That looks right, can you provide the build logs with level 5 tracing enabled?
On Fri, Feb 5, 2016 at 10:53 AM, Johary RAVELONJATOVO <[email protected]> wrote: > Hi, > > I set my build config like this > source: > type: Git > git: > uri: 'ssh://[email protected]' > ref: openshift > sourceSecret: > name: scmsecret > secrets: > - > secret: > name: scmsecret > destinationDir: /opt/app-root/src > > I change my assemble script to list the folder "/opt/app-root/src" and it > seems that the secret is not inject on it. Is there something that I > missed? I try different thing but it still not working. I thought that the > scmsecret is not inject correctly > > > Le 3 février 2016 à 20:33, Ben Parees <[email protected]> a écrit : > > Sorry, the destination dir should be /opt/app-root/src/.ssh/ > > ssh-key will be the filename created based on the key of the secret itself > being ssh-key. > > Ben Parees | OpenShift > On Feb 3, 2016 5:49 PM, "Ben Parees" <[email protected]> wrote: > >> The ssh key you are providing for git cloning is not available in the >> context under which "assemble" is running. They are actually two totally >> separate docker containers. >> >> That is why you need to separately indicate you want to provide a secret >> to the build via this mechanism: >> https://docs.openshift.org/latest/dev_guide/builds.html#using-secrets >> >> if indeed composer will just use the the file named ssh-key from >> $HOME/.ssh then you should be able to specify >> "/opt/app-root/src/.ssh/ssh-key" as the destinationDir for the secret. >> (/opt/app-root/src is $HOME in our php image and presumably yours as well). >> >> >> >> >> On Wed, Feb 3, 2016 at 9:55 AM, Johary RAVELONJATOVO <[email protected]> >> wrote: >> >>> Hi, >>> >>> My custom s2i image is similar to your image so I thought it's the same >>> issue. >>> Here are my log on level 5 >>> /*** >>> *As you see, the ssh-privatekey used when it clone the project is the >>> same that I want to use during the "composer install" >>> ****/ >>> I0203 14:24:50.378994 1 scmauths.go:27] Finding auth for "ssh-privatekey" >>> 4 I0203 14:24:50.379052 1 scmauths.go:30] Found SCMAuth "ssh-privatekey" >>> to handle "ssh-privatekey" >>> 5 I0203 14:24:50.379075 1 scmauths.go:45] Setting up SCMAuth >>> "ssh-privatekey" >>> 6 I0203 14:24:50.379644 1 sti.go:167] With force pull false, setting >>> policies to if-not-present >>> ... >>> /**** >>> * Here the git repo is added to the known host so it used correctly >>> the ssh-key >>> ****/ >>> 18 I0203 14:24:50.399258 1 sti.go:140] Preparing to build >>> 172.30.223.43:5000/xxxxxxxxxx/xxxxxxxxxx-xxxxxxxxxx:latest >>> 19 I0203 14:24:50.399610 1 source.go:96] git ls-remote >>> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git --heads >>> 20 I0203 14:24:50.399663 1 repository.go:275] Executing git ls-remote >>> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git --heads >>> 21 I0203 14:24:50.900606 1 repository.go:305] Err: Warning: Permanently >>> added '[stash.xxxxxxxxxx.lan]:7999,[x.x.x.x]:7999' (RSA) to the list of >>> known hosts. >>> 22 I0203 14:24:50.900649 1 source.go:119] Warning: Permanently added >>> '[stash.xxxxxxxxxx.lan]:7999,[x.x.x.x]:7999' (RSA) to the list of known >>> hosts. >>> 23 I0203 14:24:50.900662 1 source.go:189] Cloning source from >>> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >>> 24 I0203 14:24:50.900677 1 repository.go:275] Executing git clone >>> --recursive >>> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >>> /tmp/s2i-build583749303/upload/src >>> 25 I0203 14:24:58.501440 1 repository.go:300] Out: Cloning into >>> '/tmp/s2i-build583749303/upload/src'... >>> 26 I0203 14:24:58.501483 1 repository.go:275] Executing git config --get >>> remote.origin.url >>> 27 I0203 14:24:58.502624 1 repository.go:300] Out: >>> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >>> 28 I0203 14:24:58.502650 1 repository.go:275] Executing git rev-parse >>> --abbrev-ref HEAD >>> 29 I0203 14:24:58.504043 1 repository.go:300] Out: develop >>> 30 I0203 14:24:58.504064 1 repository.go:275] Executing git rev-parse >>> --verify HEAD >>> 41 I0203 14:24:58.520643 1 repository.go:300] Out: Thu Dec 17 13:42:16 >>> 2015 -0500 >>> 42 I0203 14:24:58.520667 1 repository.go:275] Executing git --no-pager >>> show -s --format=%<(80,trunc)%s HEAD >>> 43 I0203 14:24:58.522358 1 repository.go:300] Out: Automatic merge from >>> master -> develop >>> ... >>> /**** >>> * >>> ****/ >>> 44 I0203 14:24:58.522392 1 common.go:78] Setting build revision to >>> &api.GitSourceRevision{Commit:"1da37a9c4395024f4f934a9fdb91185058055b99", >>> Author:api.SourceControlUser{Name:"Johary Ravelonjatovo", Email:" >>> [email protected]"}, Committer:api.SourceControlUser{Name:"Johary >>> Ravelonjatovo", Email:"[email protected]"}, Message:"Automatic >>> merge from master -> develop"} >>> 45 I0203 14:24:58.598255 1 docker.go:224] Image >>> openshift/php-55-centos7@sha256:2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >>> available locally >>> 46 I0203 14:24:58.598279 1 docker.go:344] Image contains >>> io.openshift.s2i.scripts-url set to 'image:///usr/libexec/s2i' >>> 47 I0203 14:24:58.598308 1 download.go:57] Using image internal scripts >>> from: image:///usr/libexec/s2i/assemble >>> 48 I0203 14:24:58.598319 1 download.go:57] Using image internal scripts >>> from: image:///usr/libexec/s2i/run >>> 49 I0203 14:24:58.600501 1 docker.go:224] Image >>> openshift/php-55-centos7@sha256:2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >>> available locally >>> 50 I0203 14:24:58.600513 1 docker.go:344] Image contains >>> io.openshift.s2i.scripts-url set to 'image:///usr/libexec/s2i' >>> 51 I0203 14:24:58.600532 1 download.go:57] Using image internal scripts >>> from: image:///usr/libexec/s2i/save-artifacts >>> 52 I0203 14:24:58.600543 1 sti.go:221] Using assemble from >>> image:///usr/libexec/s2i >>> 53 I0203 14:24:58.600550 1 sti.go:221] Using run from >>> image:///usr/libexec/s2i >>> 54 I0203 14:24:58.600555 1 sti.go:221] Using save-artifacts from >>> image:///usr/libexec/s2i >>> 55 I0203 14:24:58.600756 1 ignore.go:58] .s2iignore file does not exist >>> 56 I0203 14:24:58.600771 1 sti.go:148] Clean build will be performed >>> 57 I0203 14:24:58.600777 1 sti.go:151] Performing source build from >>> file:///tmp/s2i-build583749303/upload/src >>> 58 I0203 14:24:58.600782 1 sti.go:164] Running "assemble" in " >>> 172.30.223.43:5000/xxxxxxxxxx/xxxxxxxxxx-xxxxxxxxxx:latest" >>> 59 I0203 14:24:58.600795 1 sti.go:412] Using image name >>> openshift/php-55-centos7@sha256 >>> :2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >>> 60 I0203 14:24:58.600805 1 sti.go:416] No .sti/environment provided (no >>> environment file found in application sources) >>> 61 I0203 14:24:58.601069 1 tar.go:177] Adding to tar: >>> /tmp/s2i-build583749303/upload/src/.bowerrc as src/.bowerrc >>> 62 I0203 14:24:58.604169 1 docker.go:344] Image contains >>> io.openshift.s2i.scripts-url set to 'image:///usr/libexec/s2i' >>> 63 I0203 14:24:58.604183 1 docker.go:399] Base directory for STI scripts >>> is '/usr/libexec/s2i'. Untarring destination is '/tmp'. >>> 64 I0203 14:24:58.604194 1 docker.go:529] Creating container using >>> config: {Hostname: Domainname: User: Memory:0 MemorySwap:0 CPUShares:0 >>> CPUSet: AttachStdin:false AttachStdout:true AttachStderr:false PortSpecs:[] >>> ExposedPorts:map[] Tty:false OpenStdin:true StdinOnce:true >>> Env:[OPENSHIFT_BUILD_NAME=xxxxxxxxxx-xxxxxxxxxx-6 >>> OPENSHIFT_BUILD_NAMESPACE=xxxxxxxxxx OPENSHIFT_BUILD_SOURCE= >>> ssh://[email protected]:7999/cr/xxxxxxxxxx-xxxxxxxxxx.git >>> BUILD_LOGLEVEL=5] Cmd:[/bin/sh -c tar -C /tmp -xf - && >>> /usr/libexec/s2i/assemble] DNS:[] >>> Image:openshift/php-55-centos7@sha256:2efdf864cdff3795138d0bae5c9a198dc6b8cf0815ed845a99ef372021bbb8c3 >>> Volumes:map[] VolumeDriver: VolumesFrom: WorkingDir: MacAddress: >>> Entrypoint:[] NetworkDisabled:false SecurityOpts:[] OnBuild:[] Mounts:[] >>> Labels:map[]} >>> 65 I0203 14:24:58.800445 1 docker.go:543] Attaching to container >>> 66 I0203 14:24:58.801636 1 docker.go:549] Starting container >>> ... >>> I0203 14:25:01.784555 1 sti.go:492] ---> Installing application source... >>> 1804 I0203 14:25:01.933378 1 sti.go:492] Found 'composer.json', >>> installing dependencies using composer.phar... >>> 1805 I0203 14:25:08.812637 1 sti.go:492] All settings correct for using >>> Composer >>> 1806 I0203 14:25:08.815421 1 sti.go:492] Downloading... >>> 1807 I0203 14:25:10.314763 1 sti.go:492] >>> 1808 I0203 14:25:10.314782 1 sti.go:492] Composer successfully installed >>> to: /opt/app-root/src/composer.phar >>> 1809 I0203 14:25:10.314788 1 sti.go:492] Use it: php composer.phar >>> 1810 E0203 14:25:10.471708 1 util.go:91] Loading composer repositories >>> with package information >>> 1811 E0203 14:25:10.471807 1 util.go:91] Installing dependencies >>> (including require-dev) from lock file >>> 1812 E0203 14:25:10.523105 1 util.go:91] - Installing twig/twig (v1.18.1) >>> 1813 E0203 14:25:10.523559 1 util.go:91] Downloading >>> .... >>> /*** >>> * Here it didn't use any ssh-key. >>> **/ >>> 1849 E0203 14:25:15.074480 1 util.go:91] [RuntimeException] >>> 1850 E0203 14:25:15.074494 1 util.go:91] Failed to execute git clone >>> --no-checkout ' >>> ssh://[email protected]:7999/components/doctrine-migrations.git' >>> '/opt/app-root/src/vendor/doctrine/migrations' && cd >>> '/opt/app-root/src/vendor/doctrine/migrations' && git remote add composer ' >>> ssh://[email protected]:7999/components/doctrine-migrations.git' >>> && git fetch composer >>> 1851 E0203 14:25:15.074500 1 util.go:91] Host key verification failed. >>> 1852 E0203 14:25:15.074504 1 util.go:91] fatal: Could not read from >>> remote repository. >>> 1853 E0203 14:25:15.074509 1 util.go:91] Please make sure you have the >>> correct access rights >>> 1854 E0203 14:25:15.074514 1 util.go:91] and the repository exists. >>> 1855 E0203 14:25:15.074518 1 util.go:91] >>> 1856 E0203 14:25:15.074526 1 util.go:91] >>> 1857 E0203 14:25:15.074530 1 util.go:91] install [--prefer-source] >>> [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--no-plugins] >>> [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] >>> [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] >>> [-a|--classmap-authoritative] [--ignore-platform-reqs] [--] [<packages>]... >>> 1858 E0203 14:25:15.074535 1 util.go:91] >>> 1859 I0203 14:25:15.288977 1 docker.go:481] Container wait returns with >>> 1 and <nil> >>> >>> Normally composer use the ssh-key from $HOME/.ssh to install private >>> repo but here I don't understand the mecanism. I just want to use the same >>> ssh-key on the beginning during the build >>> >>> You can try it by adding this on your composer.json >>> >>> { >>> "require": { >>> "vendor/my-private-repo": "dev-master" >>> }, >>> "repositories": [ >>> { >>> "type": "vcs", >>> "url": "[email protected]:vendor/my-private-repo.git" >>> } >>> ]} >>> >>> >>> >>> Le 2 février 2016 à 15:45, Ben Parees <[email protected]> a écrit : >>> >>> I thought you had a custom s2i builder image, but it looks like you're >>> just using our image. Our image(and the assemble script it includes) is >>> not going to pass any credential secrets when invoking composer. Are you >>> providing a custom assemble script in your source repo that invokes >>> composer directly? If so, how are you intending to tell composer about the >>> ssh credentials? >>> >>> It might also help if you provide build logs with level 5 tracing >>> enabled: >>> >>> >>> https://docs.openshift.org/latest/dev_guide/builds.html#accessing-build-logs >>> >>> >>> >>> On Tue, Feb 2, 2016 at 5:19 PM, Johary RAVELONJATOVO <[email protected]> >>> wrote: >>> >>>> I saw the doc today and try to use it but my origin was not up to date >>>> :p. >>>> >>>> I try it once I update Origin (There's a lot of change) but I still >>>> have the same issue. >>>> >>>> Here are my build config secret part >>>> >>>> >>>> The "scmsecret" is my secret test key from ssh-key. Is there something >>>> that I'm doing wrong? >>>> >>>> Thanks, >>>> >>>> Le 2 février 2016 à 12:29, Ben Parees <[email protected]> a écrit : >>>> >>>> we've just added a feature which allows you to inject secrets into the >>>> build process so they are available during the "assemble" invocation, which >>>> sounds like what you need. You'll need to be on the latest origin (the >>>> code just dropped in the last week or so), here are the docs: >>>> >>>> https://docs.openshift.org/latest/dev_guide/builds.html#using-secrets >>>> >>>> Once you setup the build to inject your secret value, you can modify >>>> your assemble script to use it when invoking composer. >>>> >>>> >>>> On Tue, Feb 2, 2016 at 3:07 PM, Johary RAVELONJATOVO <[email protected] >>>> > wrote: >>>> >>>>> Hi everyone, >>>>> >>>>> I actually try to deploy a symfony 2 project with OpenShift Origin. >>>>> The source code of my project is on a private repository and I have create >>>>> a secret with my ssh key to access on it "private-repo-secret". With that >>>>> I >>>>> have no problem to access on the source code with OpenShift Origin. >>>>> After that I create a STI custom image, which detects if there's a >>>>> composer.json on the project and if so it launched "composer install" >>>>> command. >>>>> >>>>> I made some test and it works. It detects the composer.json and after >>>>> that it launches the "composer install" command. >>>>> >>>>> The problem is when it did the "composer install", it's correct with >>>>> public dependencies but not with private. I got an issue with ssh key >>>>> because it needs the "private-repo-secrets" during the build with >>>>> "composer >>>>> install" >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> users mailing list >>>>> [email protected] >>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >>>>> >>>>> >>>> >>>> >>>> -- >>>> Ben Parees | OpenShift >>>> >>>> >>> >>> >>> -- >>> Ben Parees | OpenShift >>> >>> >> >> >> -- >> Ben Parees | OpenShift >> >> -- Ben Parees | OpenShift
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
