0

I'm in the process of setting up Vagrant+Puppet for a project at work. We use Composer to manage all of our dependencies. One project has a dependancy that we created that's stored on a private GitHub repository.

I've got everything else set up with Vagrant & Puppet. It installs the proper version of PHP, downloads and installs Composer, and attempts to run Composer. I say 'attempts', because the "composer install" step never works -- we have to use 'vagrant ssh' to get into the machine after it's provisioned and run "composer install" ourselves.

I've got SSH agent forwarding turned on in the Vagrantfile.

Is there something special I need to do to have Puppet run as a user that has access to the SSH key required to clone the GitHub repository? I'd rather not have Vagrant copy the key into the VM ( or mount a specific directory ) because that might not work across all host OSes ( we do have a few people who develop on a Windows machine, and "~/.ssh" won't work there -- I think ).

Any thoughts on how I can resolve this issue?

Sean Hagen
  • 752
  • 10
  • 30

1 Answers1

1

If the SSH key is not available to the machine when installing with composer, and you cannot provide a different way of providing credentials to gain access to that repository, then it will not work.

I don't think your argument with "not copying the key into the machine" is valid, because you do control the OS inside the VM. You could place a working SSH key there.

Have a look at OAuth access via HTTPS, deployment keys or machine users: https://help.github.com/articles/managing-deploy-keys I think the deployment keys are the way to go with Composer.

Sven
  • 69,403
  • 10
  • 107
  • 109
  • With not copying the key, it's also due to the fact that the SSH key might not be in the same place, or even named the same across different developer machines or environments. What works for DevA on Linux may not work for DevB on OSX or DevC on Windows. – Sean Hagen Nov 27 '13 at 23:22
  • You should put in a key that works for every developer in readonly mode (if you fear the key gets lost and someone might push bad commits onto your repository) to make Composer work. You should not try to locate the developers personal key on the machine. You could make every developer give Vagrant the personal SSH key and use that, so everyone could decide to either log in manually, or have things done automatically. – Sven Nov 27 '13 at 23:47
  • Even if you need to have individual keys, you should get the developers to put their private key in the same directory as the `Vagrantfile` - this should be easy to enforce, and gives access to the key via `/vagrant/yourkey`. – xiankai Nov 28 '13 at 11:13