Configure Git

Rok-tools is configured to perform strict host checking and uses the key found in /root/.ssh/id_rsa to establish an SSH connection to github.com. This guide will walk you through this process. Moreover, you will configure Git to use a username and an email globally.

Fast Forward

If you have already configured your management environment to establish an SSH connection to GitHub and configured your Git credentials, expand this box to fast-forward.

1. Proceed to the Verify section.

Choose one of the following options to configure Git:

• Option 1: Configure Git Automatically (preferred).
• Option 2: Configure Git Manually.

Air Gapped

If you cannot connect to GitHub with SSH, follow the Mirror Arrikto GitOps Repository guide. Then, return to this guide and proceed with the rest of it.

What You'll Need

• A deployment key for the Arrikto GitOps repository at https://github.com/arrikto/deployments.
• A valid email address.

Contact Arrikto

If you don't have a deployment key, please contact the Arrikto Tech Team to create one for you.

Option 1: Configure Git Automatically (preferred)

In order to automatically configure Git, you will run rok-deploy. rok-deploy is a CLI tool used to automate and speed up the Arrikto EKF deployment.

To start rok-deploy, switch to your management environment and run:

root@rok-tools:~# rok-deploy

You will be greeted with the following screen:

Configure Git by following the on-screen instructions on the rok-deploy user interface.

Proceed to the Summary section.

Option 2: Configure Git Manually

If you want to configure Git manually, follow the instructions below.

Procedure

1. Create the SSH configuration directory for user root:

   root@rok-tools:~# mkdir -p /root/.ssh
   

2. Get the SSH key from github.com:

   root@rok-tools:~# export GITHUB_KEY=$(ssh-keyscan -t rsa github.com)
    github.com:22 SSH-2.0-babeld-2aa5ef1f
   

3. Generate the fingerprint of the above SSH key:

   root@rok-tools:~# export GITHUB_FINGERPRINT=$(echo "${GITHUB_KEY?}" \
   > | ssh-keygen -lf - \
   > | cut -d ' ' -f 2 \
   > | cut -d ':' -f 2)
   

4. Retrieve the official GitHub fingerprint:

   root@rok-tools:~# GITHUB_OFFICIAL_FINGERPRINT=$(curl \
   > -sSH "Accept: application/vnd.github.v3+json" \
   > https://api.github.com/meta \
   > | jq -r '.ssh_key_fingerprints | .SHA256_RSA')
   

5. Cross-check the two fingerprints and make sure they are the same:

   root@rok-tools:~# [[ ${GITHUB_FINGERPRINT?} == "${GITHUB_OFFICIAL_FINGERPRINT?}" ]] \
   > && echo OK \
   > || echo FAIL
   OK
   

6. Update known_hosts with the SSH key from GitHub:

   root@rok-tools:~# echo "${GITHUB_KEY?}" >> /root/.ssh/known_hosts
   

7. Decrypt the Arrikto provided private SSH key:

   1. Open a terminal and run:

      root@rok-tools:~# gpg -d > /root/.ssh/id_rsa
      

      The above command will appear to hang while it is waiting for the encrypted text.

   2. Copy the encrypted text from the email, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

   3. Paste the encrypted text into the terminal, including the -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- lines.

   4. Enter the passphrase, when gpg prompts you to.

   5. Press ctrl-d to inform gpg that there is no more input.

   6. You should end up with the private SSH key in /root/.ssh/id_rsa.

8. Set read-only permissions for the private SSH key:

   root@rok-tools:~# chmod 400 /root/.ssh/id_rsa
   

9. Generate the public SSH key based on your private key:

   root@rok-tools:~# ssh-keygen -yf ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
   

10. Set the name that Git will use:

    root@rok-tools:~# export GIT_USER_NAME=<NAME>
    

    Replace <NAME> with your name, for example:

    root@rok-tools:~# export GIT_USER_NAME="Joe Doe"
    

11. Set the email that Git will use:

    root@rok-tools:~# export GIT_USER_EMAIL=<EMAIL>
    

    Replace <EMAIL> with your email address, for example:

    root@rok-tools:~# export GIT_USER_EMAIL="joedoe@example.com"
    

12. Configure Git to use the name and email you specified in the previous step:

    root@rok-tools:~# git config --global user.name "${GIT_USER_NAME?}"
    

    root@rok-tools:~# git config --global user.email ${GIT_USER_EMAIL?}
    

Verify

1. Run keychain to start the SSH agent and use your SSH identity:

   root@rok-tools:~# eval "$(keychain --eval id_rsa)"
   
    * keychain 2.8.2 ~ http://www.funtoo.org
    * Starting ssh-agent...
    * Adding 1 ssh key(s): /root/.ssh/id_rsa
    * ssh-add: Identities added: /root/.ssh/id_rsa
   

   Troubleshooting

   Warning: can't find id_rsa; skipping

   Your private SSH key provided by Arrikto doesn't exist. Rerun the Procedure of this guide.

2. Verify that you have read access to the Arrikto GitOps repository:

   root@rok-tools:~# git ls-remote "git@github.com:arrikto/deployments.git" > /dev/null \
   > && echo OK \
   > || echo FAIL
   OK
   

   Troubleshooting

   Permission denied (publickey)

   You haven't properly decrypted the SSH key provided by Arrikto. Rerun the Procedure of this guide.

3. Verify that you have configured Git with your name and email:

   root@rok-tools:~# git config --global user.name
   Joe Doe
   

   root@rok-tools:~# git config --global user.email
   joedoe@example.com
   

Summary

You have successfully configured Git in your management environment with your SSH key and identity.

What's Next

The next step is to clone the GitOps repository that contains all the necessary manifests for the deployment process.

• Clone GitOps Repository