CircleCI 2.0 - SSH 密钥丢失(从 Circle 1.0 迁移)
CircleCI 2.0 - SSH keys are missing (migrating from Circle 1.0)
从 Circle 1.0 迁移到 2.0。
我可以毫无问题地获取我的代码,但是用于部署的 ssh 密钥似乎不可用。
关键在项目ssh权限
没有~/.ssh/config文件,密钥也不存在:
所以当部署步骤启动时,它失败了:
#!/bin/bash --login
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
bundle exec cap staging deploy
else
echo "Not on develop branch"
fi
(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as [redacted]@staging.captaincontrat.com: Authentication failed for user [redacted]@staging.captaincontrat.com
Net::SSH::AuthenticationFailed: Authentication failed for user [redacted]@staging.captaincontrat.com
Tasks: TOP => rvm:hook
(See full trace by running task with --trace)
Exited with code 1
我尝试使用 add_ssh_keys 步骤,但密钥仍然不可用。
As the documentation specifies that it adds all keys by default反正我删了
这是 config.yml 文件,其中大部分是迁移脚本的结果:
version: 2
jobs:
build:
working_directory: ~/captaincontrat/captaincontrat
parallelism: 1
shell: /bin/bash --login
environment:
CIRCLE_ARTIFACTS: /tmp/circleci-artifacts
CIRCLE_TEST_REPORTS: /tmp/circleci-test-results
# As our ruby version is a bit old, we can't use a pre-configured circle image.
# So we need to use one with a large number of languages and other packages.
# Once ruby is updated, choose a more recent image for better and faster builds.
# https://circleci.com/docs/2.0/circleci-images/
docker:
- image: circleci/build-image:ubuntu-14.04-XXL-upstart-1189-5614f37
command: /sbin/init
steps:
- checkout
# Prepare for artifact and test results
- run: mkdir -p $CIRCLE_ARTIFACTS $CIRCLE_TEST_REPORTS
# Dependencies
- run:
name: Show me the available ssh keys
command: 'ls -lha ~/.ssh'
- run:
name: Start redis
command: 'sudo redis-cli ping >/dev/null 2>&1 || sudo service redis-server
start; '
# Restore the dependency cache
- restore_cache:
keys:
# This branch if available
- captaincontrat-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
# Default branch if not
- captaincontrat-develop-
- run: gem install bundler
- run: echo -e "export RAILS_ENV=test\nexport RACK_ENV=test" >> $BASH_ENV
- run: 'bundle check --path=vendor/bundle || bundle install --path=vendor/bundle
--jobs=4 --retry=3 '
- save_cache:
key: captaincontrat-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
paths:
- vendor/bundle
- ~/.bundle
- run: |-
mkdir -p config && echo 'test:
adapter: mysql2
database: circle_ruby_test
username: ubuntu
host: localhost
' > config/database.yml
- run:
command: bundle exec rake db:create db:schema:load --trace
environment:
RAILS_ENV: test
RACK_ENV: test
# Test
# This would typically be a build job when using workflows, possibly combined with build
- run: bin/rspec_all
- run: bundle exec codeclimate-test-reporter $CIRCLE_ARTIFACTS/coverage/.resultset.json
# Deploy if develop
# This should be in a workflow, but workflows can't cancel redundant jobs for now.
- deploy:
name: Deploy to staging if branch is develop
command: |
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
bundle exec cap -t staging deploy
else
echo "Not on develop branch => Not deploying to staging"
fi
# Teardown
# If you break your build into multiple jobs with workflows, you will probably want to do the parts of this that are relevant in each
# Save test results
- store_test_results:
path: /tmp/circleci-test-results
# Save artifacts
- store_artifacts:
path: /tmp/circleci-artifacts
- store_artifacts:
path: /tmp/circleci-test-results
我错过了什么‽
谢谢!
编辑:这是解决方案
重点是:
- add_ssh_keys
- 然后 run evalssh-agent&& ssh-add ~/.ssh/id_rsa* 在 cap deploy 之前,因为我需要 .ssh/id_rsa 通过代理转发
检查代码库
# Deploy if develop
- add_ssh_keys
- deploy:
name: Deploy to staging if branch is develop
command: |
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
eval `ssh-agent` && ssh-add ~/.ssh/id_rsa* && bundle exec cap staging deploy
# ... snip
为确保代理转发,您可以在 capistrano 阶段配置中添加 set :ssh_options, forward_agent: true。
您需要执行 add_ssh_keys 步骤才能将 SSH 密钥注入容器。此步骤需要在 deploy 步骤之前。
当文档说默认添加所有键时,这意味着使用 add_ssh_keys 时。它说因为你也可以使用那个特殊的步骤来添加特定的键。
从 Circle 1.0 迁移到 2.0。 我可以毫无问题地获取我的代码,但是用于部署的 ssh 密钥似乎不可用。
关键在项目ssh权限
没有~/.ssh/config文件,密钥也不存在:
所以当部署步骤启动时,它失败了:
#!/bin/bash --login
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
bundle exec cap staging deploy
else
echo "Not on develop branch"
fi
(Backtrace restricted to imported tasks)
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing as [redacted]@staging.captaincontrat.com: Authentication failed for user [redacted]@staging.captaincontrat.com
Net::SSH::AuthenticationFailed: Authentication failed for user [redacted]@staging.captaincontrat.com
Tasks: TOP => rvm:hook
(See full trace by running task with --trace)
Exited with code 1
我尝试使用 add_ssh_keys 步骤,但密钥仍然不可用。
As the documentation specifies that it adds all keys by default反正我删了
这是 config.yml 文件,其中大部分是迁移脚本的结果:
version: 2
jobs:
build:
working_directory: ~/captaincontrat/captaincontrat
parallelism: 1
shell: /bin/bash --login
environment:
CIRCLE_ARTIFACTS: /tmp/circleci-artifacts
CIRCLE_TEST_REPORTS: /tmp/circleci-test-results
# As our ruby version is a bit old, we can't use a pre-configured circle image.
# So we need to use one with a large number of languages and other packages.
# Once ruby is updated, choose a more recent image for better and faster builds.
# https://circleci.com/docs/2.0/circleci-images/
docker:
- image: circleci/build-image:ubuntu-14.04-XXL-upstart-1189-5614f37
command: /sbin/init
steps:
- checkout
# Prepare for artifact and test results
- run: mkdir -p $CIRCLE_ARTIFACTS $CIRCLE_TEST_REPORTS
# Dependencies
- run:
name: Show me the available ssh keys
command: 'ls -lha ~/.ssh'
- run:
name: Start redis
command: 'sudo redis-cli ping >/dev/null 2>&1 || sudo service redis-server
start; '
# Restore the dependency cache
- restore_cache:
keys:
# This branch if available
- captaincontrat-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
# Default branch if not
- captaincontrat-develop-
- run: gem install bundler
- run: echo -e "export RAILS_ENV=test\nexport RACK_ENV=test" >> $BASH_ENV
- run: 'bundle check --path=vendor/bundle || bundle install --path=vendor/bundle
--jobs=4 --retry=3 '
- save_cache:
key: captaincontrat-{{ .Branch }}-{{ checksum "Gemfile.lock" }}
paths:
- vendor/bundle
- ~/.bundle
- run: |-
mkdir -p config && echo 'test:
adapter: mysql2
database: circle_ruby_test
username: ubuntu
host: localhost
' > config/database.yml
- run:
command: bundle exec rake db:create db:schema:load --trace
environment:
RAILS_ENV: test
RACK_ENV: test
# Test
# This would typically be a build job when using workflows, possibly combined with build
- run: bin/rspec_all
- run: bundle exec codeclimate-test-reporter $CIRCLE_ARTIFACTS/coverage/.resultset.json
# Deploy if develop
# This should be in a workflow, but workflows can't cancel redundant jobs for now.
- deploy:
name: Deploy to staging if branch is develop
command: |
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
bundle exec cap -t staging deploy
else
echo "Not on develop branch => Not deploying to staging"
fi
# Teardown
# If you break your build into multiple jobs with workflows, you will probably want to do the parts of this that are relevant in each
# Save test results
- store_test_results:
path: /tmp/circleci-test-results
# Save artifacts
- store_artifacts:
path: /tmp/circleci-artifacts
- store_artifacts:
path: /tmp/circleci-test-results
我错过了什么‽ 谢谢!
编辑:这是解决方案
重点是:
- add_ssh_keys
- 然后 run evalssh-agent&& ssh-add ~/.ssh/id_rsa* 在 cap deploy 之前,因为我需要 .ssh/id_rsa 通过代理转发
# Deploy if develop
- add_ssh_keys
- deploy:
name: Deploy to staging if branch is develop
command: |
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
eval `ssh-agent` && ssh-add ~/.ssh/id_rsa* && bundle exec cap staging deploy
# ... snip
为确保代理转发,您可以在 capistrano 阶段配置中添加 set :ssh_options, forward_agent: true。
您需要执行 add_ssh_keys 步骤才能将 SSH 密钥注入容器。此步骤需要在 deploy 步骤之前。
当文档说默认添加所有键时,这意味着使用 add_ssh_keys 时。它说因为你也可以使用那个特殊的步骤来添加特定的键。