假设

tag-icon tag-icon amazon-web-services
假设

背景

回购:

  • myrepo,在自托管的 gitlab 服务器中,在私人仓库中(已测试)部署密钥
  • mainrepo,在自托管的 gitlab 服务器中,在私有 repo 中运行良好。

它的 package.json 引用myrepo如下:

"dependencies": {
    "myrepo": "git+ssh://[email protected]:myusernamespace/myrepo.git"
}

mainrepo已毫无问题地部署到 AWS Elastic beanstalk 实例。

问题

问题是 Elastic beanstalk 实例上的构建过程失败,因为它没有访问 gitlab 服务器的权限

错误详情

在 AWS Web UI 日志中

2016-02-04 13:36:59 UTC+0000    ERROR   During an aborted deployment, some instances may have deployed the new application version. To ensure all instances are running the same version, re-deploy the appropriate application version.
2016-02-04 13:36:59 UTC+0000    ERROR   Failed to deploy application.
2016-02-04 13:36:58 UTC+0000    ERROR   Unsuccessful command execution on instance id(s) 'i-111111f'. Aborting the operation.
2016-02-04 13:36:58 UTC+0000    INFO    Command execution completed on all instances. Summary: [Successful: 0, Failed: 1].
2016-02-04 13:36:58 UTC+0000    ERROR   [Instance: i-111111f] Command failed on instance. Return code: 1 Output: [CMD-AppDeploy/AppDeployStage0/AppDeployPreHook/50npm.sh] command failed with error code 1: /opt/elasticbeanstalk/hooks/appdeploy/pre/50npm.sh + /opt/elasticbeanstalk/containerfiles/ebnode.py --action npm-install npm ERR! git clone [email protected]:myusernamespace/myrepo.git Cloning into bare repository '/tmp/.npm/_git-remotes/git-git-myhost-com-myysername-myrepo-git-99d4209c'... npm ERR! git clone [email protected]:myusernamespace/myrepo.git Host key verification failed. npm ERR! git clone [email protected]:myusernamespace/myrepo.git fatal: Could not read from remote repository. npm ERR! git clone [email protected]:myusernamespace/myrepo.git npm ERR! git clone [email protected]:myysername/ref.

nodejs.log

353 error Host key verification failed.
353 error fatal: Could not read from remote repository.
353 error
353 error Please make sure you have the correct access rights
353 error and the repository exists.

之前的工作

为了让 Gitlabs 通过 ssh 提供存储库,我向 Gitlabs 添加了公共 ssh 密钥部署密钥对于项目(以及已验证的密钥)git clone [email protected]:myusernamespace/myrepo.git

01_authorized_keys.config然后,为了允许 Elastic beanstalk 访问 Gitlab,我通过创建以下内容将相同的公钥添加到环境中ebextensions

files:
  /home/ec2-user/.ssh/authorized_keys:
    mode: "000400"
    owner: ec2-user
    group: ec2-user
    content: |
      ssh-rsa AAAA{...the existing eb authorized_keys...} existing_authorized_keys_name
      ssh-rsa AAAA{...gitlab.pub...} [email protected]

但它失败了:(

尝试过的替代方案

我尝试过的其他方法:

  • authorized_keys通过按如下方式设置按键这个答案
  • 将已经在authorized_keys中的公钥添加到Gitlabs部署列表中。

假设

  • eb deploy即便不是,也会使用 ebextensions
  • 我应该将公钥添加到 EB 实例
  • 我还没有设置另一个测试实例来仅使用 gitlab 部署密钥构建整个项目,所以我假设如果 gitlab 部署密钥手动工作,它们将通过 npm 工作。

相关内容