Im trying to create a new user to deploy my application from my local machine to my external server.
I've got it working using root but understand it's not secure to use root, therefore I want to create a user called 'deployer'. I've added this user to my external server and copied my local is_rsa.pub key to /.ssh/authorized_keys on the server, however when I run cap development deploy I keep getting the following error:
failed: "sh -c 'if [ -d /var/www/vhosts/xyz.co.uk/shared/cached-copy ]; then cd
/var/www/vhosts/xyz.co.uk/shared/cached-copy && git fetch -q origin && git fetch --
tags -q origin && git reset -q --hard 2b738f4ca8008dcf9e84c4be5d63d906a7bfd760 && git clean
-q -d -x -f; else git clone -q git#github.com:xyz/xyz.co.uk.git
/var/www/vhosts/xyz.co.uk/shared/cached-copy && cd /var/www/vhosts/xyz.co.uk/shared/cached-
copy && git checkout -q -b deploy 2b738f4ca8008dcf9e84c4be5d63d906a7bfd760; fi'" on
x.xx.xx.xxx
If I run ssh -T git#github.com on the external server it says:
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
This username is not deployer though, I assume its the username of the github account.
Any ideas what I need to do? Do I need to create the deployer user on my local machine too?
Here is my deploy.rb file:
set :stage_dir, 'app/config/deploy' # needed for Symfony2 only
set :stages, %w(production staging development)
require 'capistrano/ext/multistage'
set :application, "xyz.co.uk"
set :user, "deployer" # The server's user for deploys
set :normalize_asset_timestamps, false
set :repository, "git#github.xyz/xyz.co.uk.git"
set :scm, :git
set :keep_releases, 3
after "deploy:update", "deploy:cleanup"
set :use_sudo, false
set :web_path, "web"
set :shared_files, ["app/config/parameters.yml"]
set :shared_children, [app_path + "/logs", web_path + "/uploads"]
set :use_composer, true
set :update_vendors, true
set :dump_assetic_assets, true
set :deploy_via, :remote_cache
#logger.level = Logger::MAX_LEVEL
after "deploy:update_code" do
capifony_pretty_print "--> Ensuring cache directory permissions"
run "setfacl -R -m u:www-data:rwX -m u:`whoami`:rwX #{latest_release}/#{cache_path}"
run "setfacl -dR -m u:www-data:rwX -m u:`whoami`:rwX #{latest_release}/#{cache_path}"
capifony_puts_ok
end
deveopment.rb file:
server 'x.xx.xx.xxx', :app, :web, :db, :primary => true
ssh_options[:port] = 1234
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
set :deploy_to, "/var/www/vhosts/xyz.co.uk"
set :symfony_env_prod, "dev"
set :branch, "develop"
# Need to clear *_dev controllers
set :clear_controllers, false
Thanks
You want to have the target machine use your local SSH credentials to authenticate to Github. Do this by putting the following two entries into your deploy.rb
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
Or, another way is to go to your Github repo and add the public SSH key of your target server as a deploy key
https://github.com/your_github/your_repo/settings/keys
This gives the target server checkout access to only the specified repository without having to use your personal SSH key.
The problem was because the 'deployer' user didn't have write permissions on the server.
Related
I'm new to capistrano and I'm trying to set up a test project, but as you can guess, without much success. When I run cap deploy:update, I get following output:
$ cap deploy
* 2014-12-27 21:48:06 executing `deploy'
* 2014-12-27 21:48:06 executing `deploy:update'
** transaction: start
* 2014-12-27 21:48:06 executing `deploy:update_code'
executing locally: "git ls-remote git#github.com:hstandaert/test.git production"
command finished in 1281ms
* executing "git clone -q -b production git#github.com:hstandaert/test.git/customers/4/b/b/stocksolutions.be/httpd.www/private/releases/20141227204807 && cd /customers/4/b/b/stocksolutions.be/httpd.www/private/releases/20141227204807 && git checkout -q -b deploy 5604624725df4d3c7dd4f88fc77cfd5d9d8ddf26 && (echo 5604624725df4d3c7dd4f88fc77cfd5d9d8ddf26 > /customers/4/b/b/stocksolutions.be/httpd.www/private/releases/20141227204807/REVISION)"
servers: ["ssh.stocksolutions.be"]
stocksolutions.be#ssh.stocksolutions.be's password:
stocksolutions.be#ssh.stocksolutions.be's password:
[ssh.stocksolutions.be] executing command
** [ssh.stocksolutions.be :: out] error: cannot run ssh: No such file or directory
** [ssh.stocksolutions.be :: out] fatal: unable to fork
command finished in 1611ms
*** [deploy:update_code] rolling back
* executing "rm -rf /customers/4/b/b/stocksolutions.be/httpd.www/private/releases/20141227204807; true"
servers: ["ssh.stocksolutions.be"]
[ssh.stocksolutions.be] executing command
command finished in 957ms
failed: "sh -c 'git clone -q -b production git#github.com:hstandaert/test.git /customers/4/b/b/stocksolutions.be/httpd.www/private/releases/20141227204807 && cd /customers/4/b/b/stocksolutions.be/httpd.www/private/releases/20141227204807 && git checkout -q -b deploy 5604624725df4d3c7dd4f88fc77cfd5d9d8ddf26 && (echo 5604624725df4d3c7dd4f88fc77cfd5d9d8ddf26 > /customers/4/b/b/stocksolutions.be/httpd.www/private/releases/20141227204807/REVISION)'" on ssh.stocksolutions.be
And here's the deploy.rb file:
begin
require 'colored'
rescue LoadError
$stderr.puts <<-INSTALL
You need the both the capistrano-ext and colored gems to deploy this application
Install the gems like this:
gem install colored
INSTALL
exit 1
end
set :application, "stocksolutions"
set :repository, "git#github.com:hstandaert/test.git"
set :branch, "production"
set :user, 'stocksolutions.be'
set :deploy_to, "/customers/4/b/b/#{user}/httpd.www/private"
set :use_sudo, false
set :scm, :git
default_run_options[:pty] = true
server "ssh.stocksolutions.be", :app, :web
namespace :deploy do
task :start do ; end
task :stop do ; end
task :restart, :roles => :app, :except => { :no_release => true } do
run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}"
end
end
Anyone who can spot my mistake?
Your log seems to suggest that either there is no ssh client installed in your deployment server, or the command cannot be found in the server's PATH.
Try if cloning the repo via https instead of ssh will work, by changing the following:
BEFORE
set :repository, "git#github.com:hstandaert/test.git"
AFTER
set :repository, "https://github.com/hstandaert/test.git"
You'll be asked to provide your login credentials for github to be able to clone the repo.
Running cap deploy returns the error
ERROR: Repository not found.
fatal: The remote end hung up unexpectedly
failed: "env PATH=$HOME/.rbenv/shims:$HOME/.rbenv/bin:$PATH sh -c 'if [ -d .../shared/cached-copy ]; then cd .../shared/cached-copy &&
git fetch -q origin && git fetch --tags -q origin && git reset -q
--hard e54354271256196e54354271256196 && git clean -q -d -x -f; else git clone -q -b new_front git#github.com:myapp.git
.../shared/cached-copy && cd /shared/cached-copy && git checkout -q -b
deploy ced405a4d2b184ccadf844185e54354271256196; fi'" on
192.111.111.111
but when i ssh to the server and run that exact command it works.
I've tried deleting the cached-copy and commenting set :deploy_via, "remote_cache" as mentioned in Cap deploy - ERROR: Repository not found but nothing works.
thanks
EDIT:
Similar issue:
https://gist.github.com/ParkinT/2432735
I had to run:
ssh-add
to add my identity to the authentication agent.
Turns out the problem was with ssh agent forwarding.
https://help.github.com/articles/using-ssh-agent-forwarding
Capistrano was setup
ssh_options[:forward_agent] = true
Locally I had two ssh keys, and somehow the one used locally was not the same one being used via the forward_agent. If you have a key on the server you can set
ssh_options[:forward_agent] = false
Otherwise, clear your keys and add just the one you need (on mac, ssh-add -D and ssh-add path/to/key).
~/.ssh/config
# User_A
Host github.com-User_A
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
# User_B
Host github.com-User_B
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_user_b
IdentitiesOnly yes
# http://serverfault.com/questions/400633/capistrano-deploying-to-different-servers-with-different-authentication-methods
Host example.com
IdentityFile ~/.ssh_keys/example_env.pem
ForwardAgent yes
On local machine:
$ ssh -T git#github.com
Hi User_B! You've successfully authenticated, but GitHub does not provide shell access.
On remote machine
~$ ssh remote_user#example.com
[remote_user#example ~]$ ssh -T git#github.com
Hi User_A! You've successfully authenticated, but GitHub does not provide shell access.
Note:
ssh-add -l shows all the mentioned keys enlisted
deploy.rb contains:
set :repository, "git#User_B:<REPO_NAME>"
ssh_options[:forward_agent] = true
I am trying to deploy my application using Capistrano to an Amazon EC2 instance for which I the .pem file is already added to my local machine using ssh-add and it can be seen enlisted in output for ssh-add -l.However I am facing following error while deploying:
** [example.com :: err] ERROR: Repository not found.
** fatal: The remote end hung up unexpectedly
Following is the full output of my cap deploy command:
$ cap bat deploy
triggering load callbacks
* executing `bat'
triggering start callbacks for `deploy'
* executing `multistage:ensure'
* executing `deploy'
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
updating the cached checkout on all servers
executing locally: "git ls-remote git#User_B:<REPO_NAME> <BRANCH_NAME>"
command finished in 6296ms
* executing "if [ -d /srv/<APP_NAME>/shared/cached-copy ]; then cd /srv/<APP_NAME>/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard df84fadff305e1729991caddde47f6802e424d57 && git clean -q -d -x -f; else git clone -q git#User_B:<REPO_NAME> /srv/<APP_NAME>/shared/cached-copy && cd /srv/<APP_NAME>/shared/cached-copy && git checkout -q -b deploy df84fadff305e1729991caddde47f6802e424d57; fi"
servers: ["example.com"]
[example.com] executing command
** [example.com :: err] ERROR: Repository not found.
** fatal: The remote end hung up unexpectedly
command finished in 3811ms
*** [deploy:update_code] rolling back
* executing "rm -rf /srv/<APP_NAME>/releases/20130723222237; true"
servers: ["example.com"]
[example.com] executing command
command finished in 477ms
failed: "sh -c 'if [ -d /srv/<APP_NAME>/shared/cached-copy ]; then cd /srv/<APP_NAME>/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard df84fadff305e1729991caddde47f6802e424d57 && git clean -q -d -x -f; else git clone -q git#User_B:<REPO_NAME> /srv/<APP_NAME>/shared/cached-copy && cd /srv/<APP_NAME>/shared/cached-copy && git checkout -q -b deploy df84fadff305e1729991caddde47f6802e424d57; fi'" on example.com
So I guess this error is caused due to conflicts arising between multiple SSH keys getting detected i.e. on local machine User_B(who is a member of the repository) is used as default however on remote machine User_A(who is not having access to the repository) is used.
If my assumption is correct can anybody please help me in getting this problem solved? Is there any way in which a specific user config can be used while agent forwarding? If not then what could be the solution to this?
Thanks.
Ok it seems like the sequence in which keys are listed in ~/.ssh/config matters.
Initially it was
# User_A
Host github.com-User_A
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
# User_B
Host github.com-User_B
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_user_b
IdentitiesOnly yes
# http://serverfault.com/questions/400633/capistrano-deploying-to-different-servers-with-different-authentication-methods
Host example.com
IdentityFile ~/.ssh_keys/example_env.pem
ForwardAgent yes
Afterwards I did this:
# User_B
Host github.com-User_B
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_user_b
IdentitiesOnly yes
# User_A
Host github.com-User_A
HostName github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa
IdentitiesOnly yes
# http://serverfault.com/questions/400633/capistrano-deploying-to-different-servers-with-different-authentication-methods
Host example.com
IdentityFile ~/.ssh_keys/example_env.pem
ForwardAgent yes
But after doing that I didn't restarted the machine, thus the changes were not in effect.
This morning after I started my machine after posting above problem I found that it is working:
On local machine:
$ ssh -T git#github.com
Hi User_B! You've successfully authenticated, but GitHub does not provide shell access.
On remote machine
$ ssh -T git#github.com
Hi User_B! You've successfully authenticated, but GitHub does not provide shell access.
Hope this helps somebody else in case he faces a similar problem.
Thanks.
I am using cap deploy to deploy to staging. cap deploy:setup created the releases and shared folder.
This is the deploy.rb code.
set :stages, %w(staging production)
set :default_stage, "staging"
set :stage_dir, "capistrano"
require 'capistrano/ext/multistage'
set :application, "application"
set :repository, "git#github.com:owner/#{application}.git"
set :scm, :git
set :local_user, ENV['USER'] || ENV['USERNAME'] || "unknown"
set :user, "server_owner"
set :deploy_via, :copy
set :use_sudo, false
set :copy_remote_dir, "/home/#{user}/tmp/capistrano"
namespace :deploy do
desc "Change Permissions"
task :change_permissions, :except => { :no_release => true } do
run "find #{current_path}/ -type d -exec chmod 755 {} \\;"
run "find #{current_path}/ -type f -exec chmod 644 {} \\;"
end
desc "Create symlinks for shared items"
task :update_shared_symlinks, :except => { :no_release => true} do
< ln -s command to create the links>
end
end
before "deploy:finalize_update", "deploy:update_shared_symlinks"
And this is the staging code
role :app, "ipaddress"
set :branch, "staging"
set :deploy_to, "/home/#{user}/_#{application}_beta/"
When deploying with cap deploy i get the following error
ln: creating symbolic link `/home/narayan/_instaprint_beta/releases/20130130102815/': Permission denied
Can anyone tell me why this is happening?
Two things:
Use chmod straight away instead of a find and exec, like so: chmod 755 #{current_path}
Check if the server_owner user has permission to current_path. If not, then use sudo like so: sudo "chmod 755 #{current_path}"
In a project, I use gitolite and capistrano. It's work fine for another developper.
The issue is it's doesn't work for me : I can't actually deploy with capistrano.
When I run the cap deploy command, it ask me the password of the server (here, ok) and the password of the gitolite, which doesn't exist.
C:\wamp\www\miiaou>cap deploy
* ←[32m2012-12-12 15:12:34 executing `deploy'←[0m
* ←[32m2012-12-12 15:12:34 executing `deploy:update'←[0m
** transaction: start
* ←[32m2012-12-12 15:12:34 executing `deploy:update_code'←[0m
updating the cached checkout on all servers
←[33mexecuting locally: "git ls-remote gitolite#miiaou.fr:miiaou master"←[0m
←[2;37mcommand finished in 1351ms←[0m
* ←[33mexecuting "if [ -d /home/miiaou/miiaou_prod/shared/cached-copy ]; then
cd /home/miiaou/miiaou_prod/shared/cached-copy && git fetch -q origin && git fet
ch --tags -q origin && git reset -q --hard 117b2bb34817d89a1fbe34f1891ac3c823a23
fce && git clean -q -d -x -f; else git clone -q gitolite#miiaou.fr:miiaou /home/
miiaou/miiaou_prod/shared/cached-copy && cd /home/miiaou/miiaou_prod/shared/cach
ed-copy && git checkout -q -b deploy 117b2bb34817d89a1fbe34f1891ac3c823a23fce; f
i"←[0m
servers: ["miiaou.fr"]
Password:
[miiaou.fr] executing command
** [miiaou.fr :: out] Error reading response length from authentication socket.
** [miiaou.fr :: out] gitolite#miiaou.fr's password:
Password:
** [miiaou.fr :: out]
** ←[31m[miiaou.fr :: out] Permission denied, please try again.
** gitolite#miiaou.fr's password:←[0m
Password:
** [miiaou.fr :: out]
** ←[31m[miiaou.fr :: out] Permission denied (publickey,password).
** fatal: The remote end hung up unexpectedly←[0m
←[2;37mcommand finished in 36755ms←[0m
*** [←[34mdeploy:update_code←[0m] ←[34mrolling back←[0m
* ←[33mexecuting "rm -rf /home/miiaou/miiaou_prod/releases/20121212141318; tru
e"←[0m
servers: ["miiaou.fr"]
[miiaou.fr] executing command
←[2;37mcommand finished in 133ms←[0m
failed: "if [ -d /home/miiaou/miiaou_prod/shared/cached-copy ]; then cd /home/mi
iaou/miiaou_prod/shared/cached-copy && git fetch -q origin && git fetch --tags -
q origin && git reset -q --hard 117b2bb34817d89a1fbe34f1891ac3c823a23fce && git
clean -q -d -x -f; else git clone -q gitolite#miiaou.fr:miiaou /home/miiaou/miia
ou_prod/shared/cached-copy && cd /home/miiaou/miiaou_prod/shared/cached-copy &&
git checkout -q -b deploy 117b2bb34817d89a1fbe34f1891ac3c823a23fce; fi" on miiao
u.fr
I don't understand why it need a password because the ssh keys works.
Can anybody help me?
Thanks
edit : if that help, here my deploy.rb
require "bundler/capistrano"
# Rails 3.1 : laod capistrano task to precompile assets
# bundle exec rake RAILS_ENV=staging RAILS_GROUPS=assets assets:precompile
load "deploy/assets"
set :stages, %w(production)
set :default_stage, "production"
set :application, "miiaou"
set :repository, "gitolite#miiaou.fr:#{application}"
set :domain, "miiaou.fr"
# If you aren't deploying to /u/apps/#{application} on the target
# servers (which is the default), you can specify the actual location
# via the :deploy_to variable:
set :deploy_to, "/home/miiaou/#{application}_prod"
set :shared_path, "/home/miiaou/#{application}_prod/shared"
set :scm, "git"
set :branch, "master"
# Agent Forwarding : use local keys for git
ssh_options[:forward_agent] = true
set :deploy_via, :remote_cache
default_run_options[:pty] = true
ssh_options[:paranoid] = false
set :user, "root"
set :runner, "root"
set :use_sudo, false
role :web, domain # Your HTTP server, Apache/etc
role :app, domain # This may be the same as your `Web` server
role :db, domain, :primary => true # This is where Rails migrations will run
# Add RVM's lib directory to the load path.
#$:.unshift(File.expand_path('./lib', ENV['rvm_path']))
#require "rvm/capistrano"
#set :rvm_ruby_string, '1.9.2'
task :clean_assets, :roles => :app do
run "rm -rf #{shared_path}/assets/*"
end
task :more_symlinks, :roles => :app do
# linkage des fichiers de config
%w(database).each do |config_file|
run "ln -nfs #{shared_path}/config/#{config_file}.yml #{release_path}/config/#{config_file}.yml"
end
run "ln -nfs #{shared_path}/assets #{release_path}/public/assets"
end
task :restart_daemons, :roles => :app do
#run "cd #{release_path} && bundle exec whenever --set 'environment=#{rails_env}' --update-crontab"
#run "cd #{release_path} && RAILS_ENV=#{rails_env} ruby script/delayed_job restart"
end
# If you are using Passenger mod_rails uncomment this:
namespace :deploy do
task :start do ; end
task :stop do ; end
task :restart, :roles => :app, :except => { :no_release => true } do
run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}"
end
end
before :'deploy:assets:precompile', :more_symlinks