Ansible Docker Container - Clone Private Repo

1
votes

I am trying to clone a private repository from BitBucket in a Docker container (with Ansible). I just want to try and get this working, so I copied my public and private key into the container. I then run the following (FWICT this is a simplied version on the Ansible command):

docker exec -i web git clone [email protected]:user/repo.git

And I get this:

Cloning into 'repo'...
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

As a side note, if I run:

docker exec -i -t web git clone [email protected]:user/repo.git

I get a TTY and I get prompted for the SSH private key password (can't seem to do this with Ansible) and the repo gets cloned.

So the question is, how can I clone a private repository within a Docker container without -t? Or does anyone know how to clone a private repo in a container with Ansible?

1
dockeransible
It sounds like you haven't configured your key correctly - have you set the relevant permissions on ~/.ssh and ~/.ssh/id_rsa inside the container? (FWIW you might consider just mounting ~/.ssh, rather than copying the content.) - Oliver Charlesworth
Both id_rsa and id_rsa.pub are 400, so I don't think permissions is the issue unfortunately! Mounting does sound like a better idea though. - ellioseven
Is there a reason why you need password protected key for this? You may try to use ansible expect module to handle this. - Konstantin Suvorov

1 Answers

1
votes

I managed to find a work around by using SSH Agent forwarding (http://dchua.com/2016/01/15/ssh-agent-forwarding-with-your-docker-container) in my task like so: 

- set_fact:
    ssh_auth_sock: "{{ lookup('env','SSH_AUTH_SOCK') }}"

- name: Create container
  docker_container:
    name: "my_container"
    image: "my_image"
    ports: 
      - 80
    volumes:
      - "{{ playbook_dir }}/www:/var/www"
      - "{{ ssh_auth_sock }}:/ssh-agent"
    env:
      SSH_AUTH_SOCK: /ssh-agent

- name: Add container to inventory
  add_host:
    name: "web"
    ansible_connection: docker

- name: Clone Repository
  git:
    repo: "[email protected]:user/repo.git"
    dest: "/var/www/html"
    accept_hostkey: true
  delegate_to: "web"