vcsrepo with specific identity?
366 views
Skip to first unread message
Matt Zagrabelny
Dec 3, 2019, 11:58:22 AM12/3/19
to puppet...@googlegroups.com
Greetings,
I am attempting to specify an identity with a vcsrepo resource. Such as:
vcsrepo { '/opt/src/repository':
ensure => present,
provider => git,
revision => 'stable',
source => 'ssh://gito...@git.example.com/repository.git',
identity => '/root/.ssh/id_rsa__gitolite_access__non_private',
}
ensure => present,
provider => git,
revision => 'stable',
source => 'ssh://gito...@git.example.com/repository.git',
identity => '/root/.ssh/id_rsa__gitolite_access__non_private',
}
I'm running puppet 5.5 (Debian Buster).
I've tried with both the (Debian) packaged version of puppetlabs vcsrepo (1.3.2) and the most recent source release from the forge (3.0.0) and I am getting the same results for both:
Error: Execution of '/usr/bin/git clone ssh://gito...@git.example.com/repository.git /opt/src/repository' returned 128: Cloning into '/opt/src/repository'...
Permission denied, please try again.
Permission denied, please try again.
gito...@git.example.com: Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Error: /Stage[main]/Profile___base__gnu/Vcsrepo[/opt/src/repository]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/git clone ssh://gito...@git.example.com/repository.git /opt/src/repository' returned 128: Cloning into '/opt/src/repository'...
Permission denied, please try again.
Permission denied, please try again.
gito...@git.example.com: Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Permission denied, please try again.
Permission denied, please try again.
gito...@git.example.com: Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Error: /Stage[main]/Profile___base__gnu/Vcsrepo[/opt/src/repository]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/git clone ssh://gito...@git.example.com/repository.git /opt/src/repository' returned 128: Cloning into '/opt/src/repository'...
Permission denied, please try again.
Permission denied, please try again.
gito...@git.example.com: Permission denied (publickey,password).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I can get the vcsrepo to work if I utilize the default identity file (~/.ssh/id_rsa) or by defining the identity file to use in ~/.ssh/config. That is, by not specifying the "identity" parameter things work as expected.
Additionally, I can successfully clone the repo using git using the desired identity file:
# GIT_SSH_COMMAND="/usr/bin/ssh -i /root/.ssh/id_rsa__gitolite_access__non_private" git clone --single-branch --branch stable ssh://gito...@git.example.com/repository.git
Cloning into 'repository'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 8 (delta 1), reused 0 (delta 0)
Receiving objects: 100% (8/8), done.
Resolving deltas: 100% (1/1), done.
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (6/6), done.
remote: Total 8 (delta 1), reused 0 (delta 0)
Receiving objects: 100% (8/8), done.
Resolving deltas: 100% (1/1), done.
Has anyone had success with specifying the identity file with vcsrepo?
Any hints, tips, or suggestions are very welcome!
Thanks,
-m
Yvan Broccard
Dec 3, 2019, 12:22:15 PM12/3/19
to puppet...@googlegroups.com
Don't forget the "user", "group" and "owner" parameter. For example, from one of my manifests :
-> vcsrepo {'oracle-scripts':
ensure => 'latest',
path => "${hvs_oracle::oradb::admindir}/oracle-scripts",
provider => 'git',
source => 'ssh://git@git:7999/infra/oracle-scripts.git',
identity => "${oraclehome}/.ssh/id_ed25519",
revision => 'master',
user => 'oracle',
owner => 'oracle',
group => 'oinstall',
}
ensure => 'latest',
path => "${hvs_oracle::oradb::admindir}/oracle-scripts",
provider => 'git',
source => 'ssh://git@git:7999/infra/oracle-scripts.git',
identity => "${oraclehome}/.ssh/id_ed25519",
revision => 'master',
user => 'oracle',
owner => 'oracle',
group => 'oinstall',
}
Owner and groups are the Linux who will clone the repo and need permissions to create a directory.
Regards
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAOLfK3WBecdGjVVH3uBrcVd0KHzB90aAR1xob4m3utdjAH3cpw%40mail.gmail.com.
Matt Zagrabelny
Dec 3, 2019, 12:42:00 PM12/3/19
to puppet...@googlegroups.com
On Tue, Dec 3, 2019 at 11:23 AM Yvan Broccard <yvan.b...@gmail.com> wrote:
Don't forget the "user", "group" and "owner" parameter. For example, from one of my manifests :
Hmmm....
-> vcsrepo {'oracle-scripts':
ensure => 'latest',
path => "${hvs_oracle::oradb::admindir}/oracle-scripts",
provider => 'git',
source => 'ssh://git@git:7999/infra/oracle-scripts.git',
identity => "${oraclehome}/.ssh/id_ed25519",
revision => 'master',
user => 'oracle',
owner => 'oracle',
group => 'oinstall',
}
When I don't use the "identity" parameter things work okay (even without the user, owner, and group parameters.)
The errors I'm seeing are directly related to git (via puppet) not using the specified key for authenticating. I don't think I'm seeing issues with the user, owner, group.
Thank you for the reply,
-m
Matt Zagrabelny
Dec 5, 2019, 1:21:03 PM12/5/19
to puppet...@googlegroups.com
My usage of the GIT_SSH_COMMAND environment variable was leaking into the "puppet agent -t" environment and was short-circuiting vcsrepo's use of GIT_SSH.
I've patched my local copy of the vcsrepo module and have created a PR:
Cheers!
-m
Reply all
Reply to author
Forward
0 new messages