[chef] Re: application_php: deploy_revision fails on attempt to use ~apache/.ssh/known_hosts


Chronological Thread 
  • From: Andrea Campi < >
  • To: " " < >
  • Subject: [chef] Re: application_php: deploy_revision fails on attempt to use ~apache/.ssh/known_hosts
  • Date: Fri, 8 Feb 2013 11:13:09 +0100

 I haven noticed anything in the docs for those cookbooks or for the deploy_version provider about setting an SSH configuration directory.

Looking at deploy_version was a good intuition.
This has nothing to do with the application cookbook; if you try to do the same using the deploy resource, you will likely get the same error.
It might be easier to debug it that way, so try to get a simpler recipe with deploy_version first.

As Noah suggested, don't use the apache user; that's a security no-no.
Create a new user instead, and make sure it has write access to its home directory.
That should get you going.

Andrea



On Thu, Feb 7, 2013 at 8:57 PM, Phil Mocek < " target="_blank"> > wrote:
How can I debug SSH-related git commands performed by the
deploy_revision provider for an application deployed with the
application_php cookbook?

I have a cookbook that depends on application and application_php,
with simple default recipe like:

    application "my_app" do
        path "/srv/my_app"
        owner node[:apache][:user]
        group node[:apache][:user]

        scm_provider Chef::Provider::Git
        repository " :my_org/my_app.git"
        deploy_key "my_deployment_private_key_here"

        mod_php_apache2
    end

It fails like this (see more at <https://gist.github.com/pmocek/4733480>):

    [2013-02-07T19:08:16+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: deploy_revision[my_app] (/tmp/vagrant-chef-1/chef-solo-1/cookbooks/application/providers/default.rb line 122) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '128'
    ---- Begin output of git ls-remote :my_org/my_app.git HEAD ----
    STDOUT:
    STDERR: Could not create directory '/var/www/.ssh'.
    Failed to add the host to the list of known hosts (/var/www/.ssh/known_hosts).
    Permission denied (publickey).
    fatal: The remote end hung up unexpectedly
    ---- End output of git ls-remote :my_org/my_app.git HEAD ----
    Ran git ls-remote :my_org/my_app.git HEAD returned 128

/var/www is the home directory of node[:apache][:user].

In addition to my application's cookbook, I'm using the following,
managed by Berkshelf:

    * apache2 (1.3.2)
    * application (2.0.0)
    * application_php (1.0.4)
    * build-essential (1.3.0)
    * mysql (2.0.2)
    * openssl (1.0.0)
    * php (1.1.0)
    * xml (1.1.0)

Searching the application and application_php cookbooks, I don't
find any matches on "ls-remote" or "known_hosts".  I haven noticed
anything in the docs for those cookbooks or for the deploy_version
provider about setting an SSH configuration directory.  Web
searches for combinations of the applicable cookbooks and
directories have not turned up useful information.  Searching this
list, I found a related thread ["Could not create directory
'/nonexistent/.ssh'. (may be red herring)"][1] but it didn't get
past a suggestion to "adjust the home directory or instruct SSH
where to store the known hosts in the event the default cannot be
written to," and it seems to me that doing so would likely mask
either a bug in or deficiency of documentation for one of these
cookbooks.


References:

 [1]: <http://lists.opscode.com/sympa/arc/chef/2012-07/msg00060.html>

--
Phil Mocek
http://mocek.org/




Archive powered by MHonArc 2.6.16.

§