Configure Git¶
Rok-tools is configured to perform strict host checking and uses the key found
in /root/.ssh/id_rsa
to establish an SSH connection to github.com. This guide will walk you through this process.
Moreover, you will configure Git to use a username and an email globally.
Fast Forward
If you have already configured your management environment to establish an SSH connection to GitHub and configured your Git credentials, expand this box to fast-forward.
- Proceed to the Verify section.
Choose one of the following options to configure Git:
Air Gapped
If you cannot connect to GitHub with SSH, follow the Mirror Arrikto GitOps Repository guide. Then, return to this guide and proceed with the rest of it.
Overview
What You'll Need¶
- A deployment key for the Arrikto GitOps repository at https://github.com/arrikto/deployments.
- A valid email address.
Contact Arrikto
If you don't have a deployment key, please contact the Arrikto Tech Team to create one for you.
Option 1: Configure Git Automatically (preferred)¶
In order to automatically configure Git, you will run rok-deploy
.
rok-deploy
is a CLI tool used to automate and speed up the Arrikto EKF
deployment.
To start rok-deploy
, switch to your management environment and run:
root@rok-tools:~# rok-deploy
You will be greeted with the following screen:
Configure Git by following the on-screen instructions on the rok-deploy
user
interface.
Proceed to the Summary section.
Option 2: Configure Git Manually¶
If you want to configure Git manually, follow the instructions below.
Procedure¶
Create the SSH configuration directory for user
root
:root@rok-tools:~# mkdir -p /root/.ssh
Get the SSH key from
github.com
:root@rok-tools:~# export GITHUB_KEY=$(ssh-keyscan -t rsa github.com) github.com:22 SSH-2.0-babeld-2aa5ef1f
Generate the fingerprint of the above SSH key:
root@rok-tools:~# export GITHUB_FINGERPRINT=$(echo "${GITHUB_KEY?}" \ > | ssh-keygen -lf - \ > | cut -d ' ' -f 2 \ > | cut -d ':' -f 2)
Retrieve the official GitHub fingerprint:
root@rok-tools:~# GITHUB_OFFICIAL_FINGERPRINT=$(curl \ > -sSH "Accept: application/vnd.github.v3+json" \ > https://api.github.com/meta \ > | jq -r '.ssh_key_fingerprints | .SHA256_RSA')
Cross-check the two fingerprints and make sure they are the same:
root@rok-tools:~# [[ ${GITHUB_FINGERPRINT?} == "${GITHUB_OFFICIAL_FINGERPRINT?}" ]] \ > && echo OK \ > || echo FAIL OK
Update
known_hosts
with the SSH key from GitHub:root@rok-tools:~# echo "${GITHUB_KEY?}" >> /root/.ssh/known_hosts
Decrypt the Arrikto provided private SSH key:
Open a terminal and run:
root@rok-tools:~# gpg -d > /root/.ssh/id_rsa
The above command will appear to hang while it is waiting for the encrypted text.
Copy the encrypted text from the email, including the
-----BEGIN PGP MESSAGE-----
and-----END PGP MESSAGE-----
lines.Paste the encrypted text into the terminal, including the
-----BEGIN PGP MESSAGE-----
and-----END PGP MESSAGE-----
lines.Enter the passphrase, when
gpg
prompts you to.Press ctrl-d to inform
gpg
that there is no more input.You should end up with the private SSH key in
/root/.ssh/id_rsa
.
Set read-only permissions for the private SSH key:
root@rok-tools:~# chmod 400 /root/.ssh/id_rsa
Generate the public SSH key based on your private key:
root@rok-tools:~# ssh-keygen -yf ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
Set the name that Git will use:
root@rok-tools:~# export GIT_USER_NAME=<NAME>
Replace
<NAME>
with your name, for example:root@rok-tools:~# export GIT_USER_NAME="Joe Doe"
Set the email that Git will use:
root@rok-tools:~# export GIT_USER_EMAIL=<EMAIL>
Replace
<EMAIL>
with your email address, for example:root@rok-tools:~# export GIT_USER_EMAIL="joedoe@example.com"
Configure Git to use the name and email you specified in the previous step:
root@rok-tools:~# git config --global user.name "${GIT_USER_NAME?}"
root@rok-tools:~# git config --global user.email ${GIT_USER_EMAIL?}
Verify¶
Run
keychain
to start the SSH agent and use your SSH identity:root@rok-tools:~# eval "$(keychain --eval id_rsa)" * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... * Adding 1 ssh key(s): /root/.ssh/id_rsa * ssh-add: Identities added: /root/.ssh/id_rsa
Troubleshooting
Warning: can't find id_rsa; skipping
Your private SSH key provided by Arrikto doesn't exist. Rerun the Procedure of this guide.
Verify that you have read access to the Arrikto GitOps repository:
root@rok-tools:~# git ls-remote "git@github.com:arrikto/deployments.git" > /dev/null \ > && echo OK \ > || echo FAIL OK
Troubleshooting
Permission denied (publickey)
You haven't properly decrypted the SSH key provided by Arrikto. Rerun the Procedure of this guide.
Verify that you have configured Git with your name and email:
root@rok-tools:~# git config --global user.name Joe Doe
root@rok-tools:~# git config --global user.email joedoe@example.com
Summary¶
You have successfully configured Git in your management environment with your SSH key and identity.
What's Next¶
The next step is to clone the GitOps repository that contains all the necessary manifests for the deployment process.