How to enable minion to connect to git repository using saltstack and capistrano

0
votes

I am trying to create run my rails application on ec2 using saltstack and capistrano.

Here's what I have successfully completed so far. Using salt cloud and salt master I am able to create a new minion instance and setup everything required for the application to run i.e. ruby, rails, unicorn, mysql etc.

I have done proper configuration for capistrano. when I try to deploy I see the following error.

DEBUG [ed84c6ab] Command: ( GIT_ASKPASS=/bin/echo GIT_SSH=/pathto/git-ssh.sh /usr/bin/env git ls-remote -h git@github.com:somehost/somerepo.git )
DEBUG [ed84c6ab]    Warning: Permanently added 'github.com,ip' (RSA) to the list of known hosts.
DEBUG [ed84c6ab]    Permission denied (publickey).
DEBUG [ed84c6ab]    fatal: Could not read from remote repository.
DEBUG [ed84c6ab]
DEBUG [ed84c6ab]    Please make sure you have the correct access rights
DEBUG [ed84c6ab]    and the repository exists.
DEBUG [ed84c6ab] Finished in 12.600 seconds with exit status 128 (failed).

So this means that from my local capistrano is able to connect to the minion but when it tries to checkout git repo it fails.

I know this is happening because the ssh public key of the minion is not added to the github.

so the goal is. run salt cloud to create instance run salt highstate to install everything required for app run capistrano deploy to start the application

I would like to automate github authorization process too. I mean once the minion is created the minion should be able to clone git repo without any manual intervention.

I am confused as to this can be done through capistrano or saltstack.

1
githubamazon-ec2capistranosalt-stack
How about pushing an already known ssh key to the minion? This can be done by saltstack. Alternatively you can create a "new personal access token" and use it for basic authentication over http(s): developer.github.com/v3/auth/#basic-authenticationahus1
so you mean private key on my local or master whose public key is available on github can be copied to other machine?bitkot
Copying your SSH key is a possible option. The other option with the personal access token plus HTTP Basic authentication will give you fine grained access controls over what your minion or master can do (i.e. read only access for the github repo). All this information should be securely stored in a pillar if you don't want other minions to access it.ahus1

1 Answers

0
votes

I used github ssh forwarding to achieve this. Here's the changes I made.

Steps to enable ssh forwarding for github

Then in capistrano deploy.rb file configure ssh forwarding by adding forward_agent: true

set :ssh_options, {
 user: 'user',
 auth_methods: %w(publickey),
 port: <some port>,
 forward_agent: true
}