search

coder / modules

A collection of Terraform Modules to extend Coder templates.
https://registry.coder.com
Apache License 2.0
33 stars 33 forks source link

Cloning with SSH URLs fail for new workspaces using git_clone module. #268

Open pachori-ujjwal opened 4 months ago

pachori-ujjwal commented 4 months ago

Description

The git_clone module fails to clone a repository on workspace startup if the workspace does not contain a .ssh/known_hosts with an entry of the git provider that is being used to clone with repository from.

The module gives a misleading error stating "Host key verification failed" and asks the user to add the keys to Github/Gitlab.

Versions

git_clone module: 1.0.12 coder: v2.12.3+534d4ea

dydhyhwu commented 1 month ago

I also encountered the same problem

dydhyhwu commented 1 month ago

it works for me:

resource "coder_agent" "main" {
  env = {
    GIT_SSH_COMMAND      = "coder gitssh -- -o StrictHostKeyChecking=no"
  }
}
djarbz commented 4 weeks ago

I have a bit of a hacky way of dealing with this. I had to do it this way because not all containers have ssh-keyscan installed.

locals {
  repo_host = try(one(regex("^(?:https?:\\/\\/)?(?:[^@\\/\\n]+@)?(?:www\\.)?([^:\\/\\n]+)", data.coder_parameter.repo.value)), "")
}

# 1) Scan for the ssh-key from the Coder host.
resource "null_resource" "repo_host_key" {
  triggers = {
    filefound = fileexists("${local.repo_host}.hostkey") ? 0 : 1
    timestamp = timestamp()
  }
  provisioner "local-exec" {
    command = "ssh-keyscan -t rsa ${local.repo_host} > ${local.repo_host}.hostkey"
    interpreter = ["/bin/bash", "-c"]
  }
}

# 2) Read the ssh-key from the coder host.
data "local_file" "known_hosts" {
  depends_on  = [null_resource.repo_host_key]
  filename    = "${local.repo_host}.hostkey"
}

# 3) Write the ssh-key into the dev environment.
resource "coder_script" "known_hosts" {
  agent_id            = coder_agent.main.id
  display_name        = "Known Hosts"
  icon                = "${data.coder_workspace.me.access_url}/icon/memory.svg"
  run_on_start        = true
  start_blocks_login  = true
  timeout             = 180
  script              = <<-EOT
                        set -euo pipefail

                        if test -z "${data.coder_parameter.repo.value}"; then
                          echo "No git repo specified, skipping"
                        else
                          echo "Adding repo to known hosts"
                          mkdir -p ~/.ssh

                          # Check if the content already exists in known_hosts
                          if ! grep -q "${data.local_file.known_hosts.content}" ~/.ssh/known_hosts; then
                            echo "${data.local_file.known_hosts.content}" >> ~/.ssh/known_hosts
                            echo "${local.repo_host} added to known_hosts"
                          else
                            echo "${local.repo_host} already exists in known_hosts, skipping"
                          fi
                        fi
                        EOT
}