cedricziel / dokku-hostkeys-plugin Goto Github PK

View Code? Open in Web Editor NEW

49.0 7.0 21.0 43 KB

Manage hostkeys (for .ssh/known_hosts) to your container environment

License: MIT License

Shell 88.41% Makefile 11.59%

dokku-hostkeys-plugin's Introduction

SSH HostKeys Plugin for Dokku

Manage hostkeys (for .ssh/known_hosts) to your container environment

This is useful if you hide your sourcecode in private repositories at VCS providers such as GitHub or Bitbucket.

You probably need something to manage your deployment keys as well. Checkout dokku-deployment-keys

requirements

dokku 0.4.0+
docker 1.8.x

installation

# on 0.3.x
cd /var/lib/dokku/plugins
git clone https://github.com/cedricziel/dokku-hostkeys-plugin.git hostkeys-keys
dokku plugins-install

# on 0.4.x
dokku plugin:install https://github.com/cedricziel/dokku-hostkeys-plugin.git hostkeys-keys

usage

Use the dokku hostkeys command for further information:

The hostkeys plugin manages the known_hosts file for your apps.

You need those known_hosts files, when you want to open a SSH connection to a foreign host,
such as when compiling the app and pulling in dependencies.

After adding hostkeys to your Dokku host/app, they will automatically be baked in on the
next time you compile your app.

There are 2 types of keys:
1.) Shared Keys
Shared keys are valid for all your apps on the Dokku host. You may probably want to add
some popular hosts in there such as BitBucket, GitHub or even your private VCS that is reachable.

2.) App-Level Hostkeys
App-Level Hostkeys may be needed for external dependencies which you licensed, or that reside
on a different host

Auto-Adding Hostkeys
--------------------
There is another possibility to add host keys, if you do not want to enter a hostkey manually:
You can autoadd hosts. You provide the hostname and your Dokku host will resolve it for you.
(THIS IS NOT A GOOD PRACTICE!)
You should only do this if you are 100% sure your DNS is not compromised.

$ dokku hostkeys:shared:autoadd github.com
This command would automatically discover the hostkeys for github.com, add it to the shared
known_hosts file and add it to your apps slug on recompile.

$ dokku hostkeys:shared:autoadd mycoolapp github.com
This command would automatically discover the hostkeys for github.com, add it to your known_hosts
file for the mycoolapp app and will be compiled inside the slug on recompile.

You may as well want to have a look at the dokku-deployment-keys plugin on GitHub:
http://github.com/cedricziel/dokku-deployment-keys

Projects are kept separate because they each do one different thing.

commands:

hostkeys                                        Print an explanation (Useful to get the concept)
hostkeys:shared:show                            Show shared hostkeys
hostkeys:shared:add                             Add a shared hostkey
hostkeys:shared:delete                          Deletes all shared hostkeys
hostkeys:shared:autoadd <hostname>              Automatically add hostkeys for a given host to the shared hostkeys
hostkeys:app:show <app>                         Show all hostkeys for a given app
hostkeys:app:add <app>                          Add a app-specific hostkey
hostkeys:app:delete <app>                       Deletes all app-specific hostkeys
hostkeys:app:autoadd <app> <hostname>           Automatically add hostkeys for a given host to the shared hostkeys

License

MIT License

dokku-hostkeys-plugin's People

Contributors

Stargazers

Watchers

Forkers

dokku robinqu freiric geocens ahmautom alessio josegonzalez davidlaprade elia identifork dansoap cloudxtreme yuricus cloudaper leo311 f4-group

dokku-hostkeys-plugin's Issues

/etc/ssh/ssh_known_hosts is not picked by default

according to ssh_config(5) :

UserKnownHostsFile
         Specifies one or more files to use for the user host key data-
         base, separated by whitespace.  The default is
         ~/.ssh/known_hosts, ~/.ssh/known_hosts2.

I think you should configure UserKnownHostsFile to ssh_config in your pre-build script.

"Empty argument. Try again" while trying to add a new key

On a fresh dokku setup (Ubuntu 18.04, dokku 0.19.12), I was not able to add either a shared key or an app key, I always get the message Empty argument. Try again.

Here is the test I did with "github.com" :

root@u18-dokku:~# dokku apps:create test
-----> Creating test... done
root@u18-dokku:~# dokku hostkeys:shared:add "$(ssh-keyscan -t rsa github.com 2>/dev/null)"
Empty argument. Try again.
root@u18-dokku:~# dokku hostkeys:app:add test "$(ssh-keyscan -t rsa github.com 2>/dev/null)"
No app specific keys folder available. creating..
No app specific keys file available. creating..
Empty argument. Try again.

Permission denied when trying to add the shared key

Hi,

When deploying my application, I've got the following error:

remote: Cloning into '/tmp/tmp.iwgHKe7LDV'...�[K
remote: done.�[K
remote: HEAD is now at 86307c3... Added swagger specification�[K
remote: -----> Building api-bdr using buildstep...�[K
remote: -----> Checking Hostkeys Plugin sanity ...�[K
remote: -----> Installing Hostkeys in build environment ...�[K
remote:        No app keys available.�[K
remote:        Adding shared keys.�[K
remote: -----> Done Installing Hostkeys in build environment ...�[K
remote:        Added the following keys:�[K
remote:        |1|a1qQ8WaJyjuOdoc5x0oWqUFrwbo=|n7ncdGvlX+Pgnvxi79qAkAX4D/w= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvvtBQnpDJ8XjEKRvAA24bgxfL5ORrRuoUXbu7WpYQ0K36QuPX6i2Tq6e7kNYdIA6YmjEoO3BuGOhMvVt4NGycdYnwmCY2uQzx2NnvmnxzGKHHyezkwti8gO4zyzQ9/4H6QMTba4PeZrICw2z0IzAD8YKgVz+Mz45Xi94GOtVr18P1jm2tXYgVSSX2M/C+ydNqZeomVzTRVZKT1AdZKWfognveeUdQpo8Shs9PoXJHMb9ZJLLsXbFxhZV/UP8giMd8bm3nJ01tNJ4Uv7VibdZSDVg7DPX7rqJ0v88L/+SbuqTOIreHm6QiGk0M6mM1kDiR/On42dT0GlRUSlGwBH8ZQ==�[K
remote: cp: cannot access './.ssh': Permission denied�[K
To [email protected]:api-bdr
 ! [remote rejected] master -> master (pre-receive hook declined)

Any idea on how to solve this issue? I want to be able to use a shared key to access my private repositories during the build process.

duplicate line

Looks like this line is duplicate:

https://github.com/cedricziel/dokku-hostkeys-plugin/blob/master/commands#L258

Incompatible with dokku 0.32.0

It appears that due to the deprecation of pre-build-buildpack in 0.32.0, builds using this plugin (and the deployment-keys plugin) fail. The actual error is thrown by Docker attempting to pull a dokku/herokuish image (which it can't find)... as the APP_IMAGE variable gets set wrong. A run with dokku trace:on let me to these plugins as the source.

After downgrading to dokku 0.31.0, builds using hostkeys and deployment-keys plugins run fine.

Bug: Hang in ps:rebuild

Here is how I get the hang

dokku ps:rebuild myapp
-----> Cleaning up...
-----> Building myapp from herokuish...
-----> Adding BUILD_ENV to build environment...
-----> Checking deploymentkeys Plugin sanity ...
-----> Installing shared SSH keys in build environment ...
-----> Checking Hostkeys Plugin sanity ...
-----> Installing Hostkeys in build environment ...
       No app keys available.
       Adding shared keys.

Deploying apps works fine, but there seems to be an issue with rebuilding. The cursor just keeps blinking after "Adding shared keys." I only have the one github key added. It's a 4gb ram droplet, and I left the process for 20 minutes, no progress. I also have the deploy key plugin installed..

After installing, `dokku` command hangs

This is what happens, in screenshot form:

There is no further output. Removing this plugin resolves the issue.

After installing this plugins, pre-build scripts in other plugins won't run

Any thoughts?

remote ssh with different port number

I'm struggling to get deploy keys / hostkeys to work.

My remote git server has a non-standard port number.

Has anyone had any luck setting this up?

I've tried

sudo ssh-keyscan -p1234 git.myrepo.com >>  /home/dokku/.hostkeys/shared/.ssh/known_hosts

Not sure if this is an issue with deploy key, or host key....

Cannot copy keys to list of known hosts

After adding a key (via the dokku commands and manually), the key successfully loads:

-----> Checking Hostkeys Plugin sanity ...
-----> Installing Hostkeys in build environment ...
       No app keys available.
       Adding shared keys.
-----> Done Installing Hostkeys in build environment ...
       Added the following keys:
       github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

When I attempt to connect to github, I get the following error:

remote: Failed to add the RSA host key for IP address '192.30.252.128' to the list of known hosts (/etc/ssh/ssh_known_hosts).

hostkey doesn't work for github

I added a hostkey for github the automatic way: dokku hostkeys:shared:autoadd github.com

This adds the key and during deployment it says:

----> Installing Hostkeys in build environment ...
       No app keys available.
       Adding shared keys.
-----> Done Installing Hostkeys in build environment ...
       Added the following keys:
       |1|mYAxNC3vsEL66uhKGDgh9LwDoZQ=|V/D7XlZCX/voWV+FjbUo7nKAV+E= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

Which seems ok.

Content of /home/dokku/.hostkeys/shared/.ssh/known_hosts

 [RuntimeException]
       Failed to execute git clone --no-checkout '[email protected]:deliciousbrains/wp-amazon-s3-and-cloudfront.git' 'web/app/plugins/wp-amazon-s3-and-cloudfront/' && cd 'web/app/plugins/wp-amazon-s3-and-cloudfront/' && git remote add composer '[email protected]:deliciousbrains/wp-amazon-s3-and-cloudfront.git' && git fetch composer

Weird thing is this works for another server. But on this one it keeps failing. I tried deploying without any composer git packages and then it works fine. So it's absolutely some error during cloning.

But still during deployment it throws the error:

       [RuntimeException]
       Failed to execute git clone --no-checkout '[email protected]:deliciousbrains/wp-amazon-s3-and-cloudfront.git' 'web/app/plugins/wp-amazon-s3-and-cloudfront/' && cd 'web/app/plugins/wp-amazon-s3-and-cloudfront/' && git remote add composer '[email protected]:deliciousbrains/wp-amazon-s3-and-cloudfront.git' && git fetch composer

Hostkeys not added for the user code runs as

When I create a node dokku app the code runs as a user u2079 (but the name of the user seems to vary with each deployment). When node calls a script which tries to git push it doesn't work because the user in question hasn't accepted the host keys

Transfer plugin to josegonzalez

Hi! I'm one of the Dokku maintainers.

Seems like you may not be using Dokku anymore, and therefore not maintaining this plugin. I can probably do so on your behalf if you transfer it over. I'd keep any copyright/license stuff of course, and definitely mention you as the original maintainer.

Thoughts?

Apps cannot be renamed with plugin enabled

There is a dokku feature called apps:rename. When I enable the plugin "hostkeys-plugin" - It is not possible to rename the app.

This is working:

➜  node-js-getting-started git:(master) ssh -t [email protected] dokku plugin:disable deployment-keys
-----> Plugin deployment-keys disabled
Connection to dokku.me closed.
➜  node-js-getting-started git:(master) ssh -t [email protected] dokku plugin:disable hostkeys-plugin
-----> Plugin hostkeys-plugin disabled

➜  node-js-getting-started git:(master) ssh -t [email protected] dokku apps:create rename_me
Creating rename_me... done
Connection to dokku.me closed.
➜  node-js-getting-started git:(master) git remote add dokku [email protected]:rename_me        
fatal: externes Repository dokku existiert bereits
➜  node-js-getting-started git:(master) git remote remove dokku                      
➜  node-js-getting-started git:(master) git remote add dokku [email protected]:rename_me
➜  node-js-getting-started git:(master) git push dokku master
➜  node-js-getting-started git:(master) ssh -t [email protected] dokku apps:rename rename_me i_am_renamed

....

=====> Application deployed:
       http://i_am_renamed.dokku.me

Renaming rename_me to i_am_renamed... done

This is not working:

➜  node-js-getting-started git:(master) ssh -t [email protected] dokku plugin:enable hostkeys-plugin
-----> Plugin hostkeys-plugin enabled
➜  node-js-getting-started git:(master) ssh -t [email protected] dokku apps:rename i_am_renamed i_cannot_be_renamed
Destroying i_am_renamed (including all add-ons)
-----> Cleaning up...
-----> Building i_cannot_be_renamed from herokuish...
-----> Adding BUILD_ENV to build environment...
-----> Checking Hostkeys Plugin sanity ...
-----> Installing Hostkeys in build environment ...
       No app keys available.
       Adding shared keys.

At this point - the "renaming" fails (or does not finish in a sane amount of time - I did a CTRL-C after 5 minutes).

/grüße