One step in my cloud build is to copy files from a VM in another project. After a series of problems, I've set up the service account access, and can successfully do this scp from my own workstation. However, in cloud build itself, I get this error on this step:
2022-08-03 22:21:32.170 EDTStep #4 - "Copy in static images": Failed to add the host to the list of known hosts (/builder/home/.ssh/google_compute_known_hosts).
The step runs a shell script. The pertinent part does this:
args:
- '-c'
- ./auto-image-xfer.sh
id: Copy in static images
entrypoint: bash
The shell script does this:
gcloud compute scp --recurse user@vmname:/path/to/images ./destination --zone us-central1-a --ssh-key-file=./google_compute_engine --project "projectname"
Again, I hasten to add that I worked out a series of service account issues that originally prevented my ssh key from working prior to this, so I think it's just down to not being able to write the known_hosts file.
I looked into the -o ssh options to specify an alternative known hosts file, but these aren't valid for the gcloud compute scp command, and can't seem to be passed through with the scp-flags option.
I'm wondering if I need a custom builder for this, or is there an easier solution I'm overlooking?
This stack overflow post was very informative: Using SSH keys with Google Container Builder
As was this documentation item about using ssh to access github from within a build: https://cloud.google.com/build/docs/access-github-from-build
It turned out it was necessary to get the known hosts file into the build.
My solution was cribbed from one of the stack overflow comments. I added this step:
- name: gcr.io/google.com/cloudsdktool/cloud-sdk
args:
- '-c'
- ./copy-known-hosts.sh
id: Copy in known hosts
entrypoint: sh
The shell script does this:
exitfn () {
trap SIGINT
rm ./google_compute_*
}
trap "exitfn" INT
gcloud secrets versions access 1 --secret=known-hosts > google_compute_known_hosts
mkdir -p /builder/home/.ssh
cp ./google_compute_known_hosts /builder/home/.ssh/google_compute_known_hosts
chmod 400 /builder/home/.ssh
exitfn