with specified granularity -esa | -enablesystemassertions enable system assertions -dsa | -disablesystemassertions disable system assertions -agentlib:<libname>[=<options>] load native agent library <libname>, e.g. -agentlib:hprof see also, -agentlib:jdwp=help and -agentlib:hprof=help -agentpath:<pathname>[=<options>] load native agent library by full pathname -javaagent:<jarpath>[=<options>] load Java programming language agent, see java.lang.instrument -splash:<imagepath> show splash screen with specified image See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.

使用新密钥添加

~/.ssh/config
相关问题
最新问题