Sorry, the destination dir should be /opt/app-root/src/.ssh/ ssh-key will be the filename created based on the key of the secret itself being ssh-key.
Ben Parees | OpenShift On Feb 3, 2016 5:49 PM, "Ben Parees" <[email protected]> wrote: > The ssh key you are providing for git cloning is not available in the > context under which "assemble" is running. They are actually two totally > separate docker containers. > > That is why you need to separately indicate you want to provide a secret > to the build via this mechanism: > https://docs.openshift.org/latest/dev_guide/builds.html#using-secrets > > if indeed composer will just use the the file named ssh-key from > $HOME/.ssh then you should be able to specify > "/opt/app-root/src/.ssh/ssh-key" as the destinationDir for the secret. > (/opt/app-root/src is $HOME in our php image and presumably yours as well). > > > > > On Wed, Feb 3, 2016 at 9:55 AM, Johary RAVELONJATOVO <[email protected]> > wrote: > >> Hi, >> >> My custom s2i image is similar to your image so I thought it's the same >> issue. >> Here are my log on level 5 >> /*** >> *As you see, the ssh-privatekey used when it clone the project is the >> same that I want to use during the "composer install" >> ****/ >> I0203 14:24:50.378994 1 scmauths.go:27] Finding auth for "ssh-privatekey" >> 4 I0203 14:24:50.379052 1 scmauths.go:30] Found SCMAuth "ssh-privatekey" >> to handle "ssh-privatekey" >> 5 I0203 14:24:50.379075 1 scmauths.go:45] Setting up SCMAuth >> "ssh-privatekey" >> 6 I0203 14:24:50.379644 1 sti.go:167] With force pull false, setting >> policies to if-not-present >> ... >> /**** >> * Here the git repo is added to the known host so it used correctly the >> ssh-key >> ****/ >> 18 I0203 14:24:50.399258 1 sti.go:140] Preparing to build >> 172.30.223.43:5000/xxxxxxxxxx/xxxxxxxxxx-xxxxxxxxxx:latest >> 19 I0203 14:24:50.399610 1 source.go:96] git ls-remote >> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git --heads >> 20 I0203 14:24:50.399663 1 repository.go:275] Executing git ls-remote >> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git --heads >> 21 I0203 14:24:50.900606 1 repository.go:305] Err: Warning: Permanently >> added '[stash.xxxxxxxxxx.lan]:7999,[x.x.x.x]:7999' (RSA) to the list of >> known hosts. >> 22 I0203 14:24:50.900649 1 source.go:119] Warning: Permanently added >> '[stash.xxxxxxxxxx.lan]:7999,[x.x.x.x]:7999' (RSA) to the list of known >> hosts. >> 23 I0203 14:24:50.900662 1 source.go:189] Cloning source from >> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >> 24 I0203 14:24:50.900677 1 repository.go:275] Executing git clone >> --recursive ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >> /tmp/s2i-build583749303/upload/src >> 25 I0203 14:24:58.501440 1 repository.go:300] Out: Cloning into >> '/tmp/s2i-build583749303/upload/src'... >> 26 I0203 14:24:58.501483 1 repository.go:275] Executing git config --get >> remote.origin.url >> 27 I0203 14:24:58.502624 1 repository.go:300] Out: >> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >> 28 I0203 14:24:58.502650 1 repository.go:275] Executing git rev-parse >> --abbrev-ref HEAD >> 29 I0203 14:24:58.504043 1 repository.go:300] Out: develop >> 30 I0203 14:24:58.504064 1 repository.go:275] Executing git rev-parse >> --verify HEAD >> 41 I0203 14:24:58.520643 1 repository.go:300] Out: Thu Dec 17 13:42:16 >> 2015 -0500 >> 42 I0203 14:24:58.520667 1 repository.go:275] Executing git --no-pager >> show -s --format=%<(80,trunc)%s HEAD >> 43 I0203 14:24:58.522358 1 repository.go:300] Out: Automatic merge from >> master -> develop >> ... >> /**** >> * >> ****/ >> 44 I0203 14:24:58.522392 1 common.go:78] Setting build revision to >> &api.GitSourceRevision{Commit:"1da37a9c4395024f4f934a9fdb91185058055b99", >> Author:api.SourceControlUser{Name:"Johary Ravelonjatovo", Email:" >> [email protected]"}, Committer:api.SourceControlUser{Name:"Johary >> Ravelonjatovo", Email:"[email protected]"}, Message:"Automatic merge >> from master -> develop"} >> 45 I0203 14:24:58.598255 1 docker.go:224] Image >> openshift/php-55-centos7@sha256:2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >> available locally >> 46 I0203 14:24:58.598279 1 docker.go:344] Image contains >> io.openshift.s2i.scripts-url set to 'image:///usr/libexec/s2i' >> 47 I0203 14:24:58.598308 1 download.go:57] Using image internal scripts >> from: image:///usr/libexec/s2i/assemble >> 48 I0203 14:24:58.598319 1 download.go:57] Using image internal scripts >> from: image:///usr/libexec/s2i/run >> 49 I0203 14:24:58.600501 1 docker.go:224] Image >> openshift/php-55-centos7@sha256:2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >> available locally >> 50 I0203 14:24:58.600513 1 docker.go:344] Image contains >> io.openshift.s2i.scripts-url set to 'image:///usr/libexec/s2i' >> 51 I0203 14:24:58.600532 1 download.go:57] Using image internal scripts >> from: image:///usr/libexec/s2i/save-artifacts >> 52 I0203 14:24:58.600543 1 sti.go:221] Using assemble from >> image:///usr/libexec/s2i >> 53 I0203 14:24:58.600550 1 sti.go:221] Using run from >> image:///usr/libexec/s2i >> 54 I0203 14:24:58.600555 1 sti.go:221] Using save-artifacts from >> image:///usr/libexec/s2i >> 55 I0203 14:24:58.600756 1 ignore.go:58] .s2iignore file does not exist >> 56 I0203 14:24:58.600771 1 sti.go:148] Clean build will be performed >> 57 I0203 14:24:58.600777 1 sti.go:151] Performing source build from >> file:///tmp/s2i-build583749303/upload/src >> 58 I0203 14:24:58.600782 1 sti.go:164] Running "assemble" in " >> 172.30.223.43:5000/xxxxxxxxxx/xxxxxxxxxx-xxxxxxxxxx:latest" >> 59 I0203 14:24:58.600795 1 sti.go:412] Using image name >> openshift/php-55-centos7@sha256 >> :2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >> 60 I0203 14:24:58.600805 1 sti.go:416] No .sti/environment provided (no >> environment file found in application sources) >> 61 I0203 14:24:58.601069 1 tar.go:177] Adding to tar: >> /tmp/s2i-build583749303/upload/src/.bowerrc as src/.bowerrc >> 62 I0203 14:24:58.604169 1 docker.go:344] Image contains >> io.openshift.s2i.scripts-url set to 'image:///usr/libexec/s2i' >> 63 I0203 14:24:58.604183 1 docker.go:399] Base directory for STI scripts >> is '/usr/libexec/s2i'. Untarring destination is '/tmp'. >> 64 I0203 14:24:58.604194 1 docker.go:529] Creating container using >> config: {Hostname: Domainname: User: Memory:0 MemorySwap:0 CPUShares:0 >> CPUSet: AttachStdin:false AttachStdout:true AttachStderr:false PortSpecs:[] >> ExposedPorts:map[] Tty:false OpenStdin:true StdinOnce:true >> Env:[OPENSHIFT_BUILD_NAME=xxxxxxxxxx-xxxxxxxxxx-6 >> OPENSHIFT_BUILD_NAMESPACE=xxxxxxxxxx >> OPENSHIFT_BUILD_SOURCE=ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >> BUILD_LOGLEVEL=5] Cmd:[/bin/sh -c tar -C /tmp -xf - && >> /usr/libexec/s2i/assemble] DNS:[] >> Image:openshift/php-55-centos7@sha256:2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >> Volumes:map[] VolumeDriver: VolumesFrom: WorkingDir: MacAddress: >> Entrypoint:[] NetworkDisabled:false SecurityOpts:[] OnBuild:[] Mounts:[] >> Labels:map[]} >> 65 I0203 14:24:58.800445 1 docker.go:543] Attaching to container >> 66 I0203 14:24:58.801636 1 docker.go:549] Starting container >> ... >> I0203 14:25:01.784555 1 sti.go:492] ---> Installing application source... >> 1804 I0203 14:25:01.933378 1 sti.go:492] Found 'composer.json', >> installing dependencies using composer.phar... >> 1805 I0203 14:25:08.812637 1 sti.go:492] All settings correct for using >> Composer >> 1806 I0203 14:25:08.815421 1 sti.go:492] Downloading... >> 1807 I0203 14:25:10.314763 1 sti.go:492] >> 1808 I0203 14:25:10.314782 1 sti.go:492] Composer successfully installed >> to: /opt/app-root/src/composer.phar >> 1809 I0203 14:25:10.314788 1 sti.go:492] Use it: php composer.phar >> 1810 E0203 14:25:10.471708 1 util.go:91] Loading composer repositories >> with package information >> 1811 E0203 14:25:10.471807 1 util.go:91] Installing dependencies >> (including require-dev) from lock file >> 1812 E0203 14:25:10.523105 1 util.go:91] - Installing twig/twig (v1.18.1) >> 1813 E0203 14:25:10.523559 1 util.go:91] Downloading >> .... >> /*** >> * Here it didn't use any ssh-key. >> **/ >> 1849 E0203 14:25:15.074480 1 util.go:91] [RuntimeException] >> 1850 E0203 14:25:15.074494 1 util.go:91] Failed to execute git clone >> --no-checkout >> 'ssh://[email protected]:7999/components/doctrine-migrations.git' >> '/opt/app-root/src/vendor/doctrine/migrations' && cd >> '/opt/app-root/src/vendor/doctrine/migrations' && git remote add composer >> 'ssh://[email protected]:7999/components/doctrine-migrations.git' >> && git fetch composer >> 1851 E0203 14:25:15.074500 1 util.go:91] Host key verification failed. >> 1852 E0203 14:25:15.074504 1 util.go:91] fatal: Could not read from >> remote repository. >> 1853 E0203 14:25:15.074509 1 util.go:91] Please make sure you have the >> correct access rights >> 1854 E0203 14:25:15.074514 1 util.go:91] and the repository exists. >> 1855 E0203 14:25:15.074518 1 util.go:91] >> 1856 E0203 14:25:15.074526 1 util.go:91] >> 1857 E0203 14:25:15.074530 1 util.go:91] install [--prefer-source] >> [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--no-plugins] >> [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] >> [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] >> [-a|--classmap-authoritative] [--ignore-platform-reqs] [--] [<packages>]... >> 1858 E0203 14:25:15.074535 1 util.go:91] >> 1859 I0203 14:25:15.288977 1 docker.go:481] Container wait returns with 1 >> and <nil> >> >> Normally composer use the ssh-key from $HOME/.ssh to install private repo >> but here I don't understand the mecanism. I just want to use the same >> ssh-key on the beginning during the build >> >> You can try it by adding this on your composer.json >> >> { >> "require": { >> "vendor/my-private-repo": "dev-master" >> }, >> "repositories": [ >> { >> "type": "vcs", >> "url": "[email protected]:vendor/my-private-repo.git" >> } >> ]} >> >> >> >> Le 2 février 2016 à 15:45, Ben Parees <[email protected]> a écrit : >> >> I thought you had a custom s2i builder image, but it looks like you're >> just using our image. Our image(and the assemble script it includes) is >> not going to pass any credential secrets when invoking composer. Are you >> providing a custom assemble script in your source repo that invokes >> composer directly? If so, how are you intending to tell composer about the >> ssh credentials? >> >> It might also help if you provide build logs with level 5 tracing enabled: >> >> >> https://docs.openshift.org/latest/dev_guide/builds.html#accessing-build-logs >> >> >> >> On Tue, Feb 2, 2016 at 5:19 PM, Johary RAVELONJATOVO <[email protected]> >> wrote: >> >>> I saw the doc today and try to use it but my origin was not up to date >>> :p. >>> >>> I try it once I update Origin (There's a lot of change) but I still have >>> the same issue. >>> >>> Here are my build config secret part >>> >>> >>> The "scmsecret" is my secret test key from ssh-key. Is there something >>> that I'm doing wrong? >>> >>> Thanks, >>> >>> Le 2 février 2016 à 12:29, Ben Parees <[email protected]> a écrit : >>> >>> we've just added a feature which allows you to inject secrets into the >>> build process so they are available during the "assemble" invocation, which >>> sounds like what you need. You'll need to be on the latest origin (the >>> code just dropped in the last week or so), here are the docs: >>> >>> https://docs.openshift.org/latest/dev_guide/builds.html#using-secrets >>> >>> Once you setup the build to inject your secret value, you can modify >>> your assemble script to use it when invoking composer. >>> >>> >>> On Tue, Feb 2, 2016 at 3:07 PM, Johary RAVELONJATOVO <[email protected]> >>> wrote: >>> >>>> Hi everyone, >>>> >>>> I actually try to deploy a symfony 2 project with OpenShift Origin. The >>>> source code of my project is on a private repository and I have create a >>>> secret with my ssh key to access on it "private-repo-secret". With that I >>>> have no problem to access on the source code with OpenShift Origin. >>>> After that I create a STI custom image, which detects if there's a >>>> composer.json on the project and if so it launched "composer install" >>>> command. >>>> >>>> I made some test and it works. It detects the composer.json and after >>>> that it launches the "composer install" command. >>>> >>>> The problem is when it did the "composer install", it's correct with >>>> public dependencies but not with private. I got an issue with ssh key >>>> because it needs the "private-repo-secrets" during the build with "composer >>>> install" >>>> >>>> >>>> >>>> _______________________________________________ >>>> users mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>> >>>> >>> >>> >>> -- >>> Ben Parees | OpenShift >>> >>> >> >> >> -- >> Ben Parees | OpenShift >> >> > > > -- > Ben Parees | OpenShift > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
