1

I am currently struggling on the fact to generate an instance and directly run some code regarding Google Compute Engine. The main issue I have is that it works with a public repo ut if I want to clone a private repo, it doesn't work anymore...

I tried a lot of workarounds and until now I couldn't find any situation. I have this startup-script.sh :

#!/usr/bin/env bash
set -ex

# Talk to the metadata server to get the project id and location of application binary.
PROJECTID=$(curl -s "http://metadata.google.internal/computeMetadata/v1/project/project-id" -H "Metadata-Flavor: Google")

# Install logging monitor. The monitor will automatically pickup logs send to
# syslog.
sudo curl -s "https://storage.googleapis.com/signals-agents/logging/google-fluentd-install.sh" | sudo bash
sudo service google-fluentd restart &

# Install dependencies from apt (I actually need them)
sudo apt-get update
sudo apt-get install -yq ca-certificates supervisor git emacs redis-server

#############
# Here I have to setup my SSH key but what are my possibilities?
#############

# Cloning my repo
git clone git@gitlab.com:MY-AWESOME-SERVICE.git service

# Create a goapp user. The application will run as this user.
sudo getent passwd goapp || sudo /usr/sbin/useradd -m -d /home/goapp goapp
sudo chown -R goapp:goapp service

# Configure supervisor to run the Go app.
sudo echo "
[program:goapp]
directory=/service
command=/service/main
autostart=true
autorestart=true
user=goapp
environment=HOME=\"/home/goapp\",USER=\"goapp\"
stdout_logfile=syslog
stderr_logfile=syslog
" > goapp.conf

sudo mv goapp.conf /etc/supervisor/conf.d/goapp.conf

sudo supervisorctl reread
sudo supervisorctl update

# Application should now be running under supervisor

I saw a couple of stuff about ssh-copy-id but I am not sure to fully understand how does it work

Thanks for any help!

Emixam23
  • 3,854
  • 8
  • 50
  • 107
  • Why do you think you need to setup a set of SSH keys? Doesn't GCP do that for you automatically? What is it you are trying to achieve? What do you think you will be able to do after setting up these keys that you can't immediately do already? – Kolban Nov 06 '19 at 20:17
  • I want, through the script, to run a program. This program is on a private gitlab and I cannot clone it. Once I can clone it, the script should be able to run the program and by the next commands, re-execute it if it crashes (theoretically but since I had to fix the script so much, it's only a theory by now). – Emixam23 Nov 06 '19 at 20:21
  • Assuming GCP wasn't in the story and this was a standard Linux environment, what would you code/use to achieve your keys? – Kolban Nov 06 '19 at 20:52
  • I don’t know to be honest.. Thing is, I need to first register the ssh key to GitLab, so it means the key cannot be generated but only copied/transfered? So I would just tried to copy paste through the script in this scenario but it didn’t worked out, I still get exit 128 – Emixam23 Nov 06 '19 at 21:01
  • You can clone your repo on Cloud Source Repositories and then use service account. – Mahesh Khond Nov 07 '19 at 09:52
  • But my company is using GitLab .. :/ – Emixam23 Nov 07 '19 at 14:19
  • I think what we need to do is capture the steps you would perform by hand on a virgin Compute Engine. My guess (and it is only a guess) is that your gitlab environment generates a key pair. You would then need to have half of that keypair on your Compute Engine to perform the clone. Assuming that to be correct, you could store the key that is needed by Compute Engine in either metadata or a GCS object and then, in your script, download it to the local Compute Engine file. Again, first step is to capture the recipe for manual access and then we can look to startup script automation. – Kolban Nov 09 '19 at 15:46

0 Answers0