Dockerfile: Permission denied during build when running ssh-agent on /tmp

Question

So I'm trying to create an image, which adds a SSH private key to /tmp, runs ssh-agent on it, does a git clone and then deletes the key again.

This is the idea I'm trying to accomplish

Dockerfile:

FROM node:4.2.4
MAINTAINER Me

CMD ["/bin/bash"]

ENV GIT_SSL_NO_VERIFY=1
ENV https_proxy="httpsproxy"
ENV http_proxy="httpproxy"
ENV no_proxy="exceptions"

ADD projectfolder/key /tmp/
RUN ssh-agent /tmp

WORKDIR /usr/src/app

RUN git clone git@gitlab.private.address:something/target.git

RUN rm /tmp/key

WORKDIR /usr/src/app/target

RUN npm install

EXPOSE 3001

Now the problem lies within the build-process. I use the following command to build:

docker build -t samprog/targetimage:4.2.4 -f projectfolder/dockerfile .

The layers up to "ADD projectfolder/key /tmp/" work just fine, though the "RUN ssh-agent /tmp" layer doesn't want to cooperate.

Error code:

Step 9 : RUN ssh-agent /tmp/temp
 ---> Running in d2ed7c8870ae
/tmp: Permission denied
The command '/bin/sh -c ssh-agent /tmp' returned a non-zero code: 1

Any ideas? Since I thought it was a permission issue, where the directory was already created by the parent image, I created a /tmp/temp and put the key in there. Doesn't work either, same error.

I'm using Docker version 1.10.3 on SLES12 SP1

Answer 1

I had the same issue while executing any bash command when building my Dockerfile. I solved by adding RUN chmod -R 777 ./ like suggested in the answer of this question. I think this is a workaround, I'm not sure why docker in ubuntu has permission issues when building a container.

Answer 2

I have faced with the same problem with maven:3-alpine. It was solved when I properly installed openssh-client:

RUN apk --update add openssh-client

Then copied keys with known hosts to the image:

ADD id_rsa /root/.ssh/
ADD id_rsa.pub /root/.ssh/
ADD known_hosts /root/.ssh/

And ran git clone command inline (with ssh-agent and ssh-add):

RUN eval $(ssh-agent -s) \
  && ssh-add \
  && git clone ssh://git@private.address:port/project/project.git

Complete docker file:

FROM maven:3-alpine
RUN apk update
RUN apk add python
RUN apk add ansible
RUN apk add git
RUN apk --update add openssh-client

ADD id_rsa /root/.ssh/
ADD id_rsa.pub /root/.ssh/
ADD known_hosts /root/.ssh/

RUN eval $(ssh-agent -s) \
  && ssh-add \
  && git clone ssh://git@private.address:port/project/project.git

ADD hosts /etc/ansible/hosts
RUN ansible all -m ping --ask-pass

Answer 3

I did it. What I did is, I got rid of ssh-agent. I simply copied the ~/.ssh- directory of my docker-host into the /root/.ssh of the image and it worked.

Do not use the ~ though, copy the ~/.ssh-directory inside the projectfolder first and then with the dockerfile inside the container.

Final dockerfile looked as follows:

FROM node:4.2.4
MAINTAINER me

CMD["/bin/bash"]

ENV GIT_SSL_NO_VERIFY=1
ENV https_proxy="httpsproxy"
ENV http_proxy="httpproxy"
ENV no_proxy="exceptions"

ADD projectfolder/.ssh /root/.ssh

WORKDIR /usr/src/app

RUN git clone git@gitlab.private.address:something/target.git

RUN rm -r /root/.ssh

WORKDIR /urs/src/app/target

RUN npm set registry http://local-npm-registry
RUN npm install

EXPOSE 3001

The dockerfile still has to be improved on efficiency and stuff, but it works! Eureka!

The image now has to be squashed and it should be safe to use, though we only use it in our local registry.