compose: Host Key Validation failure for `docker-compose`, but not `docker`.

Context:

docker-compose version 1.6.0, build d99cad6
docker-py version: 1.7.0
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013

Problem:

I’m trying to pull down a context from my private Github repository, and keep running into this error:

ERROR: compose.cli.main.main: Error trying to use git: exit status 128 (Cloning into '/var/lib/docker/tmp/docker-build-git991276936'...
Host key verification failed.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
)

When I run docker-compose -v up I get this:

compose.cli.verbose_proxy.proxy_callable: docker containers <- (all=True, filters={u'label': [u'com.docker.compose.project=apiccomposed', u'com.docker.compose.service=eula_server', u'com.docker.compose.oneoff=False']})
compose.cli.verbose_proxy.proxy_callable: docker containers -> (list with 0 items)
compose.service.execute_convergence_plan: apiccomposed_redis_1 is up-to-date
compose.cli.verbose_proxy.proxy_callable: docker inspect_image <- (u'apiccomposed_eula_server')
compose.service.build: Building eula_server
compose.cli.verbose_proxy.proxy_callable: docker build <- (pull=False, stream=True, nocache=False, tag=u'apiccomposed_eula_server', buildargs=None, rm=True, forcerm=False, path='git@github.ibm.com:apimesh/apimc-eula-server.git#docker', dockerfile='./EULA_Dockerfile')
docker.api.build._set_auth_headers: Looking for auth config
docker.api.build._set_auth_headers: No auth config in memory - loading from filesystem
docker.auth.auth.load_config: File doesn't exist
docker.api.build._set_auth_headers: No auth config found
compose.cli.verbose_proxy.proxy_callable: docker build -> <generator object _stream_helper at 0x7f5dc2602e10>

I assume it’s because it can’t find the auth config.

The docker-compose.yml:

version: '2' 
services:
  application:
    build:
      context: 'git@github.xxx.xxx.com:apimesh/application.git'
      dockerfile: ./APP_Dockerfile

This works when I do docker build git@github.xxx.xxx.com:apimesh/application.git

About this issue

Original URL
State: closed
Created 8 years ago
Reactions: 7
Comments: 15

Commits related to this issue

Clone the repo directly in the build-manager because docker-compose is unable to clone a private repo: https://github.com/docker/compose/issues/2856 — committed to jdmichaud/build-manager by jdmichaud 6 years ago

Most upvoted comments

After playing with this for a while, I believe I see the problem.

When running docker build, the git clone happens locally, using this code. The build context is passed to the daemon as a tarball.

When running docker-compose build, the git clone happens in the docker daemon, using this code. A remote parameter is passed and the daemon attempts to clone the repo and create the build context.

The code that is eventually run is the same (cloning the repo). The difference is the environment it is run in: for docker it is local, for docker-compose it is the docker-machine VM (or wherever the daemon is running).

I am not sure why in some instances the error is Could not read from remote repository and in other instances is Host key verification failed.

Nevertheless, the issue seems to be that docker-py (used by docker-compose) performs the build using the daemon instead of using the same method as docker. See here.

+11

apeace on Mar 8, 2016

This is a problem for me too. Any advice on how to handle it?

FWIW I found that specifying my github username and an API token in the repo URL worked:

# docker-compose.yml
version: '2'
services:
  example-service:
    build:
      context: "https://${GITHUB_USERNAME}:${GITHUB_AUTH_TOKEN}@github.com/org/repo.git"

wmadden on Mar 24, 2016

By default, Atlassian’s BitBucket (edit: self hosted version) SSH daemon runs on port 7999

it would be great if a custom ssh port could be specified for a git address. Doing a git clone on client side or configuring port forwarding, yes, are workarounds, but far from ideal in my opinion

nmors on Mar 16, 2017