Execute git commands from container to host

Question

I would like to run git commands from my container to the host. The git folder I'm updating lives on the host machine and I'm unable to clone it in my container. I would also prefer to have the files in my host machine so users don't have a hard time uploading files.

• Host
  • DockerContainer 1

Things I tried:

  ssh -i /var/sshkeys Username@vmMaching.Domain.corp 'cd /var/www/scheduledqueries && git pull' 

I got an error upon entering my code:

 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
 Permissions 0755 for '/var/sshkeys' are too open.
 It is required that your private key files are NOT accessible by others.
 This private key will be ignored.
 Load key "/var/sshkeys": bad permissions
 Username@vmMaching.Domain.corp's password:
 Permission denied, please try again.
 Username@vmMaching.Domain.corp's password:
 error: cannot open .git/FETCH_HEAD: Permission denied

 root@200eea99abd9:/#

I copied my cert and keys files to a location and listed it in the volume section of my docker-compose

Answer 1

The first part is purely ssh:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0755 for '/var/sshkeys' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/var/sshkeys": bad permissions

Git has nothing to do with this message. You ran ssh with arguments -i and a path name, a user and host, and a command to run once on the server. Ssh itself decided to ignore your -i so as to force you to fix permissions on the file.

You then typed in a password, and ssh ran the command you asked it to, on the server. That command—cd /var/www/scheduledqueries && git pull—successfully did a cd /var/www/scheduledqueries. It then ran git pull, which means run git fetch, then once that works, do something with the commits just fetched (the something part depends on how you've configured Git).

The fetch operation failed because, on the server, the user you logged in as has no permission to read and/or write to .git/FETCH_HEAD in that Git repository.

To fix the complaint in the first part, make sure the file on your client—where you're going to run ssh—has the correct permissions so that ssh is willing to use it (and that it has the correct content so that when ssh does use it, it works—that might already be the case; we only know that ssh did not use it).

To fix the complaint in the second part, make sure that whoever you log in to, on the server—Username@vmMaching.Domain.corp—has permission to read and write files in the .git directory. Generally that user should own that directory, although in some situations, you can set things up so that the user is a member of a group that can work with the directory. Setting up group-wide access to a Git repository is a bit tricky.

(Note that if you plan to use Docker just to run some particular service, you might wish to set up that service entirely outside Docker. You would then not need to do any Git operations in the server, as they would already have been done long before the docker commands even start.)