[英]Capistrano Deploy Failing on git:check - Permission denied (publickey)
本地操作系統:Windows 10 Pro(使用 Git Bash 作為我的終端)
暫存服務器操作系統:Ubuntu 16.04 LTS
我一直在努力讓基本的 Capistrano 部署在我的登台服務器上工作。 我按照本指南設置了 Capistrano。
部署過程總是在git:check
階段失敗,因為據稱無權訪問我在 GitLab 上的存儲庫。 我確信我的 SSH 代理轉發工作正常,因為我能夠通過 SSH 連接到我的服務器並使用我的 SSH 密鑰訪問 GitLab。 SSH 密鑰未存儲在我服務器上的任何位置:
$ ssh deploy@myserver.com
deploy@MyServer:~$ ssh -T git@gitlab.com
debug1: client_input_channel_open: ctype auth-agent@openssh.com rchan 2 win 65536 max 16384
debug1: channel 1: new [authentication agent connection]
debug1: confirm auth-agent@openssh.com
Welcome to GitLab, Alexander!debug1: channel 1: FORCE input drain
到目前為止,關於這個問題的所有問題都沒有對我有用。
這是我的部署文件:
部署文件
set :application, "myapp"
set :branch, "master"
set :repo_url, "git@gitlab.com:MyApp/myapp.git"
# Defaults to false
# Skip migration if files in db/migrate were not modified
set :conditionally_migrate, true
set :ssh_options, { forward_agent: true }
set :rvm_ruby_version, '2.2.6'
# Default deploy_to directory is /var/www/my_app_name
set :deploy_to, "/var/www/#{fetch(:application)}/"
set :deploy_user, "deploy"
# Tells Capistrano to store config/database.yml file inside a directory called /shared, which is meant for any files
# we want to persist between deploys
set :linked_files, fetch(:linked_files, []).push('config/database.yml', 'config/secrets.yml')
# Directories that are meant to persist between deploys, and they will also be stored inside /shared
set :linked_dirs, fetch(:linked_dirs, []).push('bin', 'log', 'tmp/pids', 'tmp/cache', 'tmp/sockets', 'vendor/bundle', 'public/system', 'public/uploads')
# The specs that should be run before deployment is allowed to continue
set :tests, []
# Delayed Job Config: https://github.com/AgileConsultingLLC/capistrano3-delayed-job
set :delayed_job_workers, 3
# Keep the last 5 deploys for rollback purposes
set :keep_releases, 5
namespace :deploy do
after :restart, :clear_cache do
on roles(:web), in: :groups, limit: 3, wait: 10 do
# Here we can do anything such as:
# within release_path do
# execute :rake, 'cache:clear'
# end
end
end
end
分期文件
set :stage, :staging
set :rails_env, :staging
role :app, %w{deploy@myserver.com}
role :web, %w{deploy@myserver.com}
role :db, %w{deploy@myserver.com}
這是我部署時的 Capistrano 調試日志:
$ bundle exec cap staging deploy --trace
** Invoke staging (first_time)
** Execute staging
** Invoke load:defaults (first_time)
** Execute load:defaults
** Invoke rvm:hook (first_time)
** Invoke passenger:rvm:hook (first_time)
** Invoke passenger:test_which_passenger (first_time)
** Execute passenger:test_which_passenger
** Execute passenger:rvm:hook
** Execute rvm:hook
** Invoke rvm:check (first_time)
** Execute rvm:check
rvm 1.29.3 (latest) by Michal Papis, Piotr Kuczynski, Wayne E. Seguin [https://rvm.io]
ruby-2.2.6
ruby 2.2.6p396 (2016-11-15 revision 56800) [x86_64-linux]
** Invoke bundler:map_bins (first_time)
** Invoke passenger:bundler:hook (first_time)
** Execute passenger:bundler:hook
** Execute bundler:map_bins
** Invoke deploy:set_rails_env (first_time)
** Execute deploy:set_rails_env
** Invoke deploy:set_linked_dirs (first_time)
** Execute deploy:set_linked_dirs
** Invoke deploy:set_rails_env
** Invoke deploy (first_time)
** Execute deploy
** Invoke deploy:starting (first_time)
** Execute deploy:starting
** Invoke deploy:check (first_time)
** Invoke git:check (first_time)
** Invoke git:wrapper (first_time)
** Execute git:wrapper
00:00 git:wrapper
01 mkdir -p /tmp
✔ 01 deploy@myserver.com 0.286s
Uploading /tmp/git-ssh-myapp-staging-localuser.sh 100.0%
02 chmod 700 /tmp/git-ssh-myapp-staging-localuser.sh
✔ 02 deploy@myserver.com 0.277s
** Execute git:check
00:01 git:check
01 git ls-remote git@gitlab.com:MyApp/myapp.git HEAD
01 Permission denied (publickey).
01 fatal: Could not read from remote repository.
01
01 Please make sure you have the correct access rights
01 and the repository exists.
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as deploy@myserver.com: git exit status: 128
git stdout: Nothing written
git stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/runners/parallel.rb:15:in `rescue in block (2 levels) in execute'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/runners/parallel.rb:11:in `block (2 levels) in execute'
Caused by:
SSHKit::Command::Failed: git exit status: 128
git stdout: Nothing written
git stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/command.rb:99:in `exit_status='
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/netssh.rb:169:in `execute_command'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/abstract.rb:141:in `block in create_command_and_execute'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/abstract.rb:141:in `tap'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/abstract.rb:141:in `create_command_and_execute'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/abstract.rb:74:in `execute'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/capistrano-3.10.1/lib/capistrano/scm/git.rb:77:in `git'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/capistrano-3.10.1/lib/capistrano/scm/git.rb:38:in `check_repo_is_reachable'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/capistrano-3.10.1/lib/capistrano/scm/tasks/git.rake:19:in `block (4 levels) in eval_rakefile'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/abstract.rb:93:in `with'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/capistrano-3.10.1/lib/capistrano/scm/tasks/git.rake:18:in `block (3 levels) in eval_rakefile'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/abstract.rb:29:in `instance_exec'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/backends/abstract.rb:29:in `run'
C:/Ruby22/lib/ruby/gems/2.2.0/gems/sshkit-1.15.1/lib/sshkit/runners/parallel.rb:12:in `block (2 levels) in execute'
Tasks: TOP => deploy:check => git:check
The deploy has failed with an error: Exception while executing as deploy@myserver.com: git exit status: 128
git stdout: Nothing written
git stderr: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
** Invoke deploy:failed (first_time)
** Execute deploy:failed
** DEPLOY FAILED
** Refer to log/capistrano.log for details. Here are the last 20 lines:
DEBUG [6b6ba2d0] Finished in 0.471 seconds with exit status 0 (successful).
DEBUG [c6e2d7dc] Running ~/.rvm/bin/rvm 2.2.6 do ruby --version as deploy@myserver.com
DEBUG [c6e2d7dc] Command: ~/.rvm/bin/rvm 2.2.6 do ruby --version
DEBUG [c6e2d7dc] ruby 2.2.6p396 (2016-11-15 revision 56800) [x86_64-linux]
DEBUG [c6e2d7dc] Finished in 0.608 seconds with exit status 0 (successful).
INFO [fd5500a8] Running /usr/bin/env mkdir -p /tmp as deploy@myserver.com
DEBUG [fd5500a8] Command: /usr/bin/env mkdir -p /tmp
INFO [fd5500a8] Finished in 0.286 seconds with exit status 0 (successful).
DEBUG Uploading /tmp/git-ssh-myapp-staging-localuser.sh 0.0%
INFO Uploading /tmp/git-ssh-myapp-staging-localuser.sh 100.0%
INFO [f33d4873] Running /usr/bin/env chmod 700 /tmp/git-ssh-myapp-staging-localuser.sh as deploy@myserver.com
DEBUG [f33d4873] Command: /usr/bin/env chmod 700 /tmp/git-ssh-myapp-staging-localuser.sh
INFO [f33d4873] Finished in 0.277 seconds with exit status 0 (successful).
INFO [86d3cd5a] Running /usr/bin/env git ls-remote git@gitlab.com:MyApp/myapp.git HEAD as deploy@myserver.com
DEBUG [86d3cd5a] Command: ( export GIT_ASKPASS="/bin/echo" GIT_SSH="/tmp/git-ssh-myapp-staging-localuser.sh" ; /usr/bin/env git ls-remote git@gitlab.com:MyApp/myapp.git HEAD )
DEBUG [86d3cd5a] Permission denied (publickey).
DEBUG [86d3cd5a] fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
我嘗試手動運行 Capistrano 在本地和遠程服務器上嘗試的命令,它們都成功了。 我真的被困住了,任何幫助將不勝感激!
感謝所有回答的人,我已經設法找到了解決方案! 罪魁禍首是 Git Bash,無論出於何種原因,當我運行chmod 700 ~/.ssh
時,它並沒有將我的~/.ssh
目錄的權限更改為 0700。 這阻止了 SSH 代理轉發在 Capistrano 部署時工作,但在我手動通過 SSH 連接到我的服務器時不會工作。 我決定嘗試在 Windows (BUW) 上的 Ubuntu 上使用 Bash 而不是 Git Bash,果然,我的部署成功了! 我將完全相同的配置和密鑰從 Git Bash 復制到 BUW。 唯一的區別是我能夠將 BUW 的~/.ssh
目錄的權限更改為 0700。話雖如此,這是我的問題的解決方案:
1. 創建部署密鑰並將其添加到 GitLab
正如@Onur 和@grizzthedj 以及@Gokul M 所指出的,我需要為 GitLab 創建一個部署密鑰並在我的服務器上對其進行授權。 這是我如何做到的:
ssh-keygen -t rsa -b 4096
cat ~/.ssh/id_rsa.pub
~/.ssh/authorized_keys
的末尾2.使用BUW代替Git Bash
~/.ssh
的權限: chmod 700 ~/.ssh
啟動 SSH 代理並將我的部署密鑰添加到其中:
eval $(ssh-agent -s) ssh-add ~/.ssh/id_rsa
我已經從我的deploy.rb文件中刪除了set :ssh_options
行,因為沒有它它也能正常工作。
就是這樣! 從現在開始,我似乎將使用 BUW 進行部署。
按照以下步驟將您的公鑰添加到您的存儲庫設置中的部署密鑰列表中:
本地機器設置:
檢查您的本地系統是否有~/.ssh/id_rsa.pub
密鑰文件。 如果沒有,請創建一個新的:
$ ssh-keygen -t rsa
將新創建的公鑰~/.ssh/id_rsa.pub
到設置中存儲庫的部署(訪問)密鑰:
將密鑰加載到ssh-agent
:
檢查ssh-agent
是否正在運行,如果沒有,啟動 ssh 代理
$ ssh-agent /bin/bash
將id_rsa
密鑰添加到代理:
$ ssh-add ~/.ssh/id_rsa
注意:有時,如果您在部署期間收到“拒絕訪問存儲庫”錯誤,則需要在每次部署之前完成此步驟(步驟 - 3)。
將您的本地 SSH Key 添加到部署服務器 Authorized Keys 文件中(記住將端口號替換為您自定義的端口號):
$ cat ~/.ssh/id_rsa.pub | ssh -p port_num user@server_ip 'cat >> ~/.ssh/authorized_keys'
參考: https : //www.digitalocean.com/community/tutorials/deploying-a-rails-app-on-ubuntu-14-04-with-capistrano-nginx-and-puma
部署文件
嘗試改變ssh_options
在deploy.rb文件,如下:
set :ssh_options, { forward_agent: true, user: "deploy", auth_methods: ['publickey'], keys: %w(~/.ssh/privatekey.pem) }
將~/.ssh/privatekey.pem
替換為 SSH 私鑰文件路徑。
部署:
只需運行cap staging deploy
即可部署到服務器。
根據需要將cap
deploy 命令中的staging
替換為環境。
根據您的cap deploy
輸出,從您的筆記本電腦到您的服務器的 SSH 連接似乎不是問題。
00:00 git:wrapper
01 mkdir -p /tmp
✔ 01 deploy@myserver.com 0.286s
Uploading /tmp/git-ssh-myapp-staging-localuser.sh 100.0%
02 chmod 700 /tmp/git-ssh-myapp-staging-localuser.sh
✔ 02 deploy@myserver.com 0.277s
這個問題是當 capistrano 嘗試通過 SSH 運行git ls-remote git@gitlab.com:MyApp/myapp.git HEAD
時。
您需要將公鑰添加到 GitLab 中的 SSH 密鑰中,因為 SSH 代理轉發需要在所有目標系統上安裝公鑰。 在您的情況下,Gitlab 是一個目標系統。
cat ~/.ssh/id_rsa.pub # Copy the contents of your public key(filename may be different)
登錄到 GitLab,並將公鑰粘貼到您的存儲庫的 SSH 密鑰(在存儲庫設置中找到)中,您應該沒問題。
您還需要在ssh_options
指定創建 SSH 密鑰的用戶。
set :ssh_options, {
forward_agent: true,
user: 'deploy',
}
您還需要將遠程服務器的公鑰定義到存儲庫。 顯然,您的計算機可以訪問存儲庫,但服務器不能。
要獲取默認公鑰,您可以查看~/.ssh/id_rsa.pub
或者您可以使用ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
生成一個不要忘記初始化也在服務器中使用ssh-add
公鑰。
希望它有幫助
對於那些將來遇到此問題尋找替代方案的人:
大多數關於此問題的搜索建議添加 SSH 密鑰。 如果您確定它們已被添加,並且ssh -T git@bitbucket.org
(或您使用的任何 git 服務)顯示您已登錄,並且已設置代理轉發,則替代方案對我ssh -T git@bitbucket.org
在 Windows 上遇到同樣的問題是安裝PuTTY 。 安裝后:
cap deploy
我在另一篇關於在 Windows上使用 Capistrano 時響應長度錯誤的文章中發現了這種方法,因此表面上它也適用於這些情況。 這可能是因為Windows 上的 net-ssh 需要 Pageant 才能工作。
我有一個類似的問題,對我來說,我所要做的就是將我的 SSH 密鑰添加到 GitHub。 可以在此處找到此過程的文檔: https : //docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.