I am having trouble deploying using Capistrano using public key authentication. On windows, I have it configured to start an SSH agent automatically when I open my terminal.
Agent pid 4476
Enter passphrase for /c/Users/Lea/.ssh/id_rsa:
Identity added: /c/Users/Lea/.ssh/id_rsa (/c/Users/Lea/.ssh/id_rsa)
id_rsa is in my authorized_keys file on the server, and I use it all the time to ssh into it using ssh lea#web.3.
My Capfile is as follows:
require 'rubygems'
require 'railsless-deploy'
# application name
set :application, "site.com"
# multi-stage deploy
task :production do
set :branch, "master"
set :app_environment, "production"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/site.com/"
end
task :dev do
set :branch, `git rev-parse HEAD`
set :app_environment, "development"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/dev.site.com/"
end
# deploys remotely on SSH using deploy only key
set :repository, "git#bitbucket.org:us/site.git"
set :scm, :git
set :git_enable_submodules, 1
set :deploy_via, :remote_cache
# release configuration
set :use_sudo, false
set :keep_releases, 2
after "deploy:update", "deploy:cleanup"
# the web server user
set :user, "lea"
namespace :deploy do
task :migrate do
# do nothing
end
task :finalize_update, :except => { :no_release => true } do
transaction do
#run "chmod -R g+w #{release_path}"
run "echo '#{app_environment}' > #{release_path}/ENVIRONMENT"
end
end
task :restart, :except => { :no_release => true } do
# don't need to restart
end
end
When I run the deployment, it asks again for my id_rsa passphrase. Why does it ask when I already have the ssh agent running and the passphrase entered?
Following is the log of the cap dev deploy command. You can see where it asks my passphrase. Also note when I ssh into the server, it starts an ssh-agent there as well and loads a deployment_rsa key used for git (you can see these messages in the log).
$ cap dev deploy
DL is deprecated, please use Fiddle
* 2013-09-12 13:19:30 executing `dev'
* 2013-09-12 13:19:30 executing `deploy'
* 2013-09-12 13:19:30 executing `deploy:update'
** transaction: start
* 2013-09-12 13:19:30 executing `deploy:update_code'
updating the cached checkout on all servers
* executing "if [ -d /var/www/vhosts/site/dev.site.com/shared/cache
d-copy ]; then cd /var/www/vhosts/site/dev.site.com/shared/cached-cop
y && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard 33
09af4ac302a6c2dc46bcf36e877abbd8472988\\\n && git submodule -q init && git submo
dule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"git version
1.6.5\" ] && echo --recursive) && git submodule -q update --init $GIT_RECURSIVE
&& git clean -q -d -x -f; else git clone -q git#bitbucket.org:us/v
entek.git /var/www/vhosts/site/dev.site.com/shared/cached-copy && cd
/var/www/vhosts/site/dev.site.com/shared/cached-copy && git checkout
-q -b deploy 3309af4ac302a6c2dc46bcf36e877abbd8472988 && git submodule -q init &
& git submodule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"
git version 1.6.5\" ] && echo --recursive) && git submodule -q update --init $GI
T_RECURSIVE; fi"
servers: ["web.3"]
Enter passphrase for c:/Users/Lea/.ssh/id_rsa:
[web.3] executing command
** [web.3 :: out] Agent pid 11336
** [web.3 :: err] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 2300ms
copying the cached version to /var/www/vhosts/site/dev.site.com/r
eleases/20130912191939
* executing "cp -RPp /var/www/vhosts/site/dev.site.com/shared/cache
d-copy /var/www/vhosts/site/dev.site.com/releases/20130912191939 && (
echo 3309af4ac302a6c2dc46bcf36e877abbd8472988\\\n > /var/www/vhosts/us/dev.site.com/releases/20130912191939/REVISION)"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11442
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 751ms
* 2013-09-12 13:19:39 executing `deploy:finalize_update'
* executing "echo 'development' > /var/www/vhosts/site/dev.site.com
/releases/20130912191939/ENVIRONMENT"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11451
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 610ms
* 2013-09-12 13:19:40 executing `deploy:create_symlink'
* executing "rm -f /var/www/vhosts/site/dev.site.com/current && ln
-s /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www
/vhosts/site/dev.site.com/current"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11460
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 621ms
** transaction: commit
triggering after callbacks for `deploy:update'
* 2013-09-12 13:19:41 executing `deploy:cleanup'
* executing "ls -xt /var/www/vhosts/site/dev.site.com/releases"
servers: ["web.3"]
[web.3] executing command
[err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh/dep
loyment_rsa)
command finished in 1186ms
** keeping 2 of 7 deployed releases
* executing "rm -rf /var/www/vhosts/site/dev.site.com/releases/2013
0906181120 /var/www/vhosts/site/dev.site.com/releases/20130912185329
/var/www/vhosts/site/dev.site.com/releases/20130912185937 /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www/vhosts/us/dev.site.com/releases/11469"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11476
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 750ms
$
Now, my major problem is not with the passphrase. Every time I run capistrano it fails to authenticate 2 times for every deployment. I see this in the ssh log on the server, but no indication is given in Capistrano:
11:58:44 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
11:58:56 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
The server is running fail2ban which blocks my IP (for 10 minutes) after 5 failed authentications, meaning I get blocked out after running capistrano 3 times. This is a huge an unacceptable problem, and I have no idea why this would occur. Do you have any advice for how to troubleshoot this problem, or a solution?
Thanks!
I ended up solving this problem myself. I was being locked out of the server because Fail2ban was an old version.
When connecting to SSH, sshd does a reverse DNS lookup. My reverse DNS on the office internet was failing, and it was printing an error into the /var/logs/secure log file.
Address x.x.x.x maps to server.domain.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Fail2ban was recognizing this as a failed connection, and blocking my IP because of it. It was never a problem when connecting manually because that is infrequent, but when Capistrano makes several connections in a row it was triggering it.
I used the info here: https://github.com/fail2ban/fail2ban/pull/64 to solve the problem by removing the regular expression from the fail2ban config file.
Step 1:
Do you really need a passphrase for your keys? This kind of risk today is mitigated by full disk encryption products or use of truecrypt-ed USB sticks. Less PITA, and still passes your security manager's best practices.
That said:
http://blog.blenderbox.com/2013/02/20/ssh-agent-forwarding-with-github/
Try adding
ssh_options[:forward_agent] = true
to the capfile, not Deploy.rb
Related
I know that this problem has been asked many times, but I can't get it sorted (I'm a beginner).
What I'm trying to do is to deploy my rails application to my production server using capistrano. I stored my project on a directory on gitlab. Everything was working perfectly until I moved my application in an other gitlab repository (git#gitlab.com:myusername/xxxxxx.git).
I think I set up my deploy.rb file accordingly :
set :application, "xxxxxx"
set :user, "yyyyy"
set :repository, "git#gitlab.com:myusername/xxxxxx.git"
But when I try to deploy it, I get the permission error :
[xxxxxx.com] executing command
[xxxxxx.com] env PATH=/home/kar/.rbenv/shims:/home/kar/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin sh -c 'if [ -d /var/www/xxxxxx/shared/cached-copy ]; then cd /var/www/xxxxxx/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard 97ff4f45240a680c1d278325d7ac1871536c8091 && git clean -q -d -x -f; else git clone -q git#gitlab.com:myusername/xxxxxx.git /var/www/xxxxxx/shared/cached-copy && cd /var/www/xxxxxx/shared/cached-copy && git checkout -q -b deploy 97ff4f45240a680c1d278325d7ac1871536c8091; fi'
** [xxxxxx.com :: err] Permission denied (publickey).
** [xxxxxx.com :: err] fatal: The remote end hung up unexpectedly
Could you please propose me some tests to find out from where the issue comes ?
Is there any key to add on my server ?
Thanks a lot for your help.
Here's the capistrano 3 plugin that is created solely for the purpose of troubleshooting problems like this one: capistrano-ssh-doctor.
The plugin outputs a report with found issues and suggested next steps.
When deploying my rail 3 app with Capistrano It gets to the step where capistrano executes this command:
* executing "if [ -d /var/www/appname/shared/cached-copy ]; then cd /var/www/dflabs1/shared/cached-copy && git fetch -q origin && git fetch --tags -q origi
n && git reset -q --hard d0a1373a3634935de1a75f377698ba53574fe580 && git clean -q -d -x -f; else git clone -q https://github.com/username/dflabs1.git /va
r/www/appname/shared/cached-copy && cd /var/www/appname/shared/cached-copy && git checkout -q -b deploy d0a1373a3634935de1a75f377698ba53574fe580; fi"
servers: ["11.10.1.162"]
Password:
[11.10.1.162] executing command
** [11.10.1.162 :: out] Username for 'https://github.com':
The problem is that when it outputs "Username for 'https://github.com'" , the cursor jumps to a new line without letting me enter the username. If I try and enter the username on the new line the deploy just does nothing. This is happen on an Ubuntu 12.04 desktop to an Ubuntu 12.04 server.
I tried adding the 'set :scm_username' option to deploy.rb but that had no effect. I tried in the Ubuntu terminal and in the Terminal view inside Aptana.
Try to import the SSH-Key of your Deployment-Server into GitHub.
You can do this here: SSH Keys.
You can find the tutorial for SSH-Keys (Github) here: Generating SSH Keys
[EDIT]
Actually I just did it myself and checked the output.
Are you sure you set your set :repository, "git#github.com:[GitHub-User]/[GitHub-Repository-Name].git"in the deploy.rb correctly?
because your
else git clone -q https://github.com/username/dflabs1.git
looks here like
else git clone -q git#github.com:[GitHub-User]/[GitHub-Repository-Name].git
Goal: To have "cap staging deploy" work again.
Problem: The development server's IP was changed.
Background:
I develop on my personal PC/Ubuntu 10.04 LTS and push updates to the development/test server which is Ubuntu 10.04 LTS-Virtual Machine. I am using Rails 3 & Ruby 1.9.2.
I have the git repository on the development server and I use SSH keys instead of passwords when I push updates or run: cap staging deploy.
I can successfully do: git push web_forms2_git_repo develop
When I run: cap staging deploy ... I get these results:
* executing `staging'
triggering start callbacks for `deploy'
* executing `multistage:ensure'
* executing `deploy'
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
executing locally: "git ls-remote ssh://git#my-domain-name/home/git/web_forms2.git develop"
command finished in 3381ms
* executing "git clone -q ssh://git#my-domain-name/home/git/web_forms2.git /home/rails_192/apps/cals_web_forms/public/releases/20111220174923 && cd /home/rails_192/apps/cals_web_forms/public/releases/20111220174923 && git checkout -q -b deploy 5c2910f687480f136206e56ba73c268c7026df20 && (echo 5c2910f687480f136206e56ba73c268c7026df20 > /home/rails_192/apps/cals_web_forms/public/releases/20111220174923/REVISION)"
servers: ["my-domain-name"]
[my-domain-name] executing command
** [my-domain-name :: out] ssh: connect to host my-domain-name port 22: No route to host
** fatal: The remote end hung up unexpectedly
command finished in 3271ms
*** [deploy:update_code] rolling back
* executing "rm -rf /home/rails_192/apps/cals_web_forms/public/releases/20111220174923; true"
servers: ["my-domain-name"]
[my-domain-name] executing command
command finished in 39ms
failed: "env PATH=/home/...
I did try to clone web_forms2 repository to my local PC but it didn't work and I will paste the results below:
Command: git clone ssh://git#my-domain-name/home/git/web_forms2.git
Results: fatal: could not create work tree dir 'web_forms2'.: Permission denied
Has anyone come across this before?
Thanks
You can set the IP of the server in your Capistrano config file (config/deploy.rb):
role :web, "71.19.150.118" # replace this IP with the new IP or server address.
Keep in mind that if you use host names instead of IPs, #Sergei Tulentsev is right and you'll have to update your /etc/hosts file to reflect the change in the IP.
I have problem to deploy via very fresh capifony up on Capistrano v2.8.0 - it's my first capistrano/capifony deploy.
I have successfully done cap deploy:setup and now i need to execute cap deploy:cold.
SSH communication works well but it cannot execute git clone command because of ssh permissions:
* executing "git clone -q git#github.com:palmic/www.myproject.com.git /home/palmic/web/hostik.cz/palmic/releases/20110823122821 && cd /home/palmic/web/hostik.cz/palmic/releases/20110823122821 && git checkout -q -b deploy 7407672c0a59ad631ea2f1f1d71fb15c2f68ac30 && (echo 7407672c0a59ad631ea2f1f1d71fb15c2f68ac30 > /home/palmic/web/hostik.cz/palmic/releases/20110823122821/REVISION)"
servers: ["hostik.cz"]
[hostik.cz] executing command
** [hostik.cz :: err] Permission denied (publickey).
** fatal: The remote end hung up unexpectedly
command finished in 3123ms
*** [deploy:update_code] rolling back
* executing "rm -rf /home/palmic/web/hostik.cz/palmic/releases/20110823122821; true"
servers: ["hostik.cz"]
[hostik.cz] executing command
command finished in 164ms
When i login into ssh session and call this manualy it request ssh passphrase.
When i fill up the same passphrase which i have like :scm_passphrase in deploy.rb, then clone is successfully done.
So it looks like capistrano cannot fill up passphrase on my setup.
BTW. ssh_options[:forward_agent] = true/false does totaly nothing does anybody knows why?? (i have agent forwarding allowed in my ~/.ssh/config):
Host *hostik.cz
ForwardAgent yes
Host *
ForwardAgent no
my deploy.rb:
set :application, "app"
set :domain, "hostname"
set :deploy_to, "remotepath"
set :use_sudo, false
set :repository, "git#github.com:palmic/myproject.git"
set :scm, :git
set :user, "my remote username"
set :scm_passphrase, "my ssh passphrase on remote host"
set :branch, "git project deploy branchname"
set :scm_verbose, true
role :web, domain # Your HTTP server, Apache/etc
role :app, domain # This may be the same as your `Web` server
role :db, domain, :primary => true # This is where Rails migrations will run
set :keep_releases, 3
ssh_options[:forward_agent] = true
I know it's not any original bug and iam missing something, does anybody know?
You could add this in your deploy.rb:
default_run_options[:pty] = true
I'm trying to deploy a simple Ruby on Rails app to dreamhost but I'm getting an error related to the bundle command. Here is the error:
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
* executing "find /home/USER-NAME/MY-DOMAIN/releases/20110123014150/public/images /home/USER-NAME/MY-DOMAIN/releases/20110123014150/public/stylesheets /home/USER-NAME/MY-DOMAIN/releases/20110123014150/public/javascripts -exec touch -t 201101230141.52 {} ';'; true"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
triggering after callbacks for `deploy:update_code'
* executing `bundle:install'
* executing "ls -xt /home/USER-NAME/MY-DOMAIN/releases"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
* executing "bundle install --gemfile /home/USER-NAME/MY-DOMAIN/releases/20110123014150/Gemfile --path /home/USER-NAME/MY-DOMAIN/shared/bundle --deployment --quiet --without development test"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
*** [err :: bullseye.dreamhost.com] sh: bundle: command not found
command finished
*** [deploy:update_code] rolling back
* executing "rm -rf /home/USER-NAME/MY-DOMAIN/releases/20110123014150; true"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
failed: "sh -c 'bundle install --gemfile /home/USER-NAME/MY-DOMAIN/releases/20110123014150/Gemfile --path /home/USER-NAME/MY-DOMAIN/shared/bundle --deployment --quiet --without development test'" on bullseye.dreamhost.com
Here is my deploy.rb file.
require 'bundler/capistrano'
set :user, "MY-USERNAME"
set :password, "MY-PASSWORD"
set :domain, 'bullseye.dreamhost.com' # Dreamhost servername where your account is located
set :project, 'blog' # Your application as its called in the repository
set :application, 'MY-DOMAIN' # Your app's location (domain or sub-domain name as setup in panel)
set :applicationdir, "/home/#{user}/#{application}" # The standard Dreamhost setup
# version control config
set :scm_username, 'MY-SVN-USERNAME'
set :scm_password, 'MY-SVN-PWD'
set :repository, "http://MY-SVN-URL/01/blog/"
# roles (servers)
role :web, domain
role :app, domain
role :db, domain, :primary => true
# deploy config
set :deploy_to, applicationdir
set :deploy_via, :export
# additional settings
default_run_options[:pty] = false # Forgo errors when deploying from windows
namespace :deploy do
task :start do ; end
task :stop do ; end
task :restart, :roles => :app, :except => { :no_release => true } do
run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}"
end
end
I found a similar question at Bundle install failing when deploying a Rails 3 app to Dreamhost with Capistrano but the solution didn't work. Anybody have any ideas as to what might be happening in my case?
I got this figured out eventually. What I did was
ssh into the dreamhost server and execute which bundle command
from ssh session execute echo $PATH command
edit config/deploy.rb and combine both strings with a : between and place inside default_environment PATH value, see below
set :default_environment, {
'PATH' => "'/usr/lib/ruby/gems/1.8/bin//bundle:/home/sayed3/.gems/bin:/usr/lib/ruby/gems/1.8/bin/:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games'"
}
Once I did this it was able to execute the bundle command successfully, but then I started running into some other issues. I eventually decided to use a VPS that I have hosted elsewhere, but I'm sure if I spent a bit more time I could have figured it out.
Besides adding the path to bundle, as specified above, I also had to add the following line to my config/deploy.rb in order to force capistrano to use bash, instead of the default shell, which, on dreamhost, is dash:
set :shell, '/bin/bash'