Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for identity password over environment file #5

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Support for identity password over environment file #5

wants to merge 2 commits into from

Conversation

cocox
Copy link

@cocox cocox commented Jan 2, 2018

I have modified the image so it can read password from files. It is usefull for using docker composer secrets.
@nardeas
Copy link
Owner

nardeas commented Jan 3, 2018

Thanks, this looks pretty useful. Didn't yet have time to review fully and I have to test it myself first but I might have time to do it on the weekend.
@pquerner
Copy link

This doesnt fix the README, does it?
@pquerner
Copy link 

ssh-agent-load_1_6dbeb216e1c3 | Copying host SSH keys and setting proper permissions...
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./config' -> '/root/.ssh/./config'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./id_rsa' -> '/root/.ssh/./id_rsa'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./id_rsa.pub' -> '/root/.ssh/./id_rsa.pub'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./id_rsa.filezilla.ppk' -> '/root/.ssh/./id_rsa.filezilla.ppk'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./known_hosts' -> '/root/.ssh/./known_hosts'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/.' -> '/root/.ssh/.'
ssh-agent-load_1_6dbeb216e1c3 | Executing: /ssh-add-pass.sh  git_key /run/secrets/ssh_key
ssh-agent-load_1_6dbeb216e1c3 | cat: read error: Is a directory
ssh-agent-load_1_6dbeb216e1c3 | spawn ssh-add git_key
ssh-agent-load_1_6dbeb216e1c3 | git_key: No such file or directory
ssh-agent-load_1_6dbeb216e1c3 | send: spawn id exp3 not open
ssh-agent-load_1_6dbeb216e1c3 |     while executing
ssh-agent-load_1_6dbeb216e1c3 | "send "\r""

version: "3.1"

services:
  web:
    image: nginx:latest
    ports:
    - "80:80"
    volumes:
    - ${PWD}/code:/code
    - ${PWD}/site.conf:/etc/nginx/conf.d/site.conf
    links: [php]

  ssh-agent-load:
    image: docker-ssh-agent
    environment:
      DEBUG: 1
    depends_on:
    - ssh-agent
    volumes:
    - ~/.ssh:/.ssh
    - sshagent:/.ssh-agent
    command: ssh-add-pass git_key /run/secrets/ssh_key
    secrets:
    - ssh_key

  ssh-agent:
    image: docker-ssh-agent
    volumes:
    - sshagent:/.ssh-agent
  ssh-agent-list:
    image: docker-ssh-agent
    environment:
      DEBUG: 1
    depends_on:
    - ssh-agent
    volumes:
    - sshagent:/.ssh-agent
    command: ssh-add-list

  composer:
    image: composer
    command: install
    environment:
    - SSH_AUTH_SOCK=/.ssh-agent/socket
    volumes:
    - ${PWD}/code:/app
    - sshagent:/.ssh-agent
    depends_on:
    - ssh-agent-load

  php:
    image: php:7-fpm
    volumes:
    - ${PWD}/code:/code
    depends_on:
    - ssh-agent

secrets:
  ssh_key:
    file: ssh_keytxt

volumes:
  sshagent:

./code/composer.json has some dependencies to propertary software which runs on a selfhosted Bitbucket instance with no public repositories. (Therefore need authentification which is done with ssh key)
@pquerner
Copy link

ssh-add-pass /.ssh/id_rsa /run/secrets/ssh_key/git_key

and on my host the git_key file has the ssh password to load the ssh_key.
Seems to be working fine, however its still not passed on to the other container. :(

ssh-agent-list_1_bbea708e33b7 | 2048 SHA256:KBfq4X0OfzwrQYekTGntXUvAXtkkI4tj5IfxgGnh6LY /.ssh/id_rsa (RSA)
ssh-agent-load_1_6dbeb216e1c3 | Copying host SSH keys and setting proper permissions...
php_1_1c36a2eb98ba | [21-Nov-2018 15:43:28] NOTICE: fpm is running, pid 1
composer_1_86ab27e06c6e | Loading composer repositories with package information
php_1_1c36a2eb98ba | [21-Nov-2018 15:43:28] NOTICE: ready to handle connections
composer_1_86ab27e06c6e | Installing dependencies (including require-dev) from lock file
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./config' -> '/root/.ssh/./config'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./id_rsa' -> '/root/.ssh/./id_rsa'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./id_rsa.pub' -> '/root/.ssh/./id_rsa.pub'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./id_rsa.filezilla.ppk' -> '/root/.ssh/./id_rsa.filezilla.ppk'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/./known_hosts' -> '/root/.ssh/./known_hosts'
ssh-agent-load_1_6dbeb216e1c3 | '/.ssh/.' -> '/root/.ssh/.'
ssh-agent-load_1_6dbeb216e1c3 | Executing: /ssh-add-pass.sh  /.ssh/id_rsa /run/secrets/ssh_key/git_key
composer_1_86ab27e06c6e | Package operations: 20 installs, 0 updates, 0 removals
ssh-agent-load_1_6dbeb216e1c3 | spawn ssh-add /.ssh/id_rsa
cd_docker_ssh-agent-list_1_bbea708e33b7 exited with code 0
ssh-agent-load_1_6dbeb216e1c3 | Enter passphrase for /.ssh/id_rsa: 
ssh-agent-load_1_6dbeb216e1c3 | Identity added: /.ssh/id_rsa (/.ssh/id_rsa)
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug1: cleanup_socket: cleanup
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 17
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | Creating a proxy socket...
ssh-agent_1_6f7259a3e7b4 | Launching ssh-agent...
ssh-agent_1_6f7259a3e7b4 | debug2: fd 3 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | SSH_AUTH_SOCK=/.ssh-agent/socket; export SSH_AUTH_SOCK;
ssh-agent_1_6f7259a3e7b4 | echo Agent pid 1;
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 17
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 11
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
ssh-agent_1_6f7259a3e7b4 | debug2: fd 4 setting O_NONBLOCK
ssh-agent_1_6f7259a3e7b4 | debug1: type 17
ssh-agent_1_6f7259a3e7b4 | debug1: XXX shrink: 3 < 4
cd_docker_ssh-agent-load_1_6dbeb216e1c3 exited with code 0
composer_1_86ab27e06c6e |   - Installing xxxxx(dev-master master): Cloning master
composer_1_86ab27e06c6e | 
composer_1_86ab27e06c6e |                                                                                                                                                                                                                                                                                                                 
composer_1_86ab27e06c6e |   [RuntimeException]                                                                                                                                                                                                                                                                                            
composer_1_86ab27e06c6e |   Failed to execute git clone --no-checkout 'ssh://git@xxxx:7999/xxx/xxx.git' '/app/web/typo3conf/ext/xxxx' && cd '/app/web/typo3conf/ext/xxxx' && git remote add composer 'ssh://git@xxxx.de:7999/xxxx/xxx.git' && git fetch composer  
composer_1_86ab27e06c6e |                                                                                                                                                                                                                                                                                                                 
composer_1_86ab27e06c6e | 
composer_1_86ab27e06c6e | install [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--no-suggest] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--apcu-autoloader] [--ignore-platform-reqs] [--] [<packages>]...
composer_1_86ab27e06c6e | 
cd_docker_composer_1_86ab27e06c6e exited with code 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
3 participants
@cocox @nardeas @pquerner