Docker:从私人GitHub回购中获取
我正在尝试运行一个容器,该容器将从我在私有GitHub repo上拥有的包中公开golang服务 由于我在GCE工作,我的入门形象是google/debian:wheezy 安装完所有必需的附件和工具后,我正在运行Docker:从私人GitHub回购中获取,github,go,docker,google-compute-engine,boot2docker,Github,Go,Docker,Google Compute Engine,Boot2docker,我正在尝试运行一个容器,该容器将从我在私有GitHub repo上拥有的包中公开golang服务 由于我在GCE工作,我的入门形象是google/debian:wheezy 安装完所有必需的附件和工具后,我正在运行 RUN go get github.com/<my_org>/<my_package> 尽管如此,在go-get过程中,当go试图克隆回购协议时,我还是遇到了一个错误: # cd .; git clone https://github.com/<my_
RUN go get github.com/<my_org>/<my_package>
尽管如此,在go-get过程中,当go试图克隆回购协议时,我还是遇到了一个错误:
# cd .; git clone https://github.com/<my_org>/<my_package> /gopath/src/github.com/<my_org>/<my_package>
Cloning into '/gopath/src/github.com/<my_org>/<my_package>'...
fatal: could not read Username for 'https://github.com': No such device or address
package github.com/<my_org>/<my_package>: exit status 128
这告诉我有一些问题。看起来验证私钥还可以,但是公钥上出现了一些奇怪的情况。这是可以得到的完整结果:
OpenSSH_6.0p1 Debian-4+deb7u2, OpenSSL 1.0.1e 11 Feb 2013
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to github.com [192.30.252.129] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version libssh-0.6.0
debug1: no match: libssh-0.6.0
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-sha1 none
debug1: kex: client->server aes128-ctr hmac-sha1 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
Warning: Permanently added the RSA host key for IP address '192.30.252.129' to the list of known hosts.
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /root/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: No more authentication methods to try.
Permission denied (publickey).
OpenSSH_6.0p1 Debian-4+deb7u2,OpenSSL 1.0.1e 2013年2月11日
不会分配伪终端,因为stdin不是终端。
debug1:读取配置数据/etc/ssh/ssh\u config
debug1:/etc/ssh/ssh\u配置第19行:应用*
debug1:连接到github.com[192.30.252.129]端口22。
debug1:已建立连接。
debug1:永久\u设置\u uid:0/0
debug1:标识文件/root/.ssh/id\u rsa类型1
debug1:检查黑名单文件/usr/share/ssh/blacklist.RSA-2048
debug1:正在检查黑名单文件/etc/ssh/blacklist.RSA-2048
debug1:identity file/root/.ssh/id\u rsa-cert类型-1
debug1:标识文件/root/.ssh/id_dsa类型-1
debug1:identity file/root/.ssh/id_dsa-cert类型-1
debug1:identity file/root/.ssh/id_ecdsa type-1
debug1:identity file/root/.ssh/id_ecdsa-cert type-1
debug1:远程协议版本2.0,远程软件版本libssh-0.6.0
debug1:不匹配:libssh-0.6.0
debug1:启用协议2.0的兼容模式
debug1:本地版本字符串SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1:SSH2\u MSG\u KEXINIT已发送
debug1:SSH2\u MSG\u KEXINIT已收到
debug1:kex:server->client aes128 ctr hmac-sha1无
debug1:kex:客户端->服务器aes128 ctr hmac-sha1无
debug1:发送SSH2\u MSG\u KEX\u ECDH\u INIT
debug1:需要SSH2\u MSG\u KEX\u ECDH\u回复
debug1:服务器主机密钥:RSA 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
debug1:主机“github.com”已知并与RSA主机密钥匹配。
debug1:在/root/.ssh/known_hosts中找到密钥:1
警告:已将IP地址“192.30.252.129”的RSA主机密钥永久添加到已知主机列表中。
debug1:ssh\u rsa\u验证:签名正确
debug1:SSH2\u MSG\u已发送新密钥
debug1:应为SSH2\u MSG\u NEWKEYS
debug1:SSH2\u MSG\u接收到新密钥
debug1:服务器不允许漫游
debug1:SSH2\u消息\u服务\u请求已发送
debug1:SSH2\u消息\u服务\u接收
debug1:可以继续的身份验证:公钥
debug1:下一个身份验证方法:公钥
debug1:提供RSA公钥:/root/.ssh/id\u RSA
debug1:服务器接受密钥:pkalg ssh rsa blen 279
debug1:密钥\解析\私有\ pem:pem\读取\私有密钥失败
debug1:读取PEM私钥完成:类型
debug1:读取\u密码短语:无法打开/dev/tty:没有此类设备或地址
debug1:正在尝试私钥:/root/.ssh/id\u dsa
debug1:正在尝试私钥:/root/.ssh/id\u ecdsa
debug1:不再尝试验证方法。
权限被拒绝(公钥)。
我在priv/public密钥上尝试了chmod 600和chmod 700,这没有帮助
有什么线索吗?有没有人成功地从docker的debian私人回购中获得go-get
go-get
正在尝试使用https,完全忽略ssh
您必须设置~/.netrc
:
ADD priv/.netrc /root/.netrc
其中netrc看起来像:
machine github.com login github-username password github-password
参考:
FROM golang
RUN apt-get update && apt-get install -y ca-certificates git-core ssh
ADD keys/my_key_rsa /root/.ssh/id_rsa
RUN chmod 700 /root/.ssh/id_rsa
RUN echo "Host github.com\n\tStrictHostKeyChecking no\n" >> /root/.ssh/config
RUN git config --global url.ssh://git@github.com/.insteadOf https://github.com/
ADD . /go/src/github.com/myaccount/myprivaterepo
RUN go get github.com/myaccount/myprivaterepo
RUN go install github.com/myaccount/myprivaterepo
详细说明一个人的
~/.netrc
答案,这就是我在linux上对Jenkins所做的:
FROM golang:1.6
ARG GITHUB_USER=$GITHUB_USER
ARG GITHUB_PASS=$GITHUB_PASS
# Copy local package files to the container's workspace.
ADD . /go/src/github.com/my-org/my-project
WORKDIR /go/src/github.com/my-org/my-project/
# Build application inside the container.
RUN echo "machine github.com\n\tlogin $GITHUB_USER\n\tpassword $GITHUB_PASS" >> ~/.netrc && \
go get github.com/tools/godep && \
go get github.com/onsi/ginkgo/ginkgo && \
godep restore && \
ginkgo -r --randomizeAllSpecs --randomizeSuites --failOnPending && \
godep go install && \
rm -f ~/.netrc
ENTRYPOINT /go/bin/my-project
EXPOSE 8080
docker build命令是:
docker build \
--build-arg GITHUB_USER=xxxxx \
--build-arg GITHUB_PASS=yyyyy \
-t my-project .
这两个ARG
指令映射了--build ARG
s,以便docker可以在Dockerfile中使用它们
运行的第一行和最后一行创建并删除~/.netrc
在Jenkins中,我在build命令中使用了来自git pull的相同creds
在这个策略中,密码在docker构建过程中不会回显,也不会保存在docker映像的任何层上。还要注意的是,银杏测试结果会在构建过程中打印到控制台。在最新版本的golang(v1.11)中,现在有
引用消息来源:
模块是作为单个单元一起进行版本控制的相关Go包的集合。通常,单个版本控制存储库与单个模块完全对应
使用最新版本的golang将允许您拥有私有存储库中的依赖项。基本上,通过运行$go mod vendor
命令,将在本地为所有外部依赖项创建一个vendor
目录。现在,确保docker映像具有Golang v1.11,您将使用以下内容更新docker文件:
WORKDIR /<your repostiory>
COPY . ./
WORKDIR/
复制/
您是否以root用户身份运行go-get
命令?您应该在您的用户帐户中使用go-get
,并将您的密钥存储在/home/yourAccount
中。是否要像在帮助中一样检查权限和共享首选项?谢谢您的帮助。问题是-在我的机器(Mac)上,go-get可以很好地使用私有回购(身份验证进行得很顺利)。这个问题只发生在我正在处理的debian docker映像上。另外,请注意,在go-get偶合发生之前就观察到了错误(ssh keyscan输出显示有错误,正如我所发布的)。@orcamanread PEM private key done:type
可能是一个损坏的私钥。“go-get正在尝试使用https,完全忽略ssh。”实际上,这可以通过运行git config--global url来修复。"git@github.com:“.代替”https://github.com“
这个解决方案的问题是它要求我的私有ssh密钥是cop
docker build \
--build-arg GITHUB_USER=xxxxx \
--build-arg GITHUB_PASS=yyyyy \
-t my-project .
WORKDIR /<your repostiory>
COPY . ./