Gitlab-ci 配置 docker runner 以使用 SSH 密钥进行部署
Gitlab-ci configure docker runner for deployment with SSH keys
我正在尝试使用 gitlab-ci 和 capistrano 来部署我的 symfony 应用程序。但是我无法通过将密钥注入 docker 来使用 SSH 进行部署,脚本在连接时一直提示输入密码。我正在使用 gitlab.
的本地实例
在gitlab的SSH_PRIVATE_KEY私有变量中,我添加了git用户的私钥,在SSH_SERVER_HOSTKEYS,ssh-keyscan -H 192.168.0.226命令的结果。
在部署的 .ssh 文件夹中的文件 authorized_keys 中,我放置了 git 用户的 public 密钥。
配置文件如下:
gitlab-ci.yml:
image: php:7.1
cache:
paths:
- vendor/
before_script:
# Install dependencies
- bash ci/docker_install.sh > /dev/null
- bash ci/ssh_inject.sh
stages:
- deploy
deploy:
stage: deploy
script:
- apt-get install ruby-full -yqq
- gem install capistrano -v 3.8.0
- gem install capistrano-symfony
- cap production deploy
environment:
name: production
url: http://website.com
only:
- master
ssh_inject.sh: link
#!/bin/bash
set -xe
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
# Run ssh-agent (inside the build environment)
eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
ssh-add <(echo "$SSH_PRIVATE_KEY")
mkdir -p ~/.ssh
[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
deploy.rb:
# config valid only for current version of Capistrano
lock '3.8.0'
set :application, 'symfony'
set :repo_url, 'git@gitlab.local:symfony.git'
# Default deploy_to directory is /var/www/my_app_name
set :deploy_to, '/home/symfony'
set :symfony_env, "prod"
set :composer_install_flags, '--no-dev --prefer-dist --no-interaction --optimize-autoloader'
set :symfony_directory_structure, 3
set :sensio_distribution_version, 5
# symfony-standard edition directories
set :app_path, "app"
set :web_path, "web"
set :var_path, "var"
set :bin_path, "bin"
set :app_config_path, "app/config"
set :log_path, "var/logs"
set :cache_path, "var/cache"
set :symfony_console_path, "bin/console"
set :symfony_console_flags, "--no-debug"
# asset management
set :assets_install_path, "web"
set :assets_install_flags, '--symlink'
# Share files/directories between releases
set :linked_files, %w(app/config/parameters.yml)
set :linked_dirs, %w(web/uploads)
# Set correct permissions between releases, this is turned off by default
set :permission_method, false
set :file_permissions_paths, ["var/logs", "var/cache"]
set :file_permissions_users, ["apache"]
before "deploy:updated", "deploy:set_permissions:acl"
after "deploy:updated", "symfony:assetic:dump"
和production.rb:
server '192.168.0.226', user: 'deploy', roles: %w{app db web}
有什么问题吗?我尝试将 forward_agent 设置为 true 但它不起作用。
如果我手动构建 docker 容器并安装所有依赖项ci,则无需密码即可建立 ssh 连接...
错误如下:
编辑:
在运行器配置中有什么要添加的吗?这是:
concurrent = 1
check_interval = 0
[[runners]]
name = "Docker runner"
url = "http://gitlab.local/ci"
token = "mytoken"
executor = "docker"
[runners.docker]
tls_verify = false
image = "php:7.1"
privileged = false
disable_cache = false
volumes = ["/cache"]
[runners.cache]
您需要使用 gitlab-runner 用户在 gitlab runner 上创建一个 ssh 密钥。
然后在 authorized_keys 文件中将此密钥的公钥添加到您的服务器。
通过将ssh_inject.sh内容移动到gitlab-ci.yml中解决。
如果有人知道为什么它需要在 gitlab-ci.yml 中,我想了解一下。
bash ci/ssh_inject.sh 不起作用,因为它在另一个 shell 中是 运行。使用:
source ./ci/ssh_inject.sh
相反。
我正在尝试使用 gitlab-ci 和 capistrano 来部署我的 symfony 应用程序。但是我无法通过将密钥注入 docker 来使用 SSH 进行部署,脚本在连接时一直提示输入密码。我正在使用 gitlab.
的本地实例在gitlab的SSH_PRIVATE_KEY私有变量中,我添加了git用户的私钥,在SSH_SERVER_HOSTKEYS,ssh-keyscan -H 192.168.0.226命令的结果。
在部署的 .ssh 文件夹中的文件 authorized_keys 中,我放置了 git 用户的 public 密钥。
配置文件如下:
gitlab-ci.yml:
image: php:7.1
cache:
paths:
- vendor/
before_script:
# Install dependencies
- bash ci/docker_install.sh > /dev/null
- bash ci/ssh_inject.sh
stages:
- deploy
deploy:
stage: deploy
script:
- apt-get install ruby-full -yqq
- gem install capistrano -v 3.8.0
- gem install capistrano-symfony
- cap production deploy
environment:
name: production
url: http://website.com
only:
- master
ssh_inject.sh: link
#!/bin/bash
set -xe
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )
# Run ssh-agent (inside the build environment)
eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
ssh-add <(echo "$SSH_PRIVATE_KEY")
mkdir -p ~/.ssh
[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
deploy.rb:
# config valid only for current version of Capistrano
lock '3.8.0'
set :application, 'symfony'
set :repo_url, 'git@gitlab.local:symfony.git'
# Default deploy_to directory is /var/www/my_app_name
set :deploy_to, '/home/symfony'
set :symfony_env, "prod"
set :composer_install_flags, '--no-dev --prefer-dist --no-interaction --optimize-autoloader'
set :symfony_directory_structure, 3
set :sensio_distribution_version, 5
# symfony-standard edition directories
set :app_path, "app"
set :web_path, "web"
set :var_path, "var"
set :bin_path, "bin"
set :app_config_path, "app/config"
set :log_path, "var/logs"
set :cache_path, "var/cache"
set :symfony_console_path, "bin/console"
set :symfony_console_flags, "--no-debug"
# asset management
set :assets_install_path, "web"
set :assets_install_flags, '--symlink'
# Share files/directories between releases
set :linked_files, %w(app/config/parameters.yml)
set :linked_dirs, %w(web/uploads)
# Set correct permissions between releases, this is turned off by default
set :permission_method, false
set :file_permissions_paths, ["var/logs", "var/cache"]
set :file_permissions_users, ["apache"]
before "deploy:updated", "deploy:set_permissions:acl"
after "deploy:updated", "symfony:assetic:dump"
和production.rb:
server '192.168.0.226', user: 'deploy', roles: %w{app db web}
有什么问题吗?我尝试将 forward_agent 设置为 true 但它不起作用。
如果我手动构建 docker 容器并安装所有依赖项ci,则无需密码即可建立 ssh 连接...
错误如下:
编辑:
在运行器配置中有什么要添加的吗?这是:
concurrent = 1
check_interval = 0
[[runners]]
name = "Docker runner"
url = "http://gitlab.local/ci"
token = "mytoken"
executor = "docker"
[runners.docker]
tls_verify = false
image = "php:7.1"
privileged = false
disable_cache = false
volumes = ["/cache"]
[runners.cache]
您需要使用 gitlab-runner 用户在 gitlab runner 上创建一个 ssh 密钥。
然后在 authorized_keys 文件中将此密钥的公钥添加到您的服务器。
通过将ssh_inject.sh内容移动到gitlab-ci.yml中解决。
如果有人知道为什么它需要在 gitlab-ci.yml 中,我想了解一下。
bash ci/ssh_inject.sh 不起作用,因为它在另一个 shell 中是 运行。使用:
source ./ci/ssh_inject.sh
相反。