I am going to create automatic deploy to my testing server via SSH in Github Actions. I was created connecting by private key. It's work correctly on local (tested in ubuntu:latest docker image), but when I push my code into repository I got error.
Run ssh -i ~/.ssh/private.key -o "StrictHostKeyChecking no" ***#*** -p *** whoami
Warning: Permanently added '[***]:***' (ED25519) to the list of known hosts.
Load key "/home/runner/.ssh/private.key": error in libcrypto
Permission denied, please try again.
Permission denied, please try again.
***#***: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Error: Process completed with exit code 255.
My workflow code:
name: Testing deploy
on:
push:
branches:
- develop
- feature/develop-autodeploy
jobs:
build:
name: Build and deploy
runs-on: ubuntu-latest
steps:
- run: mkdir -p ~/.ssh/
- run: echo "{{ secrets.STAGING_KEY }}" > ~/.ssh/private.key
- run: chmod 600 ~/.ssh/private.key
- run: ssh -i ~/.ssh/private.key -o "StrictHostKeyChecking no" ${{ secrets.STAGING_USER }}#${{ secrets.STAGING_HOST }} -p ${{ secrets.STAGING_PORT }} whoami
I was tried 3rd-hand packages e.g. D3rHase/ssh-command-action and appleboy/ssh-action with another errors.
Resolved. In line, where I making private.key file missing $ character. My bad.
Related
I'm going through the "Scalable FastAPI Application on AWS" course. My gitlab-ci.yml file is below.
stages:
- docker
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "/certs"
cache:
key: ${CI_JOB_NAME}
paths:
- ${CI_PROJECT_DIR}/services/talk_booking/.venv/
build-python-ci-image:
image: docker:19.03.0
services:
- docker:19.03.0-dind
stage: docker
before_script:
- cd ci_cd/python/
script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
- docker build -t registry.gitlab.com/chris_/talk-booking:cicd-python3.9-slim .
- docker push registry.gitlab.com/chris_/talk-booking:cicd-python3.9-slim
My Pipeline fails with this error:
See https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
$ docker build -t registry.gitlab.com/chris_/talk-booking:cicd-python3.9-slim .
invalid argument "registry.gitlab.com/chris_/talk-booking:cicd-python3.9-slim" for "-t, --tag" flag: invalid reference format
See 'docker build --help'.
Cleaning up project directory and file based variables
ERROR: Job failed: exit code 125
It may or may not be relevant but the Container Registry for the GitLab project says there's a Docker connection error.
Thanks
I created a new GitLab account with a new username and things are working now. The underscore does appear to have been the issue.
I am trying to add bitbucket pipelines to deploy my angular application to one of our servers.
I configured SSH on my server and I could fetch the Host's finger print under Known hosts in Bitbucket
Below is my YAML file.
image: node:14
pipelines:
branches:
master:
- step:
name: Building Test angular application
caches:
- node
script:
- echo "npm install in progress.."
- npm install
- echo "Installing angular/cli..."
- npm install -g #angular/cli
- echo "Starting the Build process.."
- ng build
artifacts:
- dist/** # Save build for next steps
- step:
name: "Deployment"
script:
- pipe: atlassian/scp-deploy:0.3.3
variables:
USER: $USER
SERVER: $SERVER
REMOTE_PATH: '/c/testscp/'
LOCAL_PATH: 'dist/*'
SSH_KEY: $MY_SSH_KEY
The first step is running fine without any issues and I can see dist folder being added to the artifact however the second step is failing with the below error.
scp -rp -i /opt/atlassian/pipelines/agent/ssh/id_rsa_tmp dist/TestPipelineApplication <<USER>>#<<SERVERIP>>:/c/testscp/
Warning: Identity file /opt/atlassian/pipelines/agent/ssh/id_rsa_tmp not accessible: No such file or directory.
Load key "/root/.ssh/pipelines_id": invalid format
Permission denied, please try again.
Permission denied, please try again.
<<USER>>#<<SERVERIP>>: Permission denied (publickey,password,keyboard-interactive).
I never configured pipelines before so I am not completely sure what I am missing here.
Also, I looked into the below documentation but of no luck
https://bitbucket.org/atlassian/scp-deploy/src/1.0.1/README.md
Any help or suggestions are greatly appreciated.
I've a problem with my GitLab CI / CD pipeline: It's not connecting to my server during the deployment.
I've followed the instructions on the GitLab page and created a key pair for my server locally and tried it out - works perfectly.
Now I've switched to GitLab and created a file variable with the content of my private key file:
After that I've added a deployment section to my .gitlab-ci.yml file:
stages:
- deploy
deploy:
stage: deploy
before_script:
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- touch ~/.ssh/known_hosts
- ssh-keyscan 136.xxx.xxx.xx >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- echo "Deploying to server..."
- ssh -i $IDENTITY ftp#136.xxx.xxx.xx "echo Hallo"
only:
- master
But when I execute the script, I'm getting this error:
$ ssh -i $IDENTITY ftp#136.xxx.xxx.xx "echo Hallo"
###########################################################
# WARNING: UNPROTECTED PRIVATE KEY FILE! #
###########################################################
Permissions 0666 for '/builds/john/test-website.tmp/IDENTITY' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/builds/john/test-website.tmp/IDENTITY": bad permissions
Permission denied, please try again.
Permission denied, please try again.
ftp#136.xxx.xxx.xx: Permission denied (publickey,password).
ERROR: Job failed: exit code 1
What I'm doing wrong here? I don't get it.
Thanks to VonC. This is how I solved the problem with his help:
First I've changed the variable from file to variable. After that I've modified my deploy script:
deploy:
stage: deploy
before_script:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- touch ~/.ssh/known_hosts
- ssh-keyscan 136.xxx.xxx.xx >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- echo "Deploying to server..."
- cd /builds/john/test-website/frontend/
- ls
- ssh ftp#136.xxx.xxx.xx "ls"
only:
- master
You might want to consider a custom variable of type Variable instead of type file.
That way, GitLab won't create a temporary file with the wrong permission.
But your pipeline can:
create the relevant file (with the right permission 600),
use it in ssh -i, and
delete it immediately.
The company I work for has a private gitlab server that only supports ssh protocol when cloning a repository.
Inside this server, I have a gitlab-ci.yml file that uses docker executor to run some scripts.
The script's execution fails because it pulls the repository with https at its early stage. It generates this error message: fatal: unable to access 'https://gitlab.mycompany.com/path/to/the/repository/my_repo.git/': SSL certificate problem: unable to get local issuer certificate.
Where can I configure gitlab runner so that it uses ssh to clone the repository?
Here's the full execution log.
Running with gitlab-runner 12.7.1 (003fe500)
on my Group Runner Yh_yL3A2
Using Docker executor with image www.mycompany.com/path/to/the/image:1.0 ...
Pulling docker image www.mycompany.com/path/to/the/image:1.0 ...
Using docker image sha256:474e110ba44ddfje8ncoz4c44e91f2442547281192d4a82b88capmi9047cd8cb for www.mycompany.com/path/to/the/image:1.0 ...
Running on runner-Yh_yL3A2-project-343-concurrent-0 via b55d8c5ba21f...
Fetching changes...
Initialized empty Git repository in /path/to/the/repository/.git/
Created fresh repository.
fatal: unable to access 'https://gitlab.mycompany.com/path/to/the/repository/my_repo.git/': SSL certificate problem: unable to get local issuer certificate
ERROR: Job failed: exit code 1
Here's my .gitlab-ci.yml
image: www.mycompany.com/path/to/the/image:1.0
before_script:
- eval $(ssh-agent -s)
# Reference: https://docs.gitlab.com/ee/ci/ssh_keys/
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
# We're using tr to fix line endings which makes ed25519 keys work
# without extra base64 encoding.
# https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
#
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
#
# Create the SSH directory and give it the right permissions
#
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
stages:
- deploy
deploy:
stage: deploy
tags:
- infra
only:
refs:
- master
script:
- /bin/sh run.sh
I cannot find an option to specify whether the docker executor should use ssh or https to clone the repository.
I'm sure this is not the first question for BitBucket Pipeline and Digital Ocean, but I have gone through several similar posts without any luck.
pipelines:
default:
- step:
name: SSH to Digital Ocean and update docker image
script:
- ssh -i ~/.ssh/config root#xxx.xxx.xxx.xxx
- docker rm -f mycontainer
- docker image rm -f myrepo/imagename:tag
- docker pull myrepo/imagename:tag
- docker run --name mycontainer -p 12345:80 -d=true --restart=always myrepo/imagename:tag
services:
- docker
Here is the SSH Key in my BitBucket repository
Here is what the BitBucket Pipeline shows to me:
How can I resolve this?
This is not a key problem - it's that the Pipelines container does not act as a normal terminal, but ssh expects a terminal under normal operation. You should be able to pass the command(s) to be run as arguments to the SSH command: ssh -i /path/to/key user#host "docker rm -f mycontainer && docker image rm -f myrepo/imagename:tag" etc.