Python AWS ECS中的Git克隆私有回购
我正在尝试下载我组织中的所有私人回购协议。 我有一个脚本,我想使用Fargate每天运行一次。 运行时遇到的问题如下:Python AWS ECS中的Git克隆私有回购,python,git,amazon-web-services,docker,aws-fargate,Python,Git,Amazon Web Services,Docker,Aws Fargate,我正在尝试下载我组织中的所有私人回购协议。 我有一个脚本,我想使用Fargate每天运行一次。 运行时遇到的问题如下: Warning: Permanently added the RSA host key for IP address '192.30.253.113' to the list of known hosts. Permission denied (publickey). fatal: Could not read from remote repository. Please ma
Warning: Permanently added the RSA host key for IP address '192.30.253.113' to the list of known hosts.
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
我理解错误,并在dockerfile中向映像添加ssh密钥:
FROM python:3.6
RUN mkdir /backup
WORKDIR /backup
ADD . /backup/
RUN mkdir /root/.ssh/
ADD id_rsa /root/.ssh/id_rsa
RUN chmod 400 /root/.ssh/id_rsa
RUN python3 -m pip install -r requirements.txt
这是我尝试下载所有repo并将其上载到S3 bucket的脚本:
TOKEN = os.environ['TOKEN']
DATE = str(date.today())
def archive(zipname, directory):
return shutil.make_archive(zipname, 'zip', root_dir=directory,
base_dir=None)
def assume_role(role_to_assume, duration=900):
sts_client = boto3.client('sts')
assumed_role = sts_client.assume_role(
RoleArn=role_to_assume,
RoleSessionName='session',
DurationSeconds=duration
)
credentials = assumed_role['Credentials']
return (credentials['AccessKeyId'], credentials['SecretAccessKey'],
credentials['SessionToken'])
def upload_to_s3(key, file_name, access_role):
access_key, secret_key, session_token = assume_role(access_role)
s3 = boto3.resource(
's3',
aws_access_key_id=access_key,
aws_secret_access_key=secret_key,
aws_session_token=session_token
)
s3.Bucket('zego-github-backup').put_object(
Key=key,
Body=file_name
)
print('Uploaded')
def login_github():
g = Github(TOKEN)
org = g.get_organization("Organisation").get_repos()
role = "arn:aws:iam::7893729191287:role/Github_backup"
for repo in org:
repo_name = repo.name
key = f"{repo_name} {DATE}.zip"
ssh_url = repo.ssh_url
os.system(f"GIT_SSH_COMMAND=\"ssh -o StrictHostKeyChecking=no\" git clone --depth 1 {ssh_url}")
archive(f"{repo_name} {DATE}", repo_name)
archived_file = open(key, 'rb')
upload_to_s3(key, archived_file, role)
shutil.rmtree(repo_name)
os.remove(f"{repo_name} {DATE}.zip")
print("Done")
login_github()
我做错了什么?或者我遗漏了一些步骤?不确定我是否遗漏了脚本中的任何内容,但我没有看到您在任何地方启动ssh代理,然后向其中添加密钥 从 希望这有帮助 添加“chmod 700/root/.ssh/”——这不会解决您的问题,但是最佳实践。该错误意味着包含私钥的密钥对(id_rsa)与另一端存储的公钥不匹配。
$ eval "$(ssh-agent -s)"
$ ssh-add /root/.ssh/id_rsa