Using pure Git, you can easily push to two or more repositories with a single push command. Git's decentralization is useful in solving this problem. Many developers and users would prefer to support and interact with a stack such as GitLab, which has an open source community edition. In short, if the internet has taught us anything over the past few decades, it's that relying on the internet to magically create backups isn't the most reliable road to redundancy.īesides, it's a problem for a lot of people that many open source projects are hosted on GitHub, which is not an open platform. Nobody anticipated the closure of Google Code, Microsoft CodePlex, or Gitorious when they were at their peak. Similarly, entire code-hosting sites have disappeared in the past. This, in theory, mitigates "disasters" such as a project maintainer suddenly deciding to remove a repository or inexplicably blocking all traffic and leaving developers scrambling to figure out who has the latest version of the master branch. If 100 people do that, then there are 100 backup copies of a repository. The theory is that each time someone clones a Git repository to their local computer, they are creating a backup of the project's source code. Because Git is decentralized, many people also think of it as a kind of crowdsourced backup solution. It's in your computer at home, it's in your computer at work, it's on the internet, and a lot of it is managed with Git. The first thing we need to do is to generate a new SSH key and capture the contents of the public key, which we will be using later.Open source is everywhere. Once the variables are set, let’s begin developing our role. For example /usr/bin/git Role Development GIT_EXECUTABLE: The location of the git binary on the target machine. A typical location would be ~/.ssh/known_hosts KNOWN_HOSTS_PATH: Location of the SSH known_hosts file on the target machine. An example would be Switch to this branch after cloningĬLONE_DEST: The folder where repository should be cloned to GIT_REPO: The SSH url of the GitHub repository to be cloned. A typical location would be ~/.ssh/id_rsa.git KEY_PATH: Full path of the directory where the SSH key should be stored. KEY_TITLE: The title of the SSH key to be added to the GitHub account Great! Now go ahead and paste the generated encrypted variable into vars/main.yml fileĪside from GITHUB_ACCESS_TOKEN, there are seven other variables that we will be using in our role: I like to use a passphrase and encrypt it using an encryption tool:Īnsible-vault encrypt_string '' -name 'GITHUB_ACCESS_TOKEN' -vault-password-file=/path/to/password/file A password file can be a simple text file containing your Ansible vault password. To avoid being prompted for a vault password, we will be using a vault password file. Because we want to automate the process of cloning a private repository, we don’t want to stop the playbook for user input during run time. To decrypt the encrypted string at run time, Ansible will prompt the user to enter the vault password. Ansible Vault provides an easy way to encrypt a string and use it as a variable. Once we have generated the token, it should be encrypted before being used in a playbook. Make sure to select the following four scopes for your token: From there, go to Settings -> Developer Settings -> Personal access tokens -> Generate new token. To do that, simply go to your GitHub home page. The first order of business that we need to take care of is creating a GitHub personal access token. We will be following the second approach by developing a role that creates a new SSH key on the remote machine, adds the public key to a GitHub account and, ultimately, clones the private repository.īefore we jump into developing our role, there are some prerequisites that we need to satisfy. If the remote machine is ever compromised, your private key would be exposed.Ĭreate a task or role that generates a new SSH key on the remote machine and adds the public key to the git server. It is not advisable to do this due to security concerns. At this point, two possible solutions to this problem would be:Ĭreate a task that copies your local SSH private key to the remote machine before performing the clone operation. As a result, the git server is unable to authenticate the clone request. This is happening because the remote machine where Ansible is trying to clone the repository into, does not have the same SSH credentials that your local machine does.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |