How can I get my model api to use ssh-keys or a internal CA cert with git repos?

elsammons
elsammons Member Posts: 8
edited October 2020 in Q&A

I am trying to get my Model API deployed using Git; however, with SSH you are prompted to accept new keys (so this doesn't work) and with https you must have the appropriate CA cert in place. We have an internal Root Certificate Authority that I need to get added to the ca_certificates on the deployed container image. I've attempted to use the standard ubuntu method but either the steps were incorrect or they are not the correct steps for this container image.

In my Dockerfile instructions I added the following:

RUN mkdir /usr/local/share/ca-certificates/internal && cp /tmp/newca.crt /usr/local/share/ca-certificates/internal/. && chmod 755 /usr/local/share/ca-certificates/intenral && chmod 644 /usr/local/share/ca-certificates/internal && update-ca-certificates

Any thoughts on what I'm doing wrong or perhaps what I should be doing instead to get this to work? If there's an ssh solution that doesn't involve globally/blindly accepting ssh keys I am open to that as well. I had tried this for an ssh workaround:

RUN mkdir -p /home/ubuntu/.ssh && chmod 700 /home/ubuntu/.ssh && chown -R ubuntu:ubuntu /home/ubuntu
RUN ssh-keyscan <git host> >> /tmp/gitKey
RUN ssh-keygen -lf /tmp/gitKey
RUN cat /tmp/gitKey >> /home/ubuntu/.ssh/known_hosts
RUN chmod 644 /home/ubuntu/.ssh/known_hosts && chown ubuntu:ubuntu /home/ubuntu/.ssh/known_hosts
Tagged:

Best Answer

  • elsammons
    elsammons Member Posts: 8
    Accepted Answer

    Looks like the above is working in Domino 4.3.1.

    RUN mkdir -p /home/ubuntu/.ssh && chmod 700 /home/ubuntu/.ssh && chown -R ubuntu:ubuntu /home/ubuntu
    RUN ssh-keyscan <git host> >> /tmp/gitKey
    RUN ssh-keygen -lf /tmp/gitKey
    RUN cat /tmp/gitKey >> /home/ubuntu/.ssh/known_hosts
    RUN chmod 644 /home/ubuntu/.ssh/known_hosts && chown ubuntu:ubuntu /home/ubuntu/.ssh/known_hosts
    
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!