0

I have a cookbook, that uses deploy_key cookbook to generate deploy key & git cookbook to clone private gitlab project.

Chef always says that he has deployed keys successfully and gave them proper rights.

But sometimes it works fine, sometimes it gives following error, and i can't get why.

==> default: ================================================================================
==> default: Error executing action `sync` on resource 'git[/home/vagrant/webtest]'
==> default: ================================================================================
==> default: Mixlib::ShellOut::ShellCommandFailed
==> default: ------------------------------------
==> default: Expected process to exit with [0], but received '128'
==> default: ---- Begin output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Permission denied, please try again.
==> default: Permission denied, please try again.
==> default: Permission denied (publickey,password).
==> default: fatal: Could not read from remote repository.
==> default: Please make sure you have the correct access rights
==> default: and the repository exists.
==> default: ---- End output of git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" ----
==> default: Ran git ls-remote "git@gitlab.example.com:qa/webtest.git" "HEAD" returned 128

Moreover, if chef fails to clone project with following message, second provision (i've tried vagrant provision for this) try will work fine (same as i will login on the VM and manually clone the project).

I thought that sometimes keys are not deployed in time.. but according to chef output they must be ready.

What could be the problem?

I am deploying keys (each deployment new keys are generated following way using gitlab project_id and token):

deploy_key "my_project_deploy_key" do
    provider Chef::Provider::DeployKeyGitlab
    path "#{node['webtest']['home_dir']}/.ssh"
    credentials({
        :token => node['webtest']['gitlab']['token']
    })
    api_url "#{node['webtest']['gitlab']['api_scheme']}://#{node['webtest']['gitlab']['api_domain']}"
    repo  node['webtest']['gitlab']['project_id']
    owner node['webtest']['user']
    group node['webtest']['group']
    mode 00600
    action :add
end

I am cloning repo this way:

git "#{node['webtest']['home_dir']}/webtest" do
    repository node['webtest']['git']['repo']
    checkout_branch node['webtest']['git']['branch']
    ssh_wrapper "#{node['webtest']['home_dir']}/.ssh/wrap-ssh4git.sh"
    user node['webtest']['user']
    group node['webtest']['group']
    enable_checkout false
    action :sync
end
avasin
  • 9,186
  • 18
  • 80
  • 127

1 Answers1

0

For the example to work, you need to make gitlab.example.com aware of your public key so ssh can use your private key to connect.

The method varies, but for modern Linux machines the ssh-copy-id may make it easier to get your public key copied correctly.

Thorbjørn Ravn Andersen
  • 73,784
  • 33
  • 194
  • 347
  • I don't need to use ssh key. I use deploy keys, that provide read-only access to clone repos. You can read about them here: http://doc.gitlab.com/ce/ssh/README.html – avasin Jul 18 '15 at 23:21
  • Deploy keys _are_ SSH keys, for what it's worth. – Martin Jul 18 '15 at 23:23
  • @Martin sure, sorry. But i don't want to copy ssh keys. SSH key is generated for every deployment via chef, using gitlab project_id & token via deploy_key cookbook. – avasin Jul 18 '15 at 23:24
  • The error message is ssh saying that the key mechanism does not give you access. – Thorbjørn Ravn Andersen Jul 19 '15 at 07:48
  • Also "gitlab.example.com" listed in your output does not resolve. Is this a verbatim copy? – Thorbjørn Ravn Andersen Jul 19 '15 at 07:49
  • @ThorbjørnRavnAndersen no, it is just example. Yes, i understand. The problem is that rsa key are generated, deploy key is added in gitlab, but on vagrant up this issue randomly happens. – avasin Jul 20 '15 at 09:37