- From: Phil Mocek <
>
- To:
- Subject: [chef] Re: application_php: deploy_revision fails on attempt to use ~apache/.ssh/known_hosts - SOLVED
- Date: Fri, 8 Feb 2013 13:31:28 -0800
On Thu, Feb 07, 2013 at 11:57:55AM -0800, Phil Mocek wrote:
>
I have a cookbook that depends on application and application_php,
>
with simple default recipe like:
>
>
application "my_app" do
>
path "/srv/my_app"
>
owner node[:apache][:user]
>
group node[:apache][:user]
>
>
scm_provider Chef::Provider::Git
>
repository
>
"
:my_org/my_app.git"
>
deploy_key "my_deployment_private_key_here"
>
>
mod_php_apache2
>
end
>
>
It fails like this (see more at <https://gist.github.com/pmocek/4733480>):
[snip]
As several people noted, I was having the user as which Apache
runs deploy my application, and this is inadvisable. However,
root cause of my problem was a corrupted deployment key, which
caused SSH to attempt to update the known_hosts file for my
application's user (apache). Fixing the key resulted in
successful deployment of the application and completion of
convergence.
To avoid the potential trouble of which others warned, I added the
following user resource to my recipe along with a corresponding
default attribute:
user node[:my_app][:user] do
action [ :create, :lock ]
system true
home "/home/#{name}"
supports :manage_home => true
shell "/bin/false"
end
And I updated the application resource to use that user:
application "my_app" do
path "/srv/my_app"
owner node[:my_app][:user]
group node[:my_app][:user]
scm_provider Chef::Provider::Git
repository
"
:my_org/my_app.git"
deploy_key "my_deployment_private_key_here"
mod_php_apache2
end
--
Phil Mocek
http://mocek.org/
Archive powered by MHonArc 2.6.16.