[英]SSH error when trying to deploy to Digital Ocean via Gitlab CI/CD
晚上好,我正在嘗試通過 Gitlab CI/CD 管道部署到 Digital Ocean,但是當我運行管道時,我得到一個:“chmod: /root/.ssh/id_rsa: No such file or directory $ chmod og= ~ /.ssh/id_rsa 清理基於文件的變量 00:00 錯誤:作業失敗:退出代碼 1”。
由於某種原因,它沒有使用我為部署創建的用戶,而是使用 root,但是當我使用 cat 命令查看服務器中的 ssh 密鑰時,它同時顯示在 root 和部署者用戶中。 下面是 my.yml 文件。
before_script: - echo $PATH - pwd - whoami - mkdir -p ~/.ssh - cd ~/.ssh - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > id_rsa - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > id_rsa.pub - chmod 700 id_rsa id_rsa.pub - cp id_rsa.pub authorized_keys - cp id_rsa.pub known_hosts - ls -ld * - cd - stages: - build - publish - deploy variables: TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA build: image: node:latest stage: build script: - npm install - echo "ACCOUNT_SID=$ACCOUNT_SID" >>.env - echo "AUTH_TOKEN=$AUTH_TOKEN" >>.env - echo "API_KEY=$API_KEY" >>.env - echo "API_SECRET=$API_SECRET" >>.env - echo "PHONE_NUMBER=$PHONE_NUMBER" >>.env - echo "sengrid_api=$sengrid_api" >>.env publish: image: docker:latest stage: publish services: - docker:dind script: - docker build. -t $TAG_COMMIT -t $TAG_LATEST - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - docker push $TAG_COMMIT - docker push $TAG_LATEST deploy: image: alpine:latest stage: deploy tags: - deployment script: - whoami - uname -a - echo "user $SERVER_USER" - echo "ip $SERVER_IP" - echo "id_rsa $ID_RSA" - (which ifconfig) || (apt install.net-tools) - /sbin/ifconfig - touch blah - find. - apk update && apk add openssh-client - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT" environment: name: production url: http://167.172.225.124 only: - master
經過數小時的工作和錯誤:
cat id_rsa.pub >> authorized_keys:修復了權限被拒絕(公鑰,密碼)錯誤 ssh-keyscan gitlab.com >> authorized_keys:此密鑰修復了連接被拒絕的錯誤。 下面是有效的 final.yml 文件。
# ssh-keyscan gitlab.com >> authorized_keys: use this command to add gitlab ssh keys to sever. Run on server terminal # cat id_rsa.pub >> authorized_keys Run this command on the sever on the terminal. # Both COMMANDS ABOVE ARE necessary. stages: - build - publish - deploy variables: TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA build: image: node:latest stage: build script: - npm install - echo "ACCOUNT_SID=$ACCOUNT_SID" >>.env - echo "AUTH_TOKEN=$AUTH_TOKEN" >>.env - echo "API_KEY=$API_KEY" >>.env - echo "API_SECRET=$API_SECRET" >>.env - echo "PHONE_NUMBER=$PHONE_NUMBER" >>.env - echo "sengrid_api=$sengrid_api" >>.env publish: image: docker:latest stage: publish services: - docker:dind script: - docker build. -t $TAG_COMMIT -t $TAG_LATEST - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY - docker push $TAG_COMMIT - docker push $TAG_LATEST deploy: image: ubuntu:latest stage: deploy tags: - deployment before_script: ## ## Install ssh-agent if not already installed, it is required by Docker. ## (change apt-get to yum if you use an RPM-based image) ## - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )' ## ## Run ssh-agent (inside the build environment) ## - eval $(ssh-agent -s) ## ## Create the SSH directory and give it the right permissions ## - mkdir -p ~/.ssh - chmod 700 ~/.ssh ## ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store ## We're using tr to fix line endings which makes ed25519 keys work ## without extra base64 encoding. ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556 ## - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > ~/.ssh/id_rsa.pub - chmod 600 ~/.ssh/* - chmod 644 ~/.ssh/*.pub - ssh-add ## ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com ## with your own domain name. You can copy and repeat that command if you have ## more than one server to connect to. ## - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts - chmod 644 ~/.ssh/known_hosts - ls -ld ~/.ssh/* - cat ~/.ssh/* ## ## Alternatively, assuming you created the SSH_SERVER_HOSTKEYS variable ## previously, uncomment the following two lines instead. ## #- echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts' #- chmod 644 ~/.ssh/known_hosts ## ## You can optionally disable host key checking. Be aware that by adding that ## you are suspectible to man-in-the-middle attacks. ## WARNING: Use this only with the Docker executor, if you use it with shell ## you will overwrite your user's SSH config. ## #- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' ## ## Optionally, if you will be using any Git commands, set the user name and ## email. ## script: - ssh -v -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true" - ssh -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT" environment: name: production url: http://167.172.225.124 only: - master
您所遵循的DigitalOcean 教程的先決條件包括一個 sudo 非根用戶,以及一個啟用了容器注冊表的 GitLab 實例上的用戶帳戶。
通過 script.deb.sh 安裝的 gitlab-runner 服務應該需要非 root 用戶的密碼才能繼續。
它涉及創建一個專用於部署任務的用戶,稍后配置 CI/CD 管道以使用該用戶登錄服務器。
這意味着 gitlab-ci 不應該由root執行,在任何階段都不涉及。
Docker 容器以代碼 2 退出,並通過 Gitlab CI/CD 管道將節點應用程序部署到 Digital Ocean
[英]Docker container exits with code 2 with deploying node app to Digital Ocean via Gitlab CI/CD pipeline
使用 Gitlab Runner 部署到 Digital Ocean 時,“docker pull”需要恰好 1 個參數錯誤
[英]"docker pull" requires exactly 1 argument error when using Gitlab Runner to deploy to Digital Ocean
如何使用Kubernetes和Gitlab CI / CD在Google Cloud Platform中部署登台?
[英]How to deploy staging in Google Cloud Platform with Kubernetes and Gitlab CI/CD?
Gitlab CI/CD - 在 Azure 上部署節點應用程序 Linux WebApp
[英]Gitlab CI/CD - deploy node application on Azure Linux WebApp
Error loading key "/dev/fd/63: Error when trigger the CI/CD in Gitlab
[英]Error loading key "/dev/fd/63: Error when trigger the CI/CD in Gitlab
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.