Chef, Vagrant and private git cloning

Question

i have acces to git repo on host, and i have a Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "ubuntu14.04"
  config.vm.box_url = "https://cloud-images.ubuntu.com/vagrant/trusty/current/trusty-server-cloudimg-amd64-    vagrant-disk1.box"
  config.vm.provider "virtualbox" do |vb|
    vb.memory = 1024
    vb.cpus = 2
  end
  config.ssh.forward_agent = true
  config.vm.provision :chef_solo do |chef|
  # chef.log_level = :debug
    chef.cookbooks_path = "./cookbooks"
    chef.add_recipe "git_sync"
  end
end

if i run vagrant and ssh into it, i could also git clone my private repo, (recipe "install_pkgs" is to install git on vm) but the pecipe "git_sync" gets an error like:

[2015-05-08T18:40:26+00:00] ERROR: Running exception handlers
[2015-05-08T18:40:26+00:00] ERROR: Exception handlers complete
[2015-05-08T18:40:26+00:00] FATAL: Stacktrace dumped to /var/chef/cache/chef-stacktrace.out
[2015-05-08T18:40:26+00:00] ERROR: git[/home/vagrant/geomongo] (git_sync::default line 1) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '128'
---- Begin output of git ls-remote "git@bitbucket.org:galiaf95/test.git" HEAD ----
STDOUT: 
STDERR: Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
---- End output of git ls-remote "git@bitbucket.org:galiaf95/test.git" HEAD ----
Ran git ls-remote "git@bitbucket.org:galiaf95/test.git" HEAD returned 128

================================================================================
Error executing action `sync` on resource 'git[/home/vagrant/geomongo]'
================================================================================


Mixlib::ShellOut::ShellCommandFailed
------------------------------------
Expected process to exit with [0], but received '128'
---- Begin output of git ls-remote "git@bitbucket.org:galiaf95/test.git" HEAD ----
STDOUT: 
STDERR: Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
---- End output of git ls-remote "git@bitbucket.org:galiaf95/test.git" HEAD ----
Ran git ls-remote "git@bitbucket.org:galiaf95/test.git" HEAD returned 128


Resource Declaration:
---------------------
# In /tmp/vagrant-chef-1/chef-solo-1/cookbooks/git_sync/recipes/default.rb

  1: git "/home/vagrant/geomongo" do
  2:   # repository "git@bitbucket.org:osll/geomongo.git"  
  3:   # repository "https://github.com/galiaf95/test.git"
  4:   repository "git@bitbucket.org:galiaf95/test.git"
  5:   action :sync
  6: end


Compiled Resource:
------------------
# Declared in /tmp/vagrant-chef-1/chef-solo-1/cookbooks/git_sync/recipes/default.rb:1:in `from_file'

git("/home/vagrant/geomongo") do
  provider Chef::Provider::Git
  action [:sync]
  retries 0
  retry_delay 2
  destination "/home/vagrant/geomongo"
  revision "HEAD"
  remote "origin"
  cookbook_name :git_sync
  recipe_name "default"
  repository "git@bitbucket.org:galiaf95/test.git"
end



[2015-05-08T18:38:31+00:00] INFO: Forking chef instance to converge...
[2015-05-08T18:40:26+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)
Chef never successfully completed! Any errors should be visible in the
output above. Please fix your recipes so that they properly complete.

Here is my git_sync.rb recipe

git "/home/vagrant/geomongo" do"
  repository "git@bitbucket.org:galiaf95/test.git"
  action :sync
end

I'm new to chef and vagrant and it would be great to have some very comprehensive examples of how to clone private repo using chef.

Problem solved with this post https://stackoverflow.com/a/8191279/3564452 But can someone, please, discribe what's going on in this recipe and how this fixes my problem.

One of the first things you need to do before running any `git` commands is deploy an SSH key that's authorized on your git service, Bitbucket in this case. Until that's done, it won't be able to authenticate. — tadman, May 08 '15 at 19:13
You need to make sure they have the correct permissions set (0700 mode, for example) or SSH will ignore them. Try to ssh into the machine and execute the `git clone` command manually to test. — tadman, May 08 '15 at 19:49

score 0 · Answer 1 · answered May 08 '15 at 23:19

(I'm no chef expert, but I have a similar setup working with Salt...)

The issue is that when you log on, you set up the ssh known_host as the user "vagrant", and the SSH_AUTH_SOCK variable is set for that user too. When you run your Chef recipes in the provisioner, they run as root. So, you need to add your host to the /root/.ssh/known_hosts and also you need to edit /etc/sudoers to allow SSH_AUTH_SOCK to be passed through, something like so, although you'll obviously need to port my salt-call line to Chef.

config.vm.provision "setup-and-highstate", type: "shell" do |s|
    s.inline = <<SCRIPT
    grep -s SSH_AUTH_SOCK /etc/sudoers || echo 'Defaults        env_keep="SSH_AUTH_SOCK"' | (EDITOR="tee -a" visudo)
    ln -s /var/cache/salt/minion/extmods/outputters/ /var/cache/salt/minion/extmods/output
    salt-call --local 'ssh.set_known_host' 'root' enc='ecdsa' fingerprint='ff:ff:ff:23:b4:20:93:d1:2e:91:ff:3c:a8:ff' hostname='git.xxxx.yyyy.com'
SCRIPT
end

score 0 · Answer 2 · answered May 11 '15 at 05:23

With the error string Host key verification failed. to me it sounds like one of three things:

you didn't add your SSH keys to your BitBucket repository
the SSH key on your node is formatted incorrectly (a trailing space or newline for instance)
you didn't ssh-add your SSH key on your node

In regards to the HOSTS issue, you can use the ssh_known_hosts cookbook resource to add the git@bitbucket.org address prior to using the git resource.

Chef, Vagrant and private git cloning

2 Answers2