当我与Chef进行git克隆时,如何进行身份验证?
我对这一切都是新手,但我猜我将使用SSH密钥。。。但是怎么做呢当我与Chef进行git克隆时,如何进行身份验证?,git,chef-infra,chef-recipe,Git,Chef Infra,Chef Recipe,我对这一切都是新手,但我猜我将使用SSH密钥。。。但是怎么做呢 git '/home/vagrant/foo' do repository 'me@repo.domain.com:/usr/git/app.git' reference 'master' action :sync user "vagrant" group "vagrant" end 以下是对我有用的东西: 1-生成SSH密钥对(公共+私有) 您将添加到gitrepo的公钥 2-生成用于
git '/home/vagrant/foo' do
repository 'me@repo.domain.com:/usr/git/app.git'
reference 'master'
action :sync
user "vagrant"
group "vagrant"
end
以下是对我有用的东西: 1-生成SSH密钥对(公共+私有) 您将添加到
git
repo的公钥
2-生成用于加密的密钥
3-使用刀创建加密数据包
这将打开您最喜爱的编辑器(vim),然后您需要添加私钥:
{
"name": "data_bag_item_private_keys_git_key",
"json_class": "Chef::DataBagItem",
"chef_type": "data_bag_item",
"data_bag": "private_keys",
"raw_data": {
"id": "git_key",
"private": "Add HERE you private key, replace the newlines by \n" <===== this is going to be a very long string of caracters
}
}
5-查看您的加密数据包
6-将公钥添加到节点
重要提示:在该命令结束时,您将拥有需要添加到烹饪书中的known_hosts
文件。将其复制到烹饪书的files/default
文件夹中
在这之后,我将git克隆
我的存储库
我想我已经详细记录了我所做的工作,但是请不要提任何问题
$ knife data bag create private_keys git_key --secret-file encrypted_data_bag_secret
{
"name": "data_bag_item_private_keys_git_key",
"json_class": "Chef::DataBagItem",
"chef_type": "data_bag_item",
"data_bag": "private_keys",
"raw_data": {
"id": "git_key",
"private": "Add HERE you private key, replace the newlines by \n" <===== this is going to be a very long string of caracters
}
}
secret = Chef::EncryptedDataBagItem.load_secret("/vagrant/encrypted_data_bag_secret")
git_key = Chef::EncryptedDataBagItem.load( "private_keys", "git_key", secret)
#git_key = Chef::DataBagItem.load( "private_keys_not_encrypted", "git_key")
file "/home/otto/.ssh/id_rsa" do
content git_key['private']
owner "otto"
group "otto"
mode 00600
action [:delete, :create]
end
$ knife data bag show private_keys git_key
id: git_key
private:
cipher: aes-256-cbc
encrypted_data: osuRPsasdfasdfasdfasdfaKutAXYrklKwn+zAgtlQZsFZNRKCyDf1Lc
2jtRZeGye0WHEKbVCtO7+arpytY7jNA4prOsK6iF1+cJsKcIBDtiNuurt80V
ljGJ5RNfvAtW5HJb2P7Sw75RyQQruKha0fsbyWTKwyssXnXZbmGxEFb+Vz4m
vEiU0tVk7/M04zAw34beEfnmAKNAae4TAgrlYg8bdQcxBi6zIdj5AW1VGBsh
xaxFdfEXvNcSwMBX9w3Yyj7xVzI7fj3QHqnJl/p4VKhwoOlCahbJqh3A72xc
l0mg0aPYfASulVuLm6U+KywzonOOVqXpeNYPtz+bW5v6Wa4cIM3aJ0JcObDw
BNqe0goDRHjz6YJBKW9RT5EiRJPZbdNWJaEZhEawW/e9lyLq/A44sZhC+m0I
...
[FILTERED]
...
6RA/9XxH7pGJpJtxVYGWSQB1diHcpaT1Vg7RT48L7WZJjJcK0ZQHYZpXfIB2
jUfIM3VY3ceD12unbZPI6FifdFq74qlr0fF4WM6V7WhJTgx3V3xCYLkjnhD9
9mchWqaBa9oYNoflSR0vl21j2gywDG0LPI5bbgTU+Gu5A+XsGirW/FYfKS28
08+B64Qvep0axtocs3GN2hOb
iv: dTFABrasdfasdfaLh5bNIJeUWQ==
version: 1
cookbook_file "/home/otto/.ssh/id_rsa.pub" do
source "id_rsa.pub" <=== Contains the public key
mode "0644"
end
cookbook_file "/home/otto/.ssh/known_hosts" do
source "known_hosts" <=== BitBucket host
mode "0644"
end
$ ssh -T git@bitbucket.org
The authenticity of host 'bitbucket.org ([FILTERED])' can't be established.
RSA key fingerprint is [FILTERED].
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'bitbucket.org,[FILTERED]' (RSA) to the list of known hosts.
authenticated via a deploy key.
You can use git or hg to connect to Bitbucket. Shell access is disabled.