好的,所以。我正在嘗試為我們在作業中經常使用的應用程式構建一個 docker 容器,并且作為構建程序的一部分,docker 需要克隆我們公司擁有的某些私有 git 存盤庫的內容。
現在,在開始 docker 構建程序(使用 docker-compose ... )之前,我曾經擁有對這些存盤庫的完全訪問權限,這些存盤庫是通過一對公共/私有 SSH 密鑰設定的。例如,執行類似的命令
ssh -Tvvv [email protected]
生成(除其他外)輸出訊息,如“身份驗證成功(公鑰)”,我可以在本地存盤庫中使用所有常用的 git 命令(拉、推...),沒有任何問題。
在我為我們的專有應用程式啟動 docker 構建程序后,這種情況發生了變化。構建本身不成功,給出了一條錯誤訊息,如(出于隱私目的更改了確切訊息):
Failed to execute git clone --no-checkout 'ssh://[email protected]:7000/zs-payments.git'
'/srv/www/zs/payment' && cd '/srv/www/zs/payments' && git remote add composer
'[email protected]:7000/zs-payments.git' && git fetch composer
Cloning into '/srv/www/zs/payments'...
ssh: connect to host [email protected]:7000: Connection refused
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
我認為問題的“連接被拒絕”部分來自于我沒有從 Docker 容器內正確設定 SSH 密鑰身份驗證這一事實。這是一個已經在 StackOverflow 上討論過的話題,參見例如
在 docker 容器內使用 SSH 密鑰
但是,目前我對這個特定問題不感興趣!我真正的問題是,在不成功的 docker 構建程序(以及相關的“連接被拒絕”問題)之后,我根本無法訪問我公司的 git 存盤庫!例如,執行上面給出的 ssh 測驗命令 (ssh -Tvvv ...) 現在會產生一條錯誤訊息,例如(再次,出于隱私目的更改了確切訊息)
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Reading configuration data C:\\Users\\user_name/.ssh/config
debug3: Failed to open file:C:/ProgramData/ssh/ssh_config error:2
debug2: resolving "gitlab.main-company-repo.de" port 7000
debug2: ssh_connect_direct
debug1: Connecting to gitlab.main-company-repo.de [85.xxx.xx.11] port 7000.
debug3: finish_connect - ERROR: async io completed with error: 10060, io:000001EDA40D7590
debug1: connect to address 85.xxx.xx.11 port 7000: Connection timed out
ssh: connect to host gitlab.main-company-repo.de: Connection timed out
Similarly, the git commands like pull and push, which used to work perfectly fine in my local repositores before the docker build process, now give the same "connection timeout" error.
Restarting the computer does NOT fix the issue, i.e. also after restart the repositories are unavailable to me. One thing that DID help (for a while) was switching to another network. After switching from the WLAN network that I initially used to the Internet from my mobile service provider (by means of USB-Tethering), the problem was gone for a bit and I could access the repositories again. But after doing the docker build again (which ends with the same error message), the same "connection timeout" thing happens with the "mobile phone Internet" and the repositories are unavailable to me on both networks.
Does anyone have any idea what might be happening here? In another words, how can an unsuccessful git login attempt (with SSH keys) from within a Docker container result in me being "locked out" of all (previously available) repos, and in a such a way that restarting the machine does not help (but switching to another network does)? Is this maybe some sort of a firewall issue, where my login attempts to git have been marked as potential threats?
Any hints and/or suggestions on what might be going on here would be very welcome! And in the case it might be important, this all happens on a Windows 10 machine.
Also (I just remembered this), running the ping command on the problematic repository, i.e.
ping 85.xxx.xx.11 7000
gives the error message
ping: sendmsg: Network is unreachable
The ping command was run on a WSL-based Ubuntu from within Windows. Again, any help in this regard would be greatly appreciated!
uj5u.com熱心網友回復:
問題最終以一種有點出乎意料的方式解決了。在我發布這個問題后不久,公司的其他人開始遇到類似的問題,他們的 git 命令以相同的“連接超時”錯誤訊息結尾。這似乎只影響使用靜態 IP 地址的用戶,也發生在那些使用沒有使用任何型別的 docker 容器構建。
事實證明(或者至少我被告知)git firewall 將我們的 IP 地址列入黑名單,將我們的訪問嘗試指定為潛在威脅。公司負責這些事情的人已經設法將我們的IP從黑名單中洗掉,從那時起一切都在順利進行。我們仍然不知道為什么會發生這種情況,以及 git 在將我們的活動指定為“不需要的”時使用了什么樣的標準。如果將來有更多關于此的資訊,我會在此處發布,以便其他人可以避免類似情況。
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/341656.html