Question regarding the git LWRP


#1

Hey Guys,

Recently I started messing around with Chef and have been working on putting together a set of recipes to deploy applications from a private Git repository (currently using Bitbucket). I have created one recipe that will create a deployment user, generate a private/public key pair, and make an API request to bitbucket to register the key as a deployment key. I then have the application specific recipes that will clone from the private repository, compile, and install the application.

I am having an issue with cloning from the private repository with Chef. The chef “git” LWRP allows me to specify a “user” attribute, but it does not seem to be working the way I think It does. I was expect this “user” attribute to be the username on the machine that will execute the “git clone” command (therefor using the private ssh key installed previously). Here’s how I am doing this:

configure bitbucket

node.override[‘bitbucket-deploy’][‘deploy_username’] = "deploy-app1"
node.override[‘bitbucket-deploy’][‘bitbucket_account’] = "xxxxx"
node.override[‘bitbucket-deploy’][‘bitbucket_username’] = "xxxxx"
node.override[‘bitbucket-deploy’][‘bitbucket_password’] = "xxxxx"
node.override[‘bitbucket-deploy’][‘bitbucket_repository’] = “app1”

install recipes

NOTE: the bitbucket-deploy recipe will create the deploy user, create a private/public SSH key pair, and register the public key as a deploy key with bitbucket.

include_recipe(“bitbucket-deploy”)
include_recipe(“golang”)
include_recipe(“supervisor”)

create dirs

directory “#{node[‘go’][‘gopath’]}/src/bitbucket.org/xxxxx/app1” do
user node[‘bitbucket-deploy’][‘deploy_username’]
mode 0755
recursive true
end

clone app1 source

git “#{node[‘go’][‘gopath’]}/src/bitbucket.org/xxxxx/app1” do
user node[‘bitbucket-deploy’][‘deploy_username’]
repository node[‘xxxxx’][‘git_repository’]
reference node[‘xxxxx’][‘git_revision’]
action :sync
end

When chef executes this recipe it fails with:

Permission denied (publickey). fatal: The remote end hung up unexpectedly

If I manually SSH into the machine as the deploy user and perform a “git clone” myself it works perfectly. It seems like chef is not using the user I specify in the “user” attribute of the LWRP. I know the LWRP is compiling with the correct attributes:

Compiled Resource:

Declared in /var/chef/cache/cookbooks/xxxxx/recipes/default.rb:30:in `from_file’

git("/opt/go/src/bitbucket.org/xxxxx/app1") do
provider Chef::Provider::Git
action [:sync]
retries 0
retry_delay 2
destination "/opt/go/src/bitbucket.org/xxxxx/app1"
revision "HEAD"
remote "origin"
cookbook_name "xxxxx"
recipe_name "default"
user "deploy-app1"
repository "git@bitbucket.org:xxxxx/app1.git"
end

Am I doing something wrong here? Did I misunderstand the meaning of the “user” attribute?

Thanks!


Juan Villa