Configure Git¶
Rok-tools is configured to perform strict host checking and uses the key found
in /root/.ssh/id_rsa
to establish an SSH connection to github.com. This guide will walk you through this process.
Moreover, you will configure Git to use a username and an email globally.
Fast Forward
If you have already configured your management environment to establish an SSH connection to GitHub and configured your Git credentials, expand this box to fast-forward.
Run
keychain
to start the SSH agent and use your SSH identity:root@rok-tools:~# eval "$(keychain --eval id_rsa)" * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... * Adding 1 ssh key(s): /root/.ssh/id_rsa * ssh-add: Identities added: /root/.ssh/id_rsaTroubleshooting
Warning: can’t find id_rsa; skipping
Your private SSH key provided by Arrikto doesn’t exist. Rerun the Procedure of this guide.
Cannot find public key for id_rsa
If the above command shows the following warning message:
Warning: Cannot find public key for id_rsait means that keychain clould not find the file
~/.ssh/id_rsa.pub
, which normally contains your public SSH key.To proceed, generate the public SSH key based on your private key:
root@rok-tools:~# ssh-keygen -yf /root/.ssh/id_rsa > /root/.ssh/id_rsa.pubProceed to the Verify section.
Choose one of the following options to configure Git:
Air Gapped
If you cannot connect to GitHub with SSH, follow the Mirror Arrikto GitOps Repository guide. Then, return to this guide and proceed with the rest of it.
Overview
What You’ll Need¶
An encrypted deployment key for the Arrikto GitOps repository at https://github.com/arrikto/deployments, which is similar to the following:
gitconfig_dummy.asc1 -----BEGIN PGP MESSAGE----- 2 3 jA0ECQMCZYE2c+tkxZf00ocBYakv/K62OUtCVQz/P8Xq9j6FQK+2y/AsNFQZdnqT 4-5 4 bOnutQa3iSeCjH9SPnaHWLAoyyULGxA8DWpnrjK6a0lkHyM8shyJufOL5kCgHHmq 5 ZZ9R5O8+6UgEPfzZZ8r2A8UcOpOY07L+K/K0eI0oRn0ShTPffVvfR+a5U6WqapF/ 6 3eeSgHnfY0w= 7 =6Ssd 8 -----END PGP MESSAGE----- The passphrase to decrypt the above.
A valid email address.
Contact Arrikto
If you don’t have a deployment key, please contact the Arrikto Tech Team to create one for you.
Option 1: Configure Git Automatically (preferred)¶
In order to automatically configure Git, you will run rok-deploy
.
rok-deploy
is a CLI tool used to automate and speed up the Arrikto EKF
deployment.
To start rok-deploy
, switch to your management environment and run:
You will be greeted with the following screen:
Configure Git by following the on-screen instructions on the rok-deploy
user
interface.
Proceed to the Summary section.
Option 2: Configure Git Manually¶
If you want to configure Git manually, follow the instructions below.
Procedure¶
Create the SSH configuration directory for user
root
:root@rok-tools:~# mkdir -p /root/.sshGet the SSH key from
github.com
:root@rok-tools:~# export GITHUB_KEY=$(ssh-keyscan -t rsa github.com) github.com:22 SSH-2.0-babeld-2aa5ef1fGenerate the fingerprint of the above SSH key:
root@rok-tools:~# export GITHUB_FINGERPRINT=$(echo "${GITHUB_KEY?}" \ > | ssh-keygen -lf - \ > | cut -d ' ' -f 2 \ > | cut -d ':' -f 2)Retrieve the official GitHub fingerprint:
root@rok-tools:~# GITHUB_OFFICIAL_FINGERPRINT=$(curl \ > -sSH "Accept: application/vnd.github.v3+json" \ > https://api.github.com/meta \ > | jq -r '.ssh_key_fingerprints | .SHA256_RSA')Cross-check the two fingerprints and make sure they are the same:
root@rok-tools:~# [[ ${GITHUB_FINGERPRINT?} == "${GITHUB_OFFICIAL_FINGERPRINT?}" ]] \ > && echo OK \ > || echo FAIL OKUpdate
known_hosts
with the SSH key from GitHub:root@rok-tools:~# echo "${GITHUB_KEY?}" >> /root/.ssh/known_hostsDecrypt the Arrikto-provided deployment key:
Fast Forward
If you have already decrypted the Arrikto-provided deployment key, expand this box to fast-forward this step.
Run:
root@rok-tools:~# cat > /root/.ssh/id_rsaCaution
This will save your Arrikto-provided deployment key unencrypted in
/root/.ssh/id_rsa
.Note
The above command will appear to hang while it is waiting for the decrypted text. Proceed to the next step to give the necessary input.
Copy the decrypted text, including the
-----BEGIN RSA PRIVATE KEY-----
and----END RSA PRIVATE KEY-----
lines.Paste the decrypted text into the terminal, including the
-----BEGIN RSA PRIVATE KEY-----
and-----END RSA PRIVATE KEY-----
lines.Press
Enter
and thenCtrl+D
to informcat
that there is no more input.You should end up with the private SSH key in
/root/.ssh/id_rsa
.Proceed to step 8.
Run:
root@rok-tools:~# gpg -d > /root/.ssh/id_rsaCaution
This will save your Arrikto-provided deployment key unencrypted in
/root/.ssh/id_rsa
.Note
The above command will appear to hang while it is waiting for the encrypted text. Proceed to the next step to give the necessary input.
Copy the encrypted text from the email, including the
-----BEGIN PGP MESSAGE-----
and-----END PGP MESSAGE-----
lines.Paste the encrypted text into the terminal, including the
-----BEGIN PGP MESSAGE-----
and-----END PGP MESSAGE-----
lines.Enter the passphrase, when
gpg
prompts you to.Press
Ctrl+D
to informgpg
that there is no more input.You should end up with the private SSH key in
/root/.ssh/id_rsa
.
Set read-only permissions for the private SSH key:
root@rok-tools:~# chmod 400 /root/.ssh/id_rsaGenerate the public SSH key based on your private key:
root@rok-tools:~# ssh-keygen -yf /root/.ssh/id_rsa > /root/.ssh/id_rsa.pubRun
keychain
to start the SSH agent and use your SSH identity:root@rok-tools:~# eval "$(keychain --eval id_rsa)" * keychain 2.8.2 ~ http://www.funtoo.org * Starting ssh-agent... * Adding 1 ssh key(s): /root/.ssh/id_rsa * ssh-add: Identities added: /root/.ssh/id_rsaSet the name that Git will use:
root@rok-tools:~# export GIT_USER_NAME=<NAME>Replace
<NAME>
with your name, for example:root@rok-tools:~# export GIT_USER_NAME="Joe Doe"Set the email that Git will use:
root@rok-tools:~# export GIT_USER_EMAIL=<EMAIL>Replace
<EMAIL>
with your email address, for example:root@rok-tools:~# export GIT_USER_EMAIL="joedoe@example.com"Configure Git to use the name and email you specified in the previous step:
root@rok-tools:~# git config --global user.name "${GIT_USER_NAME?}"root@rok-tools:~# git config --global user.email ${GIT_USER_EMAIL?}
Verify¶
Verify that you have read access to the Arrikto GitOps repository:
root@rok-tools:~# git -c core.sshCommand="ssh -o BatchMode=yes" \ > ls-remote "git@github.com:arrikto/deployments.git" > /dev/null \ > && echo OK \ > || echo FAIL OKTroubleshooting
Permission denied (publickey)
Ensure that you have run
keychain
as specified in the Procedure or the Fast Forward section of this guide.If the error persists, it means that you haven’t properly decrypted the SSH key provided by Arrikto. Rerun the Procedure of this guide.
Verify that you have configured Git with your name and email:
root@rok-tools:~# git config --global user.name Joe Doeroot@rok-tools:~# git config --global user.email joedoe@example.com
Summary¶
You have successfully configured Git in your management environment with your SSH key and identity.
What’s Next¶
The next step is to clone the GitOps repository that contains all the necessary manifests for the deployment process.