Docker Community Forums

Share and learn in the Docker community.

Git clone ssh inside docker container

Hi,

on an host VM, two docker-compose stacks are deployed.
stack A is for gitlab
stack B is for ansible tower (AWX)

Each stack has in its own bridge network

My problem is :
on VM :
ping gitlab.domain.name => OK immediately
git clone ssh://****@gitlab.domain.name => OK

on VM, inside awx-task container :
ping gitlab.domain.name => OK after at least 10 seconds
git clone ssh://****@gitlab.domain.name => NOT OK : No route to host

I don’t know why ? Does anybody have an idea ?

Thanks in advance

Rachel

It’s a harder problem if you need to use SSH at build time. For example if you’re using git clone, or in my case pip and npm to download from a private repository.

The solution I found is to add your keys using the --build-arg flag. Then you can use the new experimental --squash command (added 1.13) to merge the layers so that the keys are no longer available after removal. Here’s my solution:

Build command

docker build -t example --build-arg ssh_prv_key="(cat ~/.ssh/id_rsa)" --build-arg ssh_pub_key="$(cat ~/.ssh/id_rsa.pub)" --squash .
Dockerfile

FROM python:3.6-slim

ARG ssh_prv_key
ARG ssh_pub_key

RUN apt-get update &&
apt-get install -y
git
openssh-server
libmysqlclient-dev

Authorize SSH Host

RUN mkdir -p /root/.ssh &&
chmod 0700 /root/.ssh &&
ssh-keyscan github.com > /root/.ssh/known_hosts

Add the keys and set permissions

RUN echo “$ssh_prv_key” > /root/.ssh/id_rsa &&
echo “$ssh_pub_key” > /root/.ssh/id_rsa.pub &&
chmod 600 /root/.ssh/id_rsa &&
chmod 600 /root/.ssh/id_rsa.pub

Avoid cache purge by adding requirements first

ADD ./requirements.txt /app/requirements.txt

WORKDIR /app/

RUN pip install -r requirements.txt

Remove SSH keys

RUN rm -rf /root/.ssh/

Add the rest of the files

ADD . .

CMD python manage.py runserver