Create docker image from customized discourse git repo which support ssh protocol access only


(Irshad) #1

Hi,
I have to build discourse from customized git code base which support ssh based access only. I have modified the app.yml as per this post. What changes should be there to pass my repo’s ssh authentication. I tried the below thing which did’nt work. I just tried to copy ssh key to container.

hooks:
  after_code:
    - exec:
        cd: $home/plugins
        cmd:
          - git clone https://github.com/discourse/docker_manager.git
    - exec:
        cd: $home
        cmd:
         # changes start here
          - cp ~/.ssh/id_rsa container:~/.ssh/id_rsa
          - git remote remove origin
          - git config --remove-section branch.master
          - git config --remove-section branch.tests-passed
          - git remote add origin git@codebase.xyz.com:userName/discourse.git
          - git fetch
          - git remote set-branches --add origin anonymous-locale
          - git branch -u origin/anonymous-locale
          - git reset --hard origin/anonymous-locale

(Jay Pfaffman) #2

ssh is picky about permissions and ownerships.

Enter the container (./launcher enter app) and make sure that you can get the thing you need (e.g., ssh git@codebase.xyz.com or maybe git clone git@codebase.xyz.com:userName/discourse.git, which, if you don’t need to set a branch might be easier anyway). It could be failing because your host isn’t in known hosts.


(Irshad) #3

@pfaffman : I can solve this easily by entering the container and setting my ssh configuration. But I am trying to make this in the after_code section before fetching the repo so as to avoid every time configuration.
See my line
- cp ~/.ssh/id_rsa container:~/.ssh/id_rsa
where I am trying to copy my ssh credentials from my local file system to container. Please let me know why it is not working.


(Jay Pfaffman) #4

When you get into the container is your key there? Is there permission wrong? What do you have to do to fix it that the script doesn’t do?


(Irshad) #5

@paffman : No it is not there and container not starts up it fails with the below error.
cp: cannot stat '/home/irshad/.ssh/id_rsa': No such file or directory

The issue is with the line - cp /home/irshad/.ssh/id_rsa app:~/.ssh/id_rsa mentioned in after_code hook of my app.yml.
Seems the SOURCE_PATH of my command is being fetched inside container itself rather than from local file system where ./launcher rebuild app is ran.Basically I am trying to copy the ssh file from my local file system to the container using the docker cp command. But it is not working.


(Jay Pfaffman) #6

If you install your key in a github or launchpad.net account, you can use

ssh-import-id-lp username

or
ssh-import-id-gh username

to install your public key from there. Not only is this easy, but it ensures that all directories and files that get created have the correct permissions. Since this command was added to Ubuntu I have saved countless hours and endless frustration.

I think what’s wrong with your code is that the cp at the top should be an scp, but this is a more foolproof solution and has the added advantage of making your life better.


(Irshad) #7

@pfaffman : I didn’t understand the first ssh-import-id-lp solution. As I am correct this just fetches the publickey from git server right ? . But here I need the ssh private key for the ssh public key I have put in my git server right ?
I tried the scp way (- scp username@xx.x.x.x:~/.ssh/id_rsa ~/.ssh/id_rsa ) and it again failed with the below error Host key verification failed. I thought it should prompt for my user password but it didn’t. Please help.


(Jay Pfaffman) #8

Oops. Yes, you’re right. It solves the problem of installing your public key, but not getting your private key.

means that the host keys (the ones that test whether the host you’re connecting to is, in fact, the correct host) are broken, wrong, or missing. So you need to be looking there, not at your user keys.

I think you might want to set StrictHostKeyChecking in /etc/ssh/ssh_config.

Or maybe you want to put an ssh directory with proper keys and such somewhere under /var/discourse/public/standalone (or whatever you might have put instead of “standalone)” on the server. Then in the container you can replace your

cp ~/.ssh/id_rsa container:~/.ssh/id_rsa

with something like

rsync -rav /var/www/discourse/ssh/ ~/.ssh/

This way, you could hand-configure ssh in the container, make sure it works, then rsync that .ssh directory into public with

rsync -rav ~/.ssh/ /var/www/discourse/ssh/ 

After that, it should be able to copy the ssh keys and settings


(Irshad) #9

Not possible as a my understanding is correct :slight_smile: . How can I edit the source code if it is being pulled from standard discourse. I need to make this point to my custom git repo which has got only ssh authentication.

@sam : Could you please help me out with this ?