- From: Noah Kantrowitz <
>
- To:
- Subject: [chef] Re: application_php: deploy_revision fails on attempt to use ~apache/.ssh/known_hosts
- Date: Thu, 7 Feb 2013 16:52:03 -0800
First thing, don't run your deploy as the apache user, this would leave you
in a situation where apache can modify the code which is a potential security
nightmare. Just make a service user for this application and give it a real
homedir :)
--Noah
On Feb 7, 2013, at 11:57 AM, Phil Mocek wrote:
>
How can I debug SSH-related git commands performed by the
>
deploy_revision provider for an application deployed with the
>
application_php cookbook?
>
>
I have a cookbook that depends on application and application_php,
>
with simple default recipe like:
>
>
application "my_app" do
>
path "/srv/my_app"
>
owner node[:apache][:user]
>
group node[:apache][:user]
>
>
scm_provider Chef::Provider::Git
>
repository
>
"
:my_org/my_app.git"
>
deploy_key "my_deployment_private_key_here"
>
>
mod_php_apache2
>
end
>
>
It fails like this (see more at <https://gist.github.com/pmocek/4733480>):
>
>
[2013-02-07T19:08:16+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed:
>
deploy_revision[my_app]
>
(/tmp/vagrant-chef-1/chef-solo-1/cookbooks/application/providers/default.rb
>
line 122) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected
>
process to exit with [0], but received '128'
>
---- Begin output of git ls-remote
>
:my_org/my_app.git
>
HEAD ----
>
STDOUT:
>
STDERR: Could not create directory '/var/www/.ssh'.
>
Failed to add the host to the list of known hosts
>
(/var/www/.ssh/known_hosts).
>
Permission denied (publickey).
>
fatal: The remote end hung up unexpectedly
>
---- End output of git ls-remote
>
:my_org/my_app.git
>
HEAD ----
>
Ran git ls-remote
>
:my_org/my_app.git
>
HEAD returned 128
>
>
/var/www is the home directory of node[:apache][:user].
>
>
In addition to my application's cookbook, I'm using the following,
>
managed by Berkshelf:
>
>
* apache2 (1.3.2)
>
* application (2.0.0)
>
* application_php (1.0.4)
>
* build-essential (1.3.0)
>
* mysql (2.0.2)
>
* openssl (1.0.0)
>
* php (1.1.0)
>
* xml (1.1.0)
>
>
Searching the application and application_php cookbooks, I don't
>
find any matches on "ls-remote" or "known_hosts". I haven noticed
>
anything in the docs for those cookbooks or for the deploy_version
>
provider about setting an SSH configuration directory. Web
>
searches for combinations of the applicable cookbooks and
>
directories have not turned up useful information. Searching this
>
list, I found a related thread ["Could not create directory
>
'/nonexistent/.ssh'. (may be red herring)"][1] but it didn't get
>
past a suggestion to "adjust the home directory or instruct SSH
>
where to store the known hosts in the event the default cannot be
>
written to," and it seems to me that doing so would likely mask
>
either a bug in or deficiency of documentation for one of these
>
cookbooks.
>
>
>
References:
>
>
[1]: <http://lists.opscode.com/sympa/arc/chef/2012-07/msg00060.html>
>
>
--
>
Phil Mocek
>
http://mocek.org/
Archive powered by MHonArc 2.6.16.