I am using Chef, invoked by Capistrano.
There is a directive to clone a repository using git.
git node['rails']['rails_root'] do
repository "git#myrepo.com:/myproj.git"
reference "master"
action :sync
user node['rails']['rails_user']
group node['rails']['rails_group']
end
When it gets to this point, I get:
** [out :: 10.1.1.1] STDERR: Host key verification failed.
So, I need to add a "known_hosts" entry. No problem. But to which user? The core of my problem is that I have no idea which user is executing what commands, and if they are invoking sudo, etc.
I've run keyscan to populate the known_hosts of root, and the user I ssh in as, to no avail.
Note, this git repo is read-protected, and requires ssh key access.
Another way to solve https://github.com/opscode-cookbooks/ssh_known_hosts
this worked for me
You can use an ssh wrapper approach. Look here for details.
Briefly do the following steps
First, create a file in the cookbooks/COOKBOOK_NAME/files/default directory that is named wrap-ssh4git.sh and which contains the following:
#!/usr/bin/env bash
/usr/bin/env ssh -o "StrictHostKeyChecking=no" $1 $2
Then, use the following block for your deployment:
directory "/tmp/private_code/.ssh" do
owner "ubuntu"
recursive true
end
cookbook_file "/tmp/private_code/wrap-ssh4git.sh" do
source "wrap-ssh4git.sh"
owner "ubuntu"
mode 00700
end
deploy "private_repo" do
repo "git#github.com:acctname/private-repo.git"
user "ubuntu"
deploy_to "/tmp/private_code"
action :deploy
ssh_wrapper "/tmp/private_code/wrap-ssh4git.sh"
end
The git repository will be cloned as user node['rails']['rails_user'] (via https://docs.chef.io/resource_git.html) - I assume that users known_hosts file is the one you have to modify.
I have resolved this issue as below
_home_dir = nil
node['etc']['passwd'].each do |user, data|
if user.eql? node['jenkins']['username']
_home_dir = data['dir']
end
end
key_config ="Host *\n\tStrictHostKeyChecking no\n"
file "#{_home_dir}/.ssh/config" do
owner node['jenkins']['username']
group node['jenkins']['username']
mode "0600"
content key_config
end
Related
Now I forget the fastlane match password, I did not have any way to find out what is the password. So I want to reset the password using this command(I get this way from https://github.com/fastlane/fastlane/issues/6297):
fastlane match nuke distribution
but still tell me to input the Passphrase for Match storage:
$ fastlane match nuke distribution ‹ruby-2.7.2›
[✔] 🚀
[12:21:55]: fastlane detected a Gemfile in the current directory
[12:21:55]: However, it seems like you didn't use `bundle exec`
[12:21:55]: To launch fastlane faster, please use
[12:21:55]:
[12:21:55]: $ bundle exec fastlane match nuke distribution
[12:21:55]:
[12:21:55]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
[12:21:56]: In the config file './fastlane/Matchfile' you have the line git_url, but didn't provide any value. Make sure to append a value right after the option name. Make sure to check the docs for more information
[12:21:56]: In the config file './fastlane/Matchfile' you have the line username, but didn't provide any value. Make sure to append a value right after the option name. Make sure to check the docs for more information
[12:21:56]: Successfully loaded '/Users/dolphin/Documents/GitHub/flutter-netease-music/ios/fastlane/Matchfile' 📄
+-----------------+---------------------------+
| Detected Values from './fastlane/Matchfile' |
+-----------------+---------------------------+
| git_branch | master |
| storage_mode | git |
| type | adhoc |
| app_identifier | ["com.reddwarf.musicapp"] |
+-----------------+---------------------------+
Available session is not valid any more. Continuing with normal login.
[12:21:59]: To not be asked about this value, you can specify it using 'git_url'
[12:21:59]: URL to the git repo containing all the certificates: https://github.com/jiangxiaoqiang/music-certificate.git
[12:22:19]: Cloning remote git repo...
[12:22:19]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
[12:22:21]: Checking out branch master...
[12:22:21]: Enter the passphrase that should be used to encrypt/decrypt your certificates
[12:22:21]: This passphrase is specific per repository and will be stored in your local keychain
[12:22:21]: Make sure to remember the password, as you'll need it when you run match on a different machine
[12:22:21]: Passphrase for Match storage: ******
[12:22:31]: Type passphrase again: ******
[12:22:33]: wrong final block length
[12:22:33]: Couldn't decrypt the repo, please make sure you enter the right password!
keychain: "/Users/dolphin/Library/Keychains/jiangxiaoqiang-db"
version: 512
class: "inet"
attributes:
0x00000007 <blob>="match_https://github.com/jiangxiaoqiang/music-certificate.git"
0x00000008 <blob>=<NULL>
"acct"<blob>=<NULL>
"atyp"<blob>="dflt"
"cdat"<timedate>=0x32303231303831383034323233335A00 "20210818042233Z\000"
"crtr"<uint32>=<NULL>
"cusi"<sint32>=<NULL>
"desc"<blob>=<NULL>
"icmt"<blob>=<NULL>
"invi"<sint32>=<NULL>
"mdat"<timedate>=0x32303231303831383034323233335A00 "20210818042233Z\000"
"nega"<sint32>=<NULL>
"path"<blob>=<NULL>
"port"<uint32>=0x00000000
"prot"<blob>=<NULL>
"ptcl"<uint32>=0x00000000
"scrp"<sint32>=<NULL>
"sdmn"<blob>=<NULL>
"srvr"<blob>="match_https://github.com/jiangxiaoqiang/music-certificate.git"
"type"<uint32>=<NULL>
password has been deleted.
[12:22:33]: Enter the passphrase that should be used to encrypt/decrypt your certificates
[12:22:33]: This passphrase is specific per repository and will be stored in your local keychain
[12:22:33]: Make sure to remember the password, as you'll need it when you run match on a different machine
[12:22:33]: Passphrase for Match storage:
I really did not remember the password, I just remember the password I was set the password is very simple, but after I input it tell me incorrect. what should I do to reset the password or find the password? I have tried to delete all certificate files to regerneate the certificate info but still need to input Passphrase for Match storage.
you need to create a new git repo and update your Matchfile with that newly created repo URL.
Then you should be able to run without entering any Passphrase
bundle exec fastlane match nuke distribution
Please feel free to open discussion here, if you still having issue
https://github.com/fastlane/fastlane/discussions
my main.tf file looks like below
module "sql_vms" {
source = "git::https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com/sampleuser/my_code/_git/terraform_modules.git//compute"
rg_name = var.resource_group_name
location = module.resource_group.external_rg_location
vnet_name = var.virtual_network_name
subnet_name = var.sql_subnet_name
app_nsg = var.application_nsg
vm_count = var.count_vm
base_hostname = var.sql_host_basename
sto_acc_suffix = var.storage_account_suffix
vm_size = var.virtual_machine_size
vm_publisher = var.virtual_machine_image_publisher
vm_offer = var.virtual_machine_image_offer
vm_sku = var.virtual_machine_image_sku
vm_img_version = var.virtual_machine_image_version
username = var.username
password = var.password
}
The modules are in same repo, technically not right but for now, I want to use the Azure repo which has a terraform module and creates multiple VM's from TF modules.
I get the error like below
2020-08-23T02:27:38.1439274Z [command]/usr/local/bin/terraform init -backend-config=storage_account_name=stoaccautomationnonprod -backend-config=container_name=stoacccon01nonprod -backend-config=key=nonprod.tfstate -backend-config=resource_group_name=automation -backend-config=arm_subscription_id=cc800481-b728-4d8f-81be-e80b955d346e -backend-config=arm_tenant_id=*** -backend-config=arm_client_id=*** -backend-config=arm_client_secret=***
2020-08-23T02:27:38.1441494Z [0m[1mInitializing modules...[0m
2020-08-23T02:27:38.1442513Z Downloading git::https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com/sampleuser/my_code/_git/terraform_modules.git for sql_vms...
2020-08-23T02:27:38.1443347Z [31m
2020-08-23T02:27:38.1444113Z [1m[31mError: [0m[0m[1mFailed to download module[0m
2020-08-23T02:27:38.1444608Z
2020-08-23T02:27:38.1445408Z [0mCould not download module "sql_vms" (main.tf:1) source code from
2020-08-23T02:27:38.1446189Z "git::https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com/sampleuser/my_code/_git/terraform_modules.git":
2020-08-23T02:27:38.1446845Z error downloading
2020-08-23T02:27:38.1447746Z 'https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com/sampleuser/my_code/_git/terraform_modules.git':
2020-08-23T02:27:38.1448669Z /usr/bin/git exited with 128: Cloning into '.terraform/modules/sql_vms'...
2020-08-23T02:27:38.1449408Z fatal: could not read Password for
2020-08-23T02:27:38.1450157Z 'https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com':
2020-08-23T02:27:38.1450684Z terminal prompts disabled
2020-08-23T02:27:38.1450936Z
2020-08-23T02:27:38.1451324Z [0m[0m
2020-08-23T02:27:38.1451716Z [31m
2020-08-23T02:27:38.1452230Z [1m[31mError: [0m[0m[1mFailed to download module[0m
2020-08-23T02:27:38.1452525Z
2020-08-23T02:27:38.1453109Z [0mCould not download module "sql_vms" (main.tf:1) source code from
2020-08-23T02:27:38.1454386Z "git::https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com/sampleuser/my_code/_git/terraform_modules.git":
2020-08-23T02:27:38.1454903Z error downloading
2020-08-23T02:27:38.1456723Z 'https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com/sampleuser/my_code/_git/terraform_modules.git':
2020-08-23T02:27:38.1457540Z /usr/bin/git exited with 128: Cloning into '.terraform/modules/sql_vms'...
2020-08-23T02:27:38.1458063Z fatal: could not read Password for
2020-08-23T02:27:38.1458813Z 'https://iuclk3yjmv7qgglu3igkgxffacc2pzsv7nyhs44wmsjnrvccctaq#dev.azure.com':
2020-08-23T02:27:38.1459301Z terminal prompts disabled
2020-08-23T02:27:38.1459470Z
2020-08-23T02:27:38.1459765Z [0m[0m
2020-08-23T02:27:38.1459896Z
2020-08-23T02:27:38.1496541Z ##[error]Terraform command 'init' failed with exit code '1'.: Failed to download module | Failed to download module
2020-08-23T02:27:38.1786437Z ##[section]Finishing: terraform init
I was thinking to use SSH instead of HTTPS with PAT Token, unfortunately I couldn't figure it out how to add public key on Microsoft agent?
Please assist
When using the SSH key to pull the Terraform modules, you need to generate the SSH key yourself. And then create an SSH Key in the DevOps:
And then you need to upload the private key in the pipeline variable group as secure files and add the step to install the SSH in your agent. The Install SSH in an agent job like this:
Get more details about use SSH to pull the remote Terraform module.
My gitlab CI pipeline is setup to run maven tests from a docker image created from my maven project.
I have tested the pipeline on my master branch and it worked fine and ran the test.
However I have created a new feature branch and now running the pipeline yet again, however I now get this error
error checking push permissions -- make sure you entered the correct tag name, and that you are authenticated correctly, and try again: getting tag for destination: repository can only contain the runes `abcdefghijklmnopqrstuvwxyz0123456789_-./`: it2901/cs344-maven:feature/produce-allocation-pdf
ERROR: Job failed: command terminated with exit code 1
I can't seem to pinpoint the problem at all. I have also pushed the tag: tut3 to the feature branch as well.
Here is my .gitlab-ci.yml: https://controlc.com/7a94a00f
Based on what you shared, you have this configured:
VERSIONLABELMETHOD: "tut3" # options: "","LastVersionTagInGit"
It should be either:
VERSIONLABELMETHOD: ""
or
VERSIONLABELMETHOD: "LastVersionTagInGit"
or
VERSIONLABELMETHOD: "OnlyIfThisCommitHasVersion"
When you specify "tut3", the script takes it as if it was "" (empty string). Assuming you didn't define $VERSIONLABEL anywhere $ADDITIONALTAGLIST will also be empty.
And later in the code you can see that this gets executed:
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then ADDITIONALTAGLIST="$ADDITIONALTAGLIST latest"; fi
Assuming $CI_DEFAULT_BRANCH is set to master if you use a separate branch mybranch the code above won't get executed so it's likely that the Kaniko command line doesn't have any a neither a valid $FORMATTEDTAGLIST or $IMAGE_LABELS.
You can debug by seeing their output on the script which is happening at the end before calling Kaniko:
...
echo $FORMATTEDTAGLIST
echo $IMAGE_LABELS
mkdir -p /kaniko/.docker
...
A hack would be to override $CI_DEFAULT_BRANCH with your custom branch.
✌️
I have a project that will require reading a local repo and collecting the diff from the most recent commit and the one before it. I then need to do additional work with those diffs (add to an existing log file, make available for tech writers to edit existing API docs with the changes - might Slack them or API into Jira and build a ticket (like that option as it leaves a trail).
I can do the yeoman level work in an AppleScript, calling shell scripts when needed then parsing the data, and passing the cleaned data to the various applications/sites I need to. But other, less technical people will also be using this app and it would be nice to give them a simple UI to work with.
Anyway, after much digging through the Google, SO and other sources I was able to get a MacOS app working that can call an AppleScript and now I've run into a wall...
I can run this AppleScript from Script Editor and it works fine:
set strGitLog to do shell script "cd ~/Desktop/xxxxxx/Projects/UnifiedSDK/Repo/xxxxxx && git log -p -- file1.html"
"commit c39c6bb004d2e104b3f8e15a6125e3d68a5323ef
Author: Steve <xxxxxx#xxxxxx.com>
Date: Tue Oct 22 15:42:13 2019 -0400
Added deprecation warning to file1
diff --git a/file1.html b/file1.html
index b7af22b..9fdc781 100644
--- a/file1.html
+++ b/file1.html
## -51,6 +51,8 ##
<h2>Class Description</h2>
<p style=\"margin-bottom:10px;\">This is the description of the class</p>
+ <p style=\"margin-bottom:10px;\">Warning: This class is scheduled to be deprecated.</p>
+
<h3>Arguments:</h3>
<p style=\"margin-bottom:10px;\">These are the arguments that the class accepts</p>
...
but, if I place this script within a MacOS application:
script gitMessenger
property parent : class "NSObject"
to readMessage()
set strGitLog to do shell script "cd ~/Desktop/xxxxxx/Projects/UnifiedSDK/Repo/xxxxxx && git log -p -- file1.html"
log strGitLog
end readMessage
end script
I get this error message in the log:
fatal: Unable to read current working directory: Operation not permitted (error 128)
Which after checking seems to be a Git permissions error. If I pwd I am pointing to the right directory:
/Users/xxxxxx/Library/Containers/xxxxxx.GitMessenger/Data/Desktop/xxxxxx/Projects/UnifiedSDK/Repo/xxxxxx
and that directory has git initiated on it:
and it has permission for read/write to everyone. So I am a little at a loss right now how to get this to work. Any help or suggestions would be appreciated.
The quotation below is the instruction to contribute to brew-cask. However, I could not understand the sentence: github_user='<my-github-username>', I do not know whether should I input <>, and what is the github_user?
There is one email address, two names for one single GitHub account. What is more, when I input the last sentence: cask-repair --pull origin --push $github_user $outdated_cask. There is 2 errors: the requested upstream branch 'Andy1984' does not exist, and
Error creating pull request: Unprocessable Entity (HTTP 422)
Invalid value for "head"
and the result is There was an error submitting the pull request. Have you forked the repo and made sure the pull and push remotes exist? I am quite sure I followed the instructions. What is wrong?
# install and setup script - only needed once
brew install vitorgalvao/tiny-scripts/cask-repair
cask-repair --help
# fork homebrew-cask to your account - only needed once
cd "$(brew --repository)/Library/Taps/caskroom/homebrew-cask/Casks"
hub fork
# use to update <outdated_cask>
outdated_cask='<the-cask-i-want-to-update>'
github_user='<my-github-username>'
cd "$(brew --repository)/Library/Taps/caskroom/homebrew-cask/Casks"
cask-repair --pull origin --push $github_user $outdated_cask
According to the documentation you can also use a script to push new version of an existing cask.
Check: https://github.com/caskroom/homebrew-cask/blob/master/CONTRIBUTING.md#updating-a-cask
# install and setup script - only needed once
brew install vitorgalvao/tiny-scripts/cask-repair
cask-repair --help
# use to update <outdated_cask>
cask-repair <outdated_cask>