Configure Git

Rok-tools is configured to perform strict host checking and uses the key found in /root/.ssh/id_rsa to establish an SSH connection to github.com. This guide will walk you through this process. Moreover, you will configure Git to use a username and an email globally.

Fast Forward

If you have already configured your management environment to establish an SSH connection to GitHub and configured your Git credentials, expand this box to fast-forward.

1. Run keychain to start the SSH agent and use your SSH identity:

   

   root@rok-tools:~# eval "$(keychain --eval id_rsa)" * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... * Adding 1 ssh key(s): /root/.ssh/id_rsa * ssh-add: Identities added: /root/.ssh/id_rsa

   Troubleshooting

   Warning: can’t find id_rsa; skipping

   Your private SSH key provided by Arrikto doesn’t exist. Rerun the Procedure of this guide.

   Cannot find public key for id_rsa

   If the above command shows the following warning message:

   

   Warning: Cannot find public key for id_rsa

   it means that keychain clould not find the file ~/.ssh/id_rsa.pub, which normally contains your public SSH key.

   To proceed, generate the public SSH key based on your private key:

   

   root@rok-tools:~# ssh-keygen -yf /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub

2. Proceed to the Verify section.

Choose one of the following options to configure Git:

• Option 1: Configure Git Automatically (preferred).
• Option 2: Configure Git Manually.

Air Gapped

If you cannot connect to GitHub with SSH, follow the Mirror Arrikto GitOps Repository guide. Then, return to this guide and proceed with the rest of it.

What You’ll Need

• An encrypted deployment key for the Arrikto GitOps repository at https://github.com/arrikto/deployments, which is similar to the following:

  gitconfig_dummy.asc

  

  1		-----BEGIN PGP MESSAGE-----
  2
  3		jA0ECQMCZYE2c+tkxZf00ocBYakv/K62OUtCVQz/P8Xq9j6FQK+2y/AsNFQZdnqT
  4-5
  4		bOnutQa3iSeCjH9SPnaHWLAoyyULGxA8DWpnrjK6a0lkHyM8shyJufOL5kCgHHmq
  5		ZZ9R5O8+6UgEPfzZZ8r2A8UcOpOY07L+K/K0eI0oRn0ShTPffVvfR+a5U6WqapF/
  6		3eeSgHnfY0w=
  7		=6Ssd
  8		-----END PGP MESSAGE-----

• The passphrase to decrypt the above.

• A valid email address.

Contact Arrikto

If you don’t have a deployment key, please contact the Arrikto Tech Team to create one for you.

Option 1: Configure Git Automatically (preferred)

In order to automatically configure Git, you will run rok-deploy. rok-deploy is a CLI tool used to automate and speed up the Arrikto EKF deployment.

To start rok-deploy, switch to your management environment and run:

root@rok-tools:~# rok-deploy

You will be greeted with the following screen:

Configure Git by following the on-screen instructions on the rok-deploy user interface.

Proceed to the Summary section.

Option 2: Configure Git Manually

If you want to configure Git manually, follow the instructions below.

Procedure

1. Create the SSH configuration directory for user root:

   

   root@rok-tools:~# mkdir -p /root/.ssh

2. Get the SSH key from github.com:

   

   root@rok-tools:~# export GITHUB_KEY=$(ssh-keyscan -t rsa github.com) github.com:22 SSH-2.0-babeld-2aa5ef1f

3. Generate the fingerprint of the above SSH key:

   

   root@rok-tools:~# export GITHUB_FINGERPRINT=$(echo "${GITHUB_KEY?}" \ > | ssh-keygen -lf - \ > | cut -d ' ' -f 2 \ > | cut -d ':' -f 2)

4. Retrieve the official GitHub fingerprint:

   

   root@rok-tools:~# GITHUB_OFFICIAL_FINGERPRINT=$(curl \ > -sSH "Accept: application/vnd.github.v3+json" \ > https://api.github.com/meta \ > | jq -r '.ssh_key_fingerprints | .SHA256_RSA')

5. Cross-check the two fingerprints and make sure they are the same:

   

   root@rok-tools:~# [[ ${GITHUB_FINGERPRINT?} == "${GITHUB_OFFICIAL_FINGERPRINT?}" ]] \ > && echo OK \ > || echo FAIL OK

6. Update known_hosts with the SSH key from GitHub:

   

   root@rok-tools:~# echo "${GITHUB_KEY?}" >> /root/.ssh/known_hosts

7. Decrypt the Arrikto-provided deployment key:

   Fast Forward

   If you have already decrypted the Arrikto-provided deployment key, expand this box to fast-forward this step.

   1. Run:

      

      root@rok-tools:~# cat > /root/.ssh/id_rsa

      Caution

      This will save your Arrikto-provided deployment key unencrypted in /root/.ssh/id_rsa.

      Note

      The above command will appear to hang while it is waiting for the decrypted text. Proceed to the next step to give the necessary input.

   2. Copy the decrypted text, including the -----BEGIN RSA PRIVATE KEY----- and ----END RSA PRIVATE KEY----- lines.

   3. Paste the decrypted text into the terminal, including the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- lines.

   4. Press Enter and then Ctrl+D to inform cat that there is no more input.

   5. You should end up with the private SSH key in /root/.ssh/id_rsa.

   6. Proceed to step 8.

   1. Run:

      

      root@rok-tools:~# gpg -d > /root/.ssh/id_rsa

      Caution

      This will save your Arrikto-provided deployment key unencrypted in /root/.ssh/id_rsa.

      Note

      The above command will appear to hang while it is waiting for the encrypted text. Proceed to the next step to give the necessary input.

   2. Copy the encrypted text from the email, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

   3. Paste the encrypted text into the terminal, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

   4. Enter the passphrase, when gpg prompts you to.

   5. Press Ctrl+D to inform gpg that there is no more input.

   6. You should end up with the private SSH key in /root/.ssh/id_rsa.

8. Set read-only permissions for the private SSH key:

   

   root@rok-tools:~# chmod 400 /root/.ssh/id_rsa

9. Generate the public SSH key based on your private key:

   

   root@rok-tools:~# ssh-keygen -yf /root/.ssh/id_rsa > /root/.ssh/id_rsa.pub

10. Run keychain to start the SSH agent and use your SSH identity:

    

    root@rok-tools:~# eval "$(keychain --eval id_rsa)" * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... * Adding 1 ssh key(s): /root/.ssh/id_rsa * ssh-add: Identities added: /root/.ssh/id_rsa

11. Set the name that Git will use:

    

    root@rok-tools:~# export GIT_USER_NAME=<NAME>

    Replace <NAME> with your name, for example:

    

    root@rok-tools:~# export GIT_USER_NAME="Joe Doe"

12. Set the email that Git will use:

    

    root@rok-tools:~# export GIT_USER_EMAIL=<EMAIL>

    Replace <EMAIL> with your email address, for example:

    

    root@rok-tools:~# export GIT_USER_EMAIL="joedoe@example.com"

13. Configure Git to use the name and email you specified in the previous step:

    

    root@rok-tools:~# git config --global user.name "${GIT_USER_NAME?}"
    

    root@rok-tools:~# git config --global user.email ${GIT_USER_EMAIL?}

Verify

1. Verify that you have read access to the Arrikto GitOps repository:

   

   root@rok-tools:~# git -c core.sshCommand="ssh -o BatchMode=yes" \ > ls-remote "git@github.com:arrikto/deployments.git" > /dev/null \ > && echo OK \ > || echo FAIL OK

   Troubleshooting

   Permission denied (publickey)

   Ensure that you have run keychain as specified in the Procedure or the Fast Forward section of this guide.

   If the error persists, it means that you haven’t properly decrypted the SSH key provided by Arrikto. Rerun the Procedure of this guide.

2. Verify that you have configured Git with your name and email:

   

   root@rok-tools:~# git config --global user.name Joe Doe
   

   root@rok-tools:~# git config --global user.email joedoe@example.com

Summary

You have successfully configured Git in your management environment with your SSH key and identity.

What’s Next

The next step is to clone the GitOps repository that contains all the necessary manifests for the deployment process.

• Clone GitOps Repository