Capifony deploy cannot "git clone" - ssh

I have problem to deploy via very fresh capifony up on Capistrano v2.8.0 - it's my first capistrano/capifony deploy.
I have successfully done cap deploy:setup and now i need to execute cap deploy:cold.
SSH communication works well but it cannot execute git clone command because of ssh permissions:
* executing "git clone -q git#github.com:palmic/www.myproject.com.git /home/palmic/web/hostik.cz/palmic/releases/20110823122821 && cd /home/palmic/web/hostik.cz/palmic/releases/20110823122821 && git checkout -q -b deploy 7407672c0a59ad631ea2f1f1d71fb15c2f68ac30 && (echo 7407672c0a59ad631ea2f1f1d71fb15c2f68ac30 > /home/palmic/web/hostik.cz/palmic/releases/20110823122821/REVISION)"
servers: ["hostik.cz"]
[hostik.cz] executing command
** [hostik.cz :: err] Permission denied (publickey).
** fatal: The remote end hung up unexpectedly
command finished in 3123ms
*** [deploy:update_code] rolling back
* executing "rm -rf /home/palmic/web/hostik.cz/palmic/releases/20110823122821; true"
servers: ["hostik.cz"]
[hostik.cz] executing command
command finished in 164ms
When i login into ssh session and call this manualy it request ssh passphrase.
When i fill up the same passphrase which i have like :scm_passphrase in deploy.rb, then clone is successfully done.
So it looks like capistrano cannot fill up passphrase on my setup.
BTW. ssh_options[:forward_agent] = true/false does totaly nothing does anybody knows why?? (i have agent forwarding allowed in my ~/.ssh/config):
Host *hostik.cz
ForwardAgent yes
Host *
ForwardAgent no
my deploy.rb:
set :application, "app"
set :domain, "hostname"
set :deploy_to, "remotepath"
set :use_sudo, false
set :repository, "git#github.com:palmic/myproject.git"
set :scm, :git
set :user, "my remote username"
set :scm_passphrase, "my ssh passphrase on remote host"
set :branch, "git project deploy branchname"
set :scm_verbose, true
role :web, domain # Your HTTP server, Apache/etc
role :app, domain # This may be the same as your `Web` server
role :db, domain, :primary => true # This is where Rails migrations will run
set :keep_releases, 3
ssh_options[:forward_agent] = true
I know it's not any original bug and iam missing something, does anybody know?

You could add this in your deploy.rb:
default_run_options[:pty] = true

Related

rm command is not execed by Permission denied

in my deploy script deploy.rb
lock "3.11.0"
set :application, "myapp"
set :repo_url, "ssh://app#git.whitebear.com/home/app/myGit/myapp.git"
set :branch, 'master'
set :deploy_to, "/var/www/html/myapp"
#set :linked_files, %w{app/config/parameters.yml}
set :linked_dirs, %w{log vendor var node_modules public/build public/dlstore config/spool}
#somehow app/cache doesn't work...
set :format, :pretty
set :log_level, :debug
set :keep_releases, 3
after 'deploy:starting', 'composer:install_executable'
set :yarn_flags, "--prefer-offline --production --no-progress"
set :yarn_roles, :app
in production.rb
set :stage, :prod
set :symfony_env, "prod"
set :webserver_user, "app"
#set :controllers_to_clear, ["app_*.php"]
set :composer_install_flags, '--prefer-dist --no-interaction --optimize-autoloader'
server 'myapp.com', user: 'app', port: 22, roles: %w{app db web} # edit IP / Port and SSH user of your production server
SSHKit.config.command_map[:composer] = "php #{shared_path.join("composer.phar")}"
I set keep_releases 3, however when I deployed I have permission problems.
I don't know why permission is changed by Aapache though,
Is it possible forcely exec rm when deploying??
DEBUG [cd2bf6b1] cannot remove `/var/www/html/myApp/releases/20190212120003/var/cache/prod/pools/VQruNbwKF0/X/3/tCcgRMw5TEmYO-kHpJ0t'
DEBUG [cd2bf6b1] : Permission denied
This is a common problem caused by poor server configuration or deployment ran via wrong user. You u try to execute a script with user x and permissions for that file belongs to www-data and your user x is unable to remove it you will get this error. Your user has to have rights to remove that file. The user which executes the script is not the same as user that executes web request.

Capistrano fails SSH public key authentication but all commands still succeed

I am having trouble deploying using Capistrano using public key authentication. On windows, I have it configured to start an SSH agent automatically when I open my terminal.
Agent pid 4476
Enter passphrase for /c/Users/Lea/.ssh/id_rsa:
Identity added: /c/Users/Lea/.ssh/id_rsa (/c/Users/Lea/.ssh/id_rsa)
id_rsa is in my authorized_keys file on the server, and I use it all the time to ssh into it using ssh lea#web.3.
My Capfile is as follows:
require 'rubygems'
require 'railsless-deploy'
# application name
set :application, "site.com"
# multi-stage deploy
task :production do
set :branch, "master"
set :app_environment, "production"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/site.com/"
end
task :dev do
set :branch, `git rev-parse HEAD`
set :app_environment, "development"
role :web, "web.3", :primary => true
set :deploy_to, "/var/www/vhosts/site/dev.site.com/"
end
# deploys remotely on SSH using deploy only key
set :repository, "git#bitbucket.org:us/site.git"
set :scm, :git
set :git_enable_submodules, 1
set :deploy_via, :remote_cache
# release configuration
set :use_sudo, false
set :keep_releases, 2
after "deploy:update", "deploy:cleanup"
# the web server user
set :user, "lea"
namespace :deploy do
task :migrate do
# do nothing
end
task :finalize_update, :except => { :no_release => true } do
transaction do
#run "chmod -R g+w #{release_path}"
run "echo '#{app_environment}' > #{release_path}/ENVIRONMENT"
end
end
task :restart, :except => { :no_release => true } do
# don't need to restart
end
end
When I run the deployment, it asks again for my id_rsa passphrase. Why does it ask when I already have the ssh agent running and the passphrase entered?
Following is the log of the cap dev deploy command. You can see where it asks my passphrase. Also note when I ssh into the server, it starts an ssh-agent there as well and loads a deployment_rsa key used for git (you can see these messages in the log).
$ cap dev deploy
DL is deprecated, please use Fiddle
* 2013-09-12 13:19:30 executing `dev'
* 2013-09-12 13:19:30 executing `deploy'
* 2013-09-12 13:19:30 executing `deploy:update'
** transaction: start
* 2013-09-12 13:19:30 executing `deploy:update_code'
updating the cached checkout on all servers
* executing "if [ -d /var/www/vhosts/site/dev.site.com/shared/cache
d-copy ]; then cd /var/www/vhosts/site/dev.site.com/shared/cached-cop
y && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard 33
09af4ac302a6c2dc46bcf36e877abbd8472988\\\n && git submodule -q init && git submo
dule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"git version
1.6.5\" ] && echo --recursive) && git submodule -q update --init $GIT_RECURSIVE
&& git clean -q -d -x -f; else git clone -q git#bitbucket.org:us/v
entek.git /var/www/vhosts/site/dev.site.com/shared/cached-copy && cd
/var/www/vhosts/site/dev.site.com/shared/cached-copy && git checkout
-q -b deploy 3309af4ac302a6c2dc46bcf36e877abbd8472988 && git submodule -q init &
& git submodule -q sync && export GIT_RECURSIVE=$([ ! \"`git --version`\" \\< \"
git version 1.6.5\" ] && echo --recursive) && git submodule -q update --init $GI
T_RECURSIVE; fi"
servers: ["web.3"]
Enter passphrase for c:/Users/Lea/.ssh/id_rsa:
[web.3] executing command
** [web.3 :: out] Agent pid 11336
** [web.3 :: err] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 2300ms
copying the cached version to /var/www/vhosts/site/dev.site.com/r
eleases/20130912191939
* executing "cp -RPp /var/www/vhosts/site/dev.site.com/shared/cache
d-copy /var/www/vhosts/site/dev.site.com/releases/20130912191939 && (
echo 3309af4ac302a6c2dc46bcf36e877abbd8472988\\\n > /var/www/vhosts/us/dev.site.com/releases/20130912191939/REVISION)"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11442
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 751ms
* 2013-09-12 13:19:39 executing `deploy:finalize_update'
* executing "echo 'development' > /var/www/vhosts/site/dev.site.com
/releases/20130912191939/ENVIRONMENT"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11451
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 610ms
* 2013-09-12 13:19:40 executing `deploy:create_symlink'
* executing "rm -f /var/www/vhosts/site/dev.site.com/current && ln
-s /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www
/vhosts/site/dev.site.com/current"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11460
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 621ms
** transaction: commit
triggering after callbacks for `deploy:update'
* 2013-09-12 13:19:41 executing `deploy:cleanup'
* executing "ls -xt /var/www/vhosts/site/dev.site.com/releases"
servers: ["web.3"]
[web.3] executing command
[err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh/dep
loyment_rsa)
command finished in 1186ms
** keeping 2 of 7 deployed releases
* executing "rm -rf /var/www/vhosts/site/dev.site.com/releases/2013
0906181120 /var/www/vhosts/site/dev.site.com/releases/20130912185329
/var/www/vhosts/site/dev.site.com/releases/20130912185937 /var/www/vhosts/site/dev.site.com/releases/20130912191939 /var/www/vhosts/us/dev.site.com/releases/11469"
servers: ["web.3"]
[web.3] executing command
** [out :: web.3] Agent pid 11476
*** [err :: web.3] Identity added: /home/lea/.ssh/deployment_rsa (/home/lea/.ssh
/deployment_rsa)
command finished in 750ms
$
Now, my major problem is not with the passphrase. Every time I run capistrano it fails to authenticate 2 times for every deployment. I see this in the ssh log on the server, but no indication is given in Capistrano:
11:58:44 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
11:58:56 web3 sshd[1134]: Failed password for lea from [ip] port 42421 ssh2
The server is running fail2ban which blocks my IP (for 10 minutes) after 5 failed authentications, meaning I get blocked out after running capistrano 3 times. This is a huge an unacceptable problem, and I have no idea why this would occur. Do you have any advice for how to troubleshoot this problem, or a solution?
Thanks!
I ended up solving this problem myself. I was being locked out of the server because Fail2ban was an old version.
When connecting to SSH, sshd does a reverse DNS lookup. My reverse DNS on the office internet was failing, and it was printing an error into the /var/logs/secure log file.
Address x.x.x.x maps to server.domain.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Fail2ban was recognizing this as a failed connection, and blocking my IP because of it. It was never a problem when connecting manually because that is infrequent, but when Capistrano makes several connections in a row it was triggering it.
I used the info here: https://github.com/fail2ban/fail2ban/pull/64 to solve the problem by removing the regular expression from the fail2ban config file.
Step 1:
Do you really need a passphrase for your keys? This kind of risk today is mitigated by full disk encryption products or use of truecrypt-ed USB sticks. Less PITA, and still passes your security manager's best practices.
That said:
http://blog.blenderbox.com/2013/02/20/ssh-agent-forwarding-with-github/
Try adding
ssh_options[:forward_agent] = true
to the capfile, not Deploy.rb

Permissions issues with bundler install

I am working on a cap/deploy script for my rails application. On my server, I am using RVM to manage my ruby install.
The issue that I am seeing is even though I have set the runner/user/group to the correct user I am getting permissions errors when I try to install gems.
This is the error that I am seeing:
** loading stage recipe 'deploy'
** loading stage recipe 'init_config'
** loading stage recipe 'nginx'
executing locally: "git ls-remote ############################### ec2"
command finished in 1113ms
* executing `deploy:setup'
triggering before callbacks for `deploy:setup'
* executing `init_config'
* executing "whoami"
servers: ["ec2-23-23-24-42.compute-1.amazonaws.com"]
[ec2-23-23-24-42.compute-1.amazonaws.com] executing command
** [out :: ec2-23-23-24-42.compute-1.amazonaws.com] ubuntu
command finished in 529ms
* executing "gem install bundler"
servers: ["ec2-23-23-24-42.compute-1.amazonaws.com"]
[ec2-23-23-24-42.compute-1.amazonaws.com] executing command
** [out :: ec2-23-23-24-42.compute-1.amazonaws.com] ERROR: While executing gem ... (Gem::FilePermissionError)
** [out :: ec2-23-23-24-42.compute-1.amazonaws.com] You don't have write permissions into the /home/ubuntu/.rvm/gems/ruby-1.9.2-p290 directory.
command finished in 1026ms
*** failed: "bash --login -c 'gem install bundler'" on ec2-23-23-24-42.compute-1.amazonaws.com
This is my export cap file:
load 'deploy'
# ================================================================
# ROLES
# ================================================================
role :app, "ec2-23-23-24-42.compute-1.amazonaws.com"
# ================================================================
# VARIABLES
# ================================================================
# Webistrano defaults
set :webistrano_project, "sweet_high"
set :webistrano_stage, "staging"
set :application, ""
set :branch, "ec2"
set :bundle_disable_shared_gems, "\"1\""
set :bundle_path, "vendor/bundler_gems"
set :default_shell, "bash --login"
set :deploy_to, "/data/\#{application}"
set :deploy_via, :remote_cache
set :domain, ""
set :environment, "staging"
set :group, "ubuntu"
set :nginx_conf_path, "/etc/nginx/sites-enabled"
set :password, "deployment_user(SSH user) password"
set :rails_env, "staging"
set :repository, "t"
set :runner, "ubuntu"
set :rvm_bin_path, "/home/#{user}/.rvm/bin/rvm"
set :rvm_type, :user
set :scm, :git
set :scm_password, "your_SVN_password"
set :scm_username, "your_SVN_user"
set :ssh_options, {:forward_agent => true,:paranoid => false,:keys => ["/home/#{user}/.ssh/rails_app_server.pem"]}
set :use_sudo, true
set :user, "ubuntu"
# ================================================================
# TEMPLATE TASKS
# ================================================================
# allocate a pty by default as some systems have problems without
default_run_options[:pty] = true
# set Net::SSH ssh options through normal variables
# at the moment only one SSH key is supported as arrays are not
# parsed correctly by Webistrano::Deployer.type_cast (they end up as strings)
[:ssh_port, :ssh_keys].each do |ssh_opt|
if exists? ssh_opt
logger.important("SSH options: setting #{ssh_opt} to: #{fetch(ssh_opt)}")
ssh_options[ssh_opt.to_s.gsub(/ssh_/, '').to_sym] = fetch(ssh_opt)
end
end
# ================================================================
# CUSTOM RECIPES
# ================================================================
before "deploy:setup", :init_config
after "deploy:setup", :setup_cleanup
namespace :init_config do
desc <<-DESC
Created directory structure, changes ownership, etc...
DESC
task :default do
run "gem install bundler"
run "sudo mkdir -p #{deploy_to}"
run "sudo chown -R #{user}:#{group} #{deploy_to}"
run "mkdir -p #{shared_path}/config"
run "mkdir -p #{shared_path}/config"
File.open("/home/#{user}/.ssh/id_rsa", "rb").each_line{ |line|
run "echo #{line} >> ~/.ssh/id_rsa"
}
run "chown #{user}:#{group} ~/.ssh/id_rsa"
run "chmod 600 ~/.ssh/id_rsa"
end
end
your task init_config:default needs small addition:
run "sudo chown -R #{user}:#{group} /home/#{user}/.rvm"
run "gem install bundler"

capistrano always deploying old revision?

I've been experiencing an issue where capistrano will deploy an old revision from our git repo, unless we specify the exact revision we want to deploy to.
#this will deploy a revision from a couple weeks ago
cap staging deploy:migrations
#this will deploy correctly a new revision
cap staging deploy:migrations -S revision=74d27c00363cdcd456942d6951230564893ccb28
Does anyone have an idea why this could be happening?
here is the cap deploy file:
set :rvm_ruby_string, 'ruby-1.9.3-p194#ac_helenefrance_01' # Or:
#set :rvm_ruby_string, ENV['GEM_HOME'].gsub(/.*\//,"") # Read from local system
require "rvm/capistrano" # Load RVM's capistrano plugin.
require "bundler/capistrano"
# set :verbose ,1
require 'capistrano/ext/multistage'
set :stages, %w(staging production)
set :default_stage, "staging"
set :user, "webm"
# set :deploy_via, :remote_cache
set :use_sudo, false
set :scm, "git"
set :repository, "git#aliencom.beanstalkapp.com:/ac_helenefrance_01.git"
# :branch is being set in stage files
default_run_options[:pty] = true
# ssh_options[:forward_agent] = true
after "deploy", "deploy:cleanup" # keep only the last 5 releases
namespace :deploy do
%w[start stop restart].each do |command|
desc "#{command} unicorn server"
task command, roles: :app, except: {no_release: true} do
run "#{sudo} service unicorn_#{server_configuration} #{command}"
end
end
desc "build missing paperclip styles"
task :build_missing_paperclip_styles, :roles=> :app do
run "cd #{release_path}; RAILS_ENV=production bundle exec rake paperclip:refresh:missing_styles"
end
after "deploy:update", "deploy:build_missing_paperclip_styles"
task :setup_config, roles: :app do
puts "#making symlink to nginx sites-enabled"
run "#{sudo} ln -fs #{current_path}/config/server/#{server_configuration}/nginx.conf /etc/nginx/sites-enabled/#{server_configuration}"
puts "#making symlink to unicorn service script"
run "#{sudo} ln -fs #{current_path}/config/server/#{server_configuration}/unicorn_init.sh /etc/init.d/unicorn_#{server_configuration}"
puts "#making a the new config directory"
run "mkdir -p #{shared_path}/config"
run "sunique 1"
put File.read("config/database.yml"), "#{shared_path}/config/database.yml"
run "sunique 0"
puts "Now edit the config files in #{shared_path}."
end
after "deploy:setup", "deploy:setup_config"
task :symlink_config, roles: :app do
run "ln -nfs #{shared_path}/config/database.yml #{release_path}/config/database.yml"
puts "#for reference:"
puts "#rvm wrapper 1.9.3#ac_helenefrance_01 ruby-1.9.3-p194##{server_configuration} unicorn cap"
puts "#now be sure to run: sudo update-rc.d unicorn_#{server_configuration} defaults"
end
after "deploy:finalize_update", "deploy:symlink_config"
end
and the environment/stage.rb for the default multistage env.
server "xxx.xxx.xxx.xxx", :web, :app, :db, primary: true
set :branch, "sitemap"
set :isRemote, true
set :server_configuration, "st_ac_helenefrance_01"
set :application, "#{server_configuration}"
set :deploy_to, "/home/#{user}/#{server_configuration}"
It was setup to an old branch >:(
My colleague accidentally committed a test he was doing.

Deploying Ruby on rails on Deamhost fails

I'm trying to deploy a simple Ruby on Rails app to dreamhost but I'm getting an error related to the bundle command. Here is the error:
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
* executing "find /home/USER-NAME/MY-DOMAIN/releases/20110123014150/public/images /home/USER-NAME/MY-DOMAIN/releases/20110123014150/public/stylesheets /home/USER-NAME/MY-DOMAIN/releases/20110123014150/public/javascripts -exec touch -t 201101230141.52 {} ';'; true"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
triggering after callbacks for `deploy:update_code'
* executing `bundle:install'
* executing "ls -xt /home/USER-NAME/MY-DOMAIN/releases"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
* executing "bundle install --gemfile /home/USER-NAME/MY-DOMAIN/releases/20110123014150/Gemfile --path /home/USER-NAME/MY-DOMAIN/shared/bundle --deployment --quiet --without development test"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
*** [err :: bullseye.dreamhost.com] sh: bundle: command not found
command finished
*** [deploy:update_code] rolling back
* executing "rm -rf /home/USER-NAME/MY-DOMAIN/releases/20110123014150; true"
servers: ["bullseye.dreamhost.com"]
[bullseye.dreamhost.com] executing command
command finished
failed: "sh -c 'bundle install --gemfile /home/USER-NAME/MY-DOMAIN/releases/20110123014150/Gemfile --path /home/USER-NAME/MY-DOMAIN/shared/bundle --deployment --quiet --without development test'" on bullseye.dreamhost.com
Here is my deploy.rb file.
require 'bundler/capistrano'
set :user, "MY-USERNAME"
set :password, "MY-PASSWORD"
set :domain, 'bullseye.dreamhost.com' # Dreamhost servername where your account is located
set :project, 'blog' # Your application as its called in the repository
set :application, 'MY-DOMAIN' # Your app's location (domain or sub-domain name as setup in panel)
set :applicationdir, "/home/#{user}/#{application}" # The standard Dreamhost setup
# version control config
set :scm_username, 'MY-SVN-USERNAME'
set :scm_password, 'MY-SVN-PWD'
set :repository, "http://MY-SVN-URL/01/blog/"
# roles (servers)
role :web, domain
role :app, domain
role :db, domain, :primary => true
# deploy config
set :deploy_to, applicationdir
set :deploy_via, :export
# additional settings
default_run_options[:pty] = false # Forgo errors when deploying from windows
namespace :deploy do
task :start do ; end
task :stop do ; end
task :restart, :roles => :app, :except => { :no_release => true } do
run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}"
end
end
I found a similar question at Bundle install failing when deploying a Rails 3 app to Dreamhost with Capistrano but the solution didn't work. Anybody have any ideas as to what might be happening in my case?
I got this figured out eventually. What I did was
ssh into the dreamhost server and execute which bundle command
from ssh session execute echo $PATH command
edit config/deploy.rb and combine both strings with a : between and place inside default_environment PATH value, see below
set :default_environment, {
'PATH' => "'/usr/lib/ruby/gems/1.8/bin//bundle:/home/sayed3/.gems/bin:/usr/lib/ruby/gems/1.8/bin/:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games'"
}
Once I did this it was able to execute the bundle command successfully, but then I started running into some other issues. I eventually decided to use a VPS that I have hosted elsewhere, but I'm sure if I spent a bit more time I could have figured it out.
Besides adding the path to bundle, as specified above, I also had to add the following line to my config/deploy.rb in order to force capistrano to use bash, instead of the default shell, which, on dreamhost, is dash:
set :shell, '/bin/bash'