Docker使用构build过程中使用的SSH密钥构builddockerfile（用于私人Git仓库）

Docker-Compose v3

我正在努力安装由我的公司制作的简单的GitHub存储库。 我们正在把我们的项目转移到Docker。 所以，我们目前正在使用Docker和Docker-Compose来构build和运行我们的容器。

但是，我们90％的项目使用私人回购，定制gem，我们最终将使用私人容器。

尽pipe通过Habitus将我的SSH密钥移动到容器上，在构build过程中手动复制它们，并试图装入卷，但似乎无法安装我的回购站。 但是我没有做的似乎工作。

例如。 DockerFile

FROM ubuntu # Installing tons of libraries. Not all of these might be needed RUN apt-get -y update && apt-get -y upgrade && apt-get -y install nodejs npm ruby curl openssh-server git php RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer # pulling id_rsa from local habitus network (this SUCCEEDS) ARG host RUN wget -O ~/.ssh/id_rsa http://$host:8080/v1/secrets/file/id_rsa && chmod 600 ~/.ssh/id_rsa # checking the ssh files are installed (this FAILS) RUN ssh -vvv -T git@git.my.company.com RUN gem install bundler RUN bundle install 

通过Habitus命令

 sudo habitus --build host=192.168.99.100 --secrets=true 

产量

 OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * Pseudo-terminal will not be allocated because stdin is not a terminal. debug1: Connecting to 192.168.99.100 [192.168.99.100] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_rsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_dsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ecdsa-cert type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519 type -1 debug1: key_load_public: No such file or directory debug1: identity file /root/.ssh/id_ed25519-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2 debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000 debug1: Authenticating to git.my.company.com:22 as 'git' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256@libssh.org debug1: kex: host key algorithm: ecdsa-sha2-nistp256 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ecdsa-sha2-nistp256 SHA256:OkseSPnItLVT0phkACs7TwGA1CZb9nMBSwp5UxdkIf4 debug1: Host 'git.my.company.com' is known and matches the ECDSA host key. debug1: Found key in /root/.ssh/known_hosts:1 debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: rekey after 134217728 blocks debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /root/.ssh/id_rsa debug1: Server accepts key: pkalg rsa-sha2-512 blen 535 debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Trying private key: /root/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey). 

现在，我尝试了很多其他的方法。 每一种方法，我都有同样的问题。 我有时会把我的构buildhibernate几分钟，而我SSH进入服务器，并检查我的〜/ .ssh /文件夹。 每次，所有的文件都匹配我的本地， 这成功地捆绑安装gem。 那么，为什么它告诉我“无法打开/ dev / tty：…”

它正在寻找一个密码。 这是因为docker容器作为“根”运行？ 我可以绕过这个吗？

你们在构build过程中如何将SSH密钥添加到DockerFile 中，以便可以运行“Bundle install”或“npm install”等命令？ 我在互联网上search了几天，尝试了所有我find的解决scheme，但是我最终总是从SSH尝试中获得相同的响应。

 RUN eval $(ssh-agent);ssh-add;ssh -vvv -T git@git.my.company.com 

 debug1: read_passphrase: can't open /dev/tty: No such device or address debug1: Trying private key: /root/.ssh/id_dsa debug1: Trying private key: /root/.ssh/id_ecdsa debug1: Trying private key: /root/.ssh/id_ed25519 debug1: No more authentication methods to try. Permission denied (publickey). 

 ENV DEBIAN_FRONTEND noninteractive 

 RUN unset DEBIAN_FRONTEND 

 FROM ubuntu RUN apt-get -y update && apt-get -y upgrade && apt-get -y install nodejs-legacy npm ruby curl openssh-server git php RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer #### THE SETTING OF DEBIAN noninteractive #### ENV DEBIAN_FRONTEND noninteractive RUN gem install bundler RUN mkdir /website WORKDIR /website # I made this temporary SSH key folder in the relative path of my Dockerfile because that is a requirement of DockerFile. However, I plan on using Habitus to safely and conveniently wget my keys from a local server RUN mkdir /root/.ssh COPY dockerkeys /root/.ssh RUN ssh -v -T git@git.my.company.com COPY . . RUN bundle install RUN composer install RUN npm install #### UNSETTING DEBIAN ENV #### RUN unset DEBIAN_FRONTEND RUN bundle install RUN composer install RUN npm install CMD [ "npm", "start" ] 

• Postgres在docker工人高山linux容器
• 在docker容器中安装包

• 我想知道，我怎样才能使容器使用端口转发？
• 如何使用docker-java获取正在运行的容器的容器ID？
• 在容器中运行selenium / capybaratesting时，Docker“无法打开TCP连接到127.0.0.1:4444”
• Docker-compose mysql似乎无法识别环境variablesMYSQL_RANDOM_ROOT_PASSWORD
• 如何从DockerClient.waitContainerCmd（）等待ResultCallback？
• 模拟Docker中的networking故障
• 不能在Windows 10上安装docker
• 泊坞窗图像正在运行，但网页错误 – docker
• Gogits不会开始作为docker集装箱