1

Problem: How can I copy a file from the host to the container from inside the running container?

TL;TR:

Idea: I am using a gitlab server and I want to use Gitlab-ci in order to
1. test the commits
2. gather all the source files in a .tar
3. and finally deploy them to another server

Current Status: I have the previous 3 jobs defined in my .gitlab-ci.yml. 1 and 2 work just fine, but rsync throws a "Host key verification failed." error of course. Here is my "thinned out" version of my .gitlab-ci.yml file:

image: alpine

stages:
  - test
  - package
  - deploy

test:
  stage: test
  script: bla bla testing bla bla

package:
  stage: package
  script: tar -cvf source.tar htdocs    

deploy:
  stage: deploy
  before_script:
  - apk update
  - apk add rsync openssh
  script:
   - rsync -vuar source.tar [email protected]:/home/servadmin/transfer

I have no access to these containers other than this .yml file so I really need to find a way to copy the public key from the host to the container, but I have to do that from inside the container. Or I could use multi-runners etc etc but I am new to ci and I could avoid that for the moment

Improve this question
3
  • Did you try to create a custom image for gitlab runner with public key present? Commented Oct 28, 2016 at 16:50
  • 2
    Could you mount the key into the container as a volume? Being able to copy arbitrary files from the host into a container would be a huge security risk. Commented Oct 28, 2016 at 18:17
  • I used COPY instead of VOLUME. Would that be a security risk too? Commented Oct 31, 2016 at 15:08

1 Answer 1

Reset to default
1

I found a workaround inspired by the comments above and an example I found somewhere I can't recall:
1. Dockerfile:

FROM alpine
COPY id_rsa /root/.ssh/
  1. .gitlab-ci.yml (changes only for 'deploy' job):

. 

deploy:
  stage: deploy
    before_script:
      - apk update
      - apk add rsync openssh
      - mkdir -p /root/.ssh
      - eval "$(ssh-agent -s)"
      - echo "    IdentityFile ~/.ssh/id_rsa" >> /etc/ssh/ssh_config

      # install ssh-agent
      - 'which ssh-agent || ( apk update -y && apk add openssh-client -y )'

      # run ssh-agent
      - eval $(ssh-agent -s)

      #copy key to file
      - cp /root/.ssh/id_rsa ./key.file
      - chmod 600 ./key.file

      # add ssh key stored in SSH_PRIVATE_KEY variable to the agent store
      - ssh-add ./key.file

      # disable host key checking (NOTE: makes you susceptible to man-in-the-middle attacks)
      # WARNING: use only in docker container, if you use it with shell you will overwrite your user's ssh config
      - mkdir -p ~/.ssh
      - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'

      script:
       - rsync -arvvvce "ssh -o StrictHostKeyChecking=no" source.tar [email protected]:/home/servadmin/transfer

I guess -arvvvce "ssh -o StrictHostKeyChecking=no" can be replaced with -vuar but not tested.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.