è€åã§ãã
確èªäœæ¥ã«æéãåãããè¿ä¿¡ãé
ããŠããŸããŸããã
2017幎9æ27æ¥ 15:55 ohira <
shin....@gmail.com>:
> ãã€ããäžè©±ã«ãªã£ãŠãããŸãã
> ããã²ãã§ãã
>
>
> pipelinesã®sshããŒèšå®ã§ãã£ã³ã¬ãŒããªã³ããååŸã§ããªãå ŽåããããŸãã
> ã¿ãªããã®ãšããã§ã¯ããªããããªåé¡çºçããŠããŸããã?
>
>
> 説æ
>
> çŸåšäžã®ãããªæ§æã§äœ¿çšããŠããŸãã
>
> çŸç¶ã®æ¥ç¶
> ããŒã«ã«PC(hg push) -> escm11(hg push) -> bitbucket
>
> æè¿bitbucketã®æ©èœãã¢ããããŠããŸãã®ã§ãbitbucket ã®
> pipelines ã䜿çšããŠä»¥äžã®ãããªæµãã«ã§ããã°reviewãbitbucket
> ã§è¡ãªã£ããJIRAãšé£æºãããã©ã³ã管çãè¡ãªã£ããããã©ã³ãã®ã¢
> ã¯ã»ã¹å¶éãã€ããããšäŸ¿å©ã«äœ¿ããã®ã§ã¯ãªãããšèããŸããã(ã
> ããã€ã«ã€ããŠã¯ çŸç¶ã escm11 ããè¡ãªã£ãŠããã®ã§ãã®ãŸãŸå€æŽ
> ç¡ãã§äœ¿ããã®ãã¡ãªããã§ã)
>
> æ°ããæ¥ç¶
> ããŒã«ã«PC(hg push) -> bitbucket(hg push) -> escm11-> ãããã€å
>
> (çŸç¶ã®æ¥ç¶ãæ°ããæ¥ç¶ãå
¬ééµèªèšŒãã€ãã£ãŠsshçµç±ã§éä¿¡ããããšã«ããŸã)
>
>
> bitbucketããescm11ã«hg push ssh://hg@escm11 ããããã®äžæºå
>
> 1. bitbucketã«ãã¹ãçšã®ãªããžããªãäœæ
> 2. ãã¹ãçšã®ãªããžããªãããŒã«ã«PCã«clone
> 3. ããŒã«ã«PCã®ãªããžããªãescm11ã«clone
> 4. bitbucketã®ãã¹ãçšãªããžããªã®èšå®->ssh keys 㧠ããŒãã¢ãçæ
> 5. çæãããããŒãã¢ã®å
¬ééµãescm11ã®hgadminã§ãŠãŒã¶ãŒhgã®ããŒãšããŠè¿œå
> 6. bitbucketã®pipelinesã®æ¥ç¶å
IPã¢ãã¬ã¹ãšãã£ã³ã¬ãŒããªã³ãååŸæã®æ¥ç¶å
IPã¢ãã¬ã¹ãå
šãŠescm11ãžã®æ¥ç¶èš±å¯ã¢ãã¬ã¹ãšããŠç»é²
> 7. bitbucketã®ãã¹ãçšãªããžããªã®èšå®->ssh keys -> fingerprintã®fetch
> 8. bitbucketã®pipelinesèšå®ãã¡ã€ã«ã« hg push --new-branch ssh://
h...@escm11.mxfw.net/<ãªããžããªå>ãè¿œå
>
Bitbucket ãæ瀺ããŠããæé ã§ã¯:
https://confluence.atlassian.com/bitbucket/use-ssh-keys-in-bitbucket-pipelines-847452940.html
1. SSH éµå¯Ÿã®çæ
2. known_hosts ã®æŽæ° (= æ¥ç¶å
å
¬ééµã®ãã£ã³ã¬ãŒããªã³ãååŸ)
3. æ¥ç¶å
ã¢ã«ãŠã³ãã® .ssh/authorized_keys ãžã®å
¬ééµè¿œå
ãšããããšã«ãªã£ãŠããŸããã(2) ã (3) ãããå
ã«ãªã£ãŠããããšããã
(2) ã®æé ã¯ããŠãŒã¶èªèšŒ (= å®éã®ãã°ã€ã³) 段éã«ã¯è³ããªã (or
è³ãå¿
èŠããªã)ãããšãããããŸãã®ã§ã(1) ãé£ã°ããŠã(2) ãå®è¡
ããŠã倧äžå€«ãªçããšæšæž¬ããŸããã
å®éã« (1) ãé£ã°ã㊠(2) ãå®è¡ãããšãããç§ã®ç°å¢ãšã®é£æºã§ã¯ã
ãã£ã³ã¬ãŒããªã³ããåé¡ç¡ãååŸã§ããŠããŸã (äœåãç¹°ãè¿ããŠã¿ãŸ
ããããæåã¯å®å®ããŠããŸãã)ã
ãŸããã®éã«ãinvalid user äºã
ãšãã£ããšã©ãŒã¯ãsshd ã®ãã°åºåã
èŠãéãã§ã¯çºçããŠããŸããã
> äžæºåãçµãã£ãã
>
> ããŒã«ã«PCããbitbucketãžpushãããšescm11ã®ãªããžããªãæŽæ°ãã
> ãã®ã確èªã§ããŸããã
>
> ãšããã2ã€åé¡ããããŸããŠã
>
> é£æºãã¹ãçšãªããžããªat_1ã§ã¯åé¡ãªãé£æºã§ããããåãããã«èš
> å®ããat_2ã§ã¯ãã£ã³ã¬ãŒããªã³ãã®ãã§ãããã§ããªãã®ã§ãã
(ããã«é¢ããŠã¯åŸè¿°)
> ããã«æ£åžžã«åäœããŠããat_1ã§ååŸæžã¿ã®known_hostsã衚瀺ããŠã¿
> ããšescm11ã®éšåã«ç°åžžãèŠãããŸããã
ããã«é¢ããŠã¯æ
å ±ããªãã®ã§äœãšãèšããŸããããç»é²ãããšã³ããª
ãäžæŠåé€ããŠããã£ã³ã¬ãŒããªã³ãã®åååŸãè¡ã£ãŠãå£ãããŸãŸãªã®
ã§ããããïŒ
> pipelinesã®ããŒãã¢èšå®ããã£ã³ã¬ãŒããªã³ãã®ååŸã¯ãªããžããªæ¯
> ã«è¡ãå¿
èŠãããat_1 ã§ã¯æ£åžžã«ã§ããã®ã«åãããã«èšå®ããat_2
> ã§ã¯åäœããªãã®ã§ããç¹ã«ãã£ã³ã¬ãŒããªã³ããååŸã§ããªãã®ã§å°ã£
> ãŠããŸãã
>
> at_2 ã§ã®ãã£ã³ã¬ãŒããªã³ãååŸæã®escm11åŽã®ãã°
> (å°ãæéããããŠäºåãããªããŸãããäºåãšãat_2ã䜿ã£ãŠããŸã)
> (æ£åžžã«pipelinesããsshçµç±ã®hg pushãã§ããŠããã£ãœãat_1ã®
> ãã£ã³ã¬ãŒããªã³ãæã®ãã°ã¯ããæ¶ããŠããŸããŸãã)
>
> äºåã®ãã¹ããšã invalid userã®ãšã©ãŒãçºçããŠããããã«ã¿ããŸãã
(snip)
> 0e1e2be0-d661-48ca-9d0c-619575155a83 service ssh-connection method none
> 2017-09-27 12:20:36.086857500 debug1: attempt 0 failures 0
> 2017-09-27 12:20:36.087131500 debug2: parse_server_config: config reprocess config len 239
> 2017-09-27 12:20:36.087373500 Invalid user
> 0e1e2be0-d661-48ca-9d0c-619575155a83 from 104.192.139.229
> 2017-09-27 12:20:36.087530500 debug2: monitor_read: 6 used once, disabling now
> 2017-09-27 12:20:36.087548500 input_userauth_request: invalid user 0e1e2be0-d661-48ca-9d0c-619575155a83
äžèšã® "input_userauth_request: invalid user xxxxxx" ãåºåãããŠããã®ã¯:
- 0e1e2be0-d661-48ca-9d0c-619575155a83 ããŠãŒã¶åãšããŠæ瀺ãããŠããŠã
- äžã€èªèšŒå®æœã®æ®µé (= ~/.ssh ã®ååšç¢ºèª) ãŸã§åŠçãé²ãã§ãã
ãšããç¶æ³ãè¡šããŠããçã§ãã
æå
ã®ç°å¢ã§ç¢ºèªããéãã§ã¯ãæå¹ãªãŠãŒã¶åã§ã®ã¢ã¯ã»ã¹ã®å Ž
åã~/.ssh ã®ã¢ãŒãéåãšãã~/.ssh/authorized_keys ã®å
容äžæ£ã§ã®
æ¥ç¶æåŠã®å Žåã¯ãå¥ãªãšã©ãŒãšããŠæ€åºãããŠããŸãã (sshd å®è£
ã®
å·®ç°ã®å¯èœæ§ãæšãŠãããŸãããâŠâŠ)ã
ãŸã:
- ç¡å¹ãªãŠãŒã¶åæå®ã«ãã ssh å©çšã§ãã£ãŠããknown_hosts ãžã®
ãã£ã³ã¬ãŒããªã³ãåãå
¥ã確èªã¯ãããå°ãæåã®æ®µéã§åŠçããã
- ssh-keyscan ã³ãã³ãã®ãããªãããã£ã³ã¬ãŒããªã³ãã®ååŸã®ã¿ã
ãè¡ãåŠçã®å Žåãããããäžèšã®æ®µéã«è³ããªã
ã§ããããšã確èªããŸããã
ãããããããããã²ãããã at_2/escm11 ã®é£æºèšå®ããããŸãã«ã
ã®æã«éã£ãŠãããŸããŸä»¥äžã®ãããªå®è£
ãæŒãåºãŠããŸã£ãå¯èœæ§ãã
ããŸãã
ç¡äœçºã«çæãããããããååšããªãã§ããããŠãŒã¶åã
(ãã®å Žå㯠0e1e2be0-d661-48ca-9d0c-619575155a83) ã䜿ã£ã ssh
ãã°ã€ã³ãè¡ãããšã§ãæ¥ç¶å
ãã¹ãã®å
¬ééµãã£ã³ã¬ãŒããªã³ããååŸ
ãããããããŸã§ã«è¿°ã¹ãäºæãããçŸç¶ã§ã¯ããã£ã³ã¬ãŒããªã³ãååŸ
ã«ãããŠããŠãŒã¶åæå®ä»ãã§èªèšŒå®æœæ®µéã«å°éããããšã¯ãªãããã«
èŠããŸãã
è©Šãã«ãat_2 ãªããžããªã§ã® escm11 ã®ãã£ã³ã¬ãŒããªã³ãååŸãã
ãSSH éµå¯Ÿã®çæãç¡ã (= ~/.ssh/authorized_keys ãžã®è¿œå ããªã)
ã§ãå床è¡ã£ãŠã¿ãŠããããŸããïŒ
ãŸããat_2 ã§ã®ãã£ã³ã¬ãŒããªã³ãååŸãçžå€ãããé§ç®ãªå Žåãé©åœ
ã«éžãã 第ïŒã®ãªããžããªã§ã® escm11 ã®ãã£ã³ã¬ãŒããªã³ãååŸãåã
ããã«å€±æãããã確èªããŠã¿ãŠããããŸããïŒ
ããã§ãé§ç®ãªããå
¬åŒã® issue tracker ã«å ±åããæ¹ãè¯ããšæããŸã
(escm11 ç°å¢ã® OS ããã³ sshd ã®çæ
å ±çãå«ããæ¹ãè¯ãã§ããã)ã
https://bitbucket.org/site/master/wiki/Home
> 2017-09-27 12:20:36.087582500 debug2: monitor_read: 3 used once, disabling now
> 2017-09-27 12:20:36.087708500 debug2: input_userauth_request: try method none
> 2017-09-27 12:20:36.193670500 debug1: userauth-request for user
> 0e1e2be0-d661-48ca-9d0c-619575155a83 service ssh-connection method publickey
> 2017-09-27 12:20:36.193689500 debug1: attempt 1 failures 0
> 2017-09-27 12:20:36.193721500 debug2: input_userauth_request: try method publickey
> 2017-09-27 12:20:36.193739500 debug2: userauth_pubkey: disabled because of invalid user
> 2017-09-27 12:20:36.299544500 Connection closed by 104.192.139.229
> 2017-09-27 12:20:36.299563500 debug1: do_cleanup
> 2017-09-27 12:20:36.299745500 debug1: do_cleanup
> 2017-09-27 12:20:36.299885500 tcpserver: end 85278 status 65280
> 2017-09-27 12:20:36.299887500 tcpserver: status: 3/40
--
----------------------------------------------------------------------
FUJIWARA Katsunori(
flying...@gmail.com)