stackoom
  简体   繁体   中英

SSH error when trying to deploy to Digital Ocean via Gitlab CI/CD

 原文  2021-01-12 21:16:35       node.js/ shell/ express/ gitlab/ gitlab-ci-runner

Question

Good Evening, I am trying to deploy to Digital Ocean via a Gitlab CI/CD pipeline, but when I run the pipeline I get a: "chmod: /root/.ssh/id_rsa: No such file or directory $ chmod og= ~/.ssh/id_rsa Cleaning up file based variables 00:00 ERROR: Job failed: exit code 1".

For some reason its not using the user that I have made for deployment, and is using the root, but when I use the cat command to view the ssh key in my server it shows in both root and deployer user. The below is my.yml file. 

 before_script: - echo $PATH - pwd - whoami - mkdir -p ~/.ssh - cd ~/.ssh - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > id_rsa - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > id_rsa.pub - chmod 700 id_rsa id_rsa.pub - cp id_rsa.pub authorized_keys - cp id_rsa.pub known_hosts - ls -ld * - cd - stages: - build - publish - deploy variables: TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA build: image: node:latest stage: build script: - npm install - echo "ACCOUNT_SID=$ACCOUNT_SID" >>.env - echo "AUTH_TOKEN=$AUTH_TOKEN" >>.env - echo "API_KEY=$API_KEY" >>.env - echo "API_SECRET=$API_SECRET" >>.env - echo "PHONE_NUMBER=$PHONE_NUMBER" >>.env - echo "sengrid_api=$sengrid_api" >>.env publish: image: docker:latest stage: publish services: - docker:dind script: - docker build. -t $TAG_COMMIT -t $TAG_LATEST - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - docker push $TAG_COMMIT - docker push $TAG_LATEST deploy: image: alpine:latest stage: deploy tags: - deployment script: - whoami - uname -a - echo "user $SERVER_USER" - echo "ip $SERVER_IP" - echo "id_rsa $ID_RSA" - (which ifconfig) || (apt install.net-tools) - /sbin/ifconfig - touch blah - find. - apk update && apk add openssh-client - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT" environment: name: production url: http://167.172.225.124 only: - master

2 answers

solution1
 1  2021-01-13 06:35:46

After hours of work and errors:

cat id_rsa.pub >> authorized_keys: fixed the permission denied (public key,password) error ssh-keyscan gitlab.com >> authorized_keys: This key fixed connection refused error. The below is the final.yml file that works. 

 # ssh-keyscan gitlab.com >> authorized_keys: use this command to add gitlab ssh keys to sever. Run on server terminal # cat id_rsa.pub >> authorized_keys Run this command on the sever on the terminal. # Both COMMANDS ABOVE ARE necessary. stages: - build - publish - deploy variables: TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA build: image: node:latest stage: build script: - npm install - echo "ACCOUNT_SID=$ACCOUNT_SID" >>.env - echo "AUTH_TOKEN=$AUTH_TOKEN" >>.env - echo "API_KEY=$API_KEY" >>.env - echo "API_SECRET=$API_SECRET" >>.env - echo "PHONE_NUMBER=$PHONE_NUMBER" >>.env - echo "sengrid_api=$sengrid_api" >>.env publish: image: docker:latest stage: publish services: - docker:dind script: - docker build. -t $TAG_COMMIT -t $TAG_LATEST - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - docker push $TAG_COMMIT - docker push $TAG_LATEST deploy: image: ubuntu:latest stage: deploy tags: - deployment before_script: ## ## Install ssh-agent if not already installed, it is required by Docker. ## (change apt-get to yum if you use an RPM-based image) ## - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )' ## ## Run ssh-agent (inside the build environment) ## - eval $(ssh-agent -s) ## ## Create the SSH directory and give it the right permissions ## - mkdir -p ~/.ssh - chmod 700 ~/.ssh ## ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store ## We're using tr to fix line endings which makes ed25519 keys work ## without extra base64 encoding. ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556 ## - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > ~/.ssh/id_rsa.pub - chmod 600 ~/.ssh/* - chmod 644 ~/.ssh/*.pub - ssh-add ## ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com ## with your own domain name. You can copy and repeat that command if you have ## more than one server to connect to. ## - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - ls -ld ~/.ssh/* - cat ~/.ssh/* ## ## Alternatively, assuming you created the SSH_SERVER_HOSTKEYS variable ## previously, uncomment the following two lines instead. ## #- echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts' #- chmod 644 ~/.ssh/known_hosts ## ## You can optionally disable host key checking. Be aware that by adding that ## you are suspectible to man-in-the-middle attacks. ## WARNING: Use this only with the Docker executor, if you use it with shell ## you will overwrite your user's SSH config. ## #- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' ## ## Optionally, if you will be using any Git commands, set the user name and ## email. ## script: - ssh -v -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT" environment: name: production url: http://167.172.225.124 only: - master

solution2
 0 ACCPTED  2021-01-12 22:08:12

The prerequisites of the DigitalOcean tutorial you are following include a sudo non-root user, and a user account on a GitLab instance with an enabled container registry.

The gitlab-runner service installed through script.deb.sh should need a non-root user's password to proceed.

And it involves creating a user that is dedicated for the deployment task, with a CI/CD pipeline configured later to log in to the server with that user.

That means the gitlab-ci is not supposed to be executed by root , which is not involved at any stage.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Docker container exits with code 2 with deploying node app to Digital Ocean via Gitlab CI/CD pipeline "docker pull" requires exactly 1 argument error when using Gitlab Runner to deploy to Digital Ocean Gitlab ssh configuration for CI/CD Gitlab CI/CD pipeline giving Dockerfile error Gitlab CI/CD hangs when committing changes How to deploy staging in Google Cloud Platform with Kubernetes and Gitlab CI/CD? Gitlab CI/CD - deploy node application on Azure Linux WebApp Error loading key "/dev/fd/63: Error when trigger the CI/CD in Gitlab Unable to deploy nuxt on digital ocean Setup Gitlab CI/CD environment variables via UI
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM