Encountering an SSH issue while attempting to deploy to Digital Ocean using Gitlab's CI/CD functionality

Question

Encountering an SSH issue while attempting to deploy to Digital Ocean using Gitlab's CI/CD functionality

Hey there, I've been attempting to deploy to Digital Ocean using a Gitlab CI/CD pipeline. However, every time I run the pipeline, I encounter the following error message: "chmod: /root/.ssh/id_rsa: No such file or directory $ chmod og= ~/.ssh/id_rsa Cleaning up file based variables 00:00 ERROR: Job failed: exit code 1"

It seems like it's not recognizing the user I set up for deployment and is defaulting to root. Oddly though, when I check the ssh key on my server using the cat command, it appears under both the root and deployer users. Below is the content of my .yml file.

before_script:
  - echo $PATH
  - pwd
  - whoami 
  - mkdir -p ~/.ssh
  - cd ~/.ssh
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > id_rsa
  - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > id_rsa.pub
  - chmod 700 id_rsa id_rsa.pub
  - cp id_rsa.pub authorized_keys
  - cp id_rsa.pub known_hosts
  - ls -ld *
  - cd -

stages:
  - build
  - publish
  - deploy

variables:
  TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
  TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA

build:
  image: node:latest
  stage: build
  script:
    - npm install
    - echo   "ACCOUNT_SID=$ACCOUNT_SID" >> .env
    - echo   "AUTH_TOKEN=$AUTH_TOKEN" >> .env
    - echo   "API_KEY=$API_KEY" >> .env
    - echo   "API_SECRET=$API_SECRET" >> .env
    - echo   "PHONE_NUMBER=$PHONE_NUMBER" >> .env
    - echo    "sengrid_api=$sengrid_api" >> .env

publish:
  image: docker:latest
  stage: publish
  services:
    - docker:dind
  script:
    - docker build . -t $TAG_COMMIT -t $TAG_LATEST 
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - docker push $TAG_COMMIT
    - docker push $TAG_LATEST

deploy:
  image: alpine:latest
  stage: deploy
  tags:
    - deployment
  script:
    - whoami
    - uname -a
    - echo "user $SERVER_USER"
    - echo "ip $SERVER_IP"
    - echo "id_rsa $ID_RSA"
    - (which ifconfig) || (apt install net-tools)
    - /sbin/ifconfig
    - touch blah
    - find .
    - apk update && apk add openssh-client
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT"
  environment:
    name: production
    url: http://167.172.225.124
  only:
    - master

node.js shell express gitlab gitlab-ci-runner

Answer 1

Answer №1

Finally, after hours of effort and overcoming various errors:

Made progress by executing the following commands: - cat id_rsa.pub >> authorized_keys: resolved permission denied (public key,password) issue - ssh-keyscan gitlab.com >> authorized_keys: successfully fixed connection refused error. Here is the complete .yml file that is now working like a charm.

# ssh-keyscan gitlab.com >> authorized_keys: use this command to add gitlab ssh keys to sever. Run on server terminal
# cat id_rsa.pub >> authorized_keys Run this command on the sever on the terminal. 
# Both COMMANDS ABOVE ARE necessary.

stages:
  - build
  - publish
  - deploy

variables:
  TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
  TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA

build:
  image: node:latest
  stage: build
  script:
    - npm install
    - echo   "ACCOUNT_SID=$ACCOUNT_SID" >> .env
    - echo   "AUTH_TOKEN=$AUTH_TOKEN" >> .env
    - echo   "API_KEY=$API_KEY" >> .env
    - echo   "API_SECRET=$API_SECRET" >> .env
    - echo   "PHONE_NUMBER=$PHONE_NUMBER" >> .env
    - echo    "sengrid_api=$sengrid_api" >> .env

publish:
  image: docker:latest
  stage: publish
  services:
    - docker:dind
  script:
    - docker build . -t $TAG_COMMIT -t $TAG_LATEST 
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - docker push $TAG_COMMIT
    - docker push $TAG_LATEST

deploy:
  image: ubuntu:latest
  stage: deploy
  tags:
    - deployment
  before_script:
    ##
  ## Install ssh-agent if not already installed, it is required by Docker.
  ## (change apt-get to yum if you use an RPM-based image)
  ##
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )'

  ##
  ## Run ssh-agent (inside the build environment)
  ##
  - eval $(ssh-agent -s)
  ##
  ## Create the SSH directory and give it the right permissions
  ##
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  ##
  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  ## We're using tr to fix line endings which makes ed25519 keys work
  ## without extra base64 encoding.
  ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
  ##
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
  - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > ~/.ssh/id_rsa.pub
  - chmod 600 ~/.ssh/*
  - chmod 644 ~/.ssh/*.pub
  - ssh-add
 

  ##
  ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
  ## with your own domain name. You can copy and repeat that command if you have
  ## more than one server to connect to.
  ##
  - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  - ls -ld ~/.ssh/*
  - cat ~/.ssh/*
  ##
  ## Alternatively, assuming you created the SSH_SERVER_HOSTKEYS variable
  ## previously, uncomment the following two lines instead.
  ##
  #- echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
  #- chmod 644 ~/.ssh/known_hosts

  ##
  ## You can optionally disable host key checking. Be aware that by adding that
  ## you are suspectible to man-in-the-middle attacks.
  ## WARNING: Use this only with the Docker executor, if you use it with shell
  ## you will overwrite your user's SSH config.
  ##
  #- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'

  ##
  ## Optionally, if you will be using any Git commands, set the user name and
  ## email.
  ##

  script:
    
    - ssh -v -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT"
  environment:
    name: production
    url: http://167.172.225.124
  only:
    - master

Answer 2

Finally, after hours of effort and overcoming various errors:

Made progress by executing the following commands: - cat id_rsa.pub >> authorized_keys: resolved permission denied (public key,password) issue - ssh-keyscan gitlab.com >> authorized_keys: successfully fixed connection refused error. Here is the complete .yml file that is now working like a charm.

# ssh-keyscan gitlab.com >> authorized_keys: use this command to add gitlab ssh keys to sever. Run on server terminal
# cat id_rsa.pub >> authorized_keys Run this command on the sever on the terminal. 
# Both COMMANDS ABOVE ARE necessary.

stages:
  - build
  - publish
  - deploy

variables:
  TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
  TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA

build:
  image: node:latest
  stage: build
  script:
    - npm install
    - echo   "ACCOUNT_SID=$ACCOUNT_SID" >> .env
    - echo   "AUTH_TOKEN=$AUTH_TOKEN" >> .env
    - echo   "API_KEY=$API_KEY" >> .env
    - echo   "API_SECRET=$API_SECRET" >> .env
    - echo   "PHONE_NUMBER=$PHONE_NUMBER" >> .env
    - echo    "sengrid_api=$sengrid_api" >> .env

publish:
  image: docker:latest
  stage: publish
  services:
    - docker:dind
  script:
    - docker build . -t $TAG_COMMIT -t $TAG_LATEST 
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - docker push $TAG_COMMIT
    - docker push $TAG_LATEST

deploy:
  image: ubuntu:latest
  stage: deploy
  tags:
    - deployment
  before_script:
    ##
  ## Install ssh-agent if not already installed, it is required by Docker.
  ## (change apt-get to yum if you use an RPM-based image)
  ##
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client git -y )'

  ##
  ## Run ssh-agent (inside the build environment)
  ##
  - eval $(ssh-agent -s)
  ##
  ## Create the SSH directory and give it the right permissions
  ##
  - mkdir -p ~/.ssh
  - chmod 700 ~/.ssh
  ##
  ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  ## We're using tr to fix line endings which makes ed25519 keys work
  ## without extra base64 encoding.
  ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
  ##
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
  - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > ~/.ssh/id_rsa.pub
  - chmod 600 ~/.ssh/*
  - chmod 644 ~/.ssh/*.pub
  - ssh-add
 

  ##
  ## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
  ## with your own domain name. You can copy and repeat that command if you have
  ## more than one server to connect to.
  ##
  - ssh-keyscan gitlab.com >> ~/.ssh/known_hosts
  - chmod 644 ~/.ssh/known_hosts
  - ls -ld ~/.ssh/*
  - cat ~/.ssh/*
  ##
  ## Alternatively, assuming you created the SSH_SERVER_HOSTKEYS variable
  ## previously, uncomment the following two lines instead.
  ##
  #- echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
  #- chmod 644 ~/.ssh/known_hosts

  ##
  ## You can optionally disable host key checking. Be aware that by adding that
  ## you are suspectible to man-in-the-middle attacks.
  ## WARNING: Use this only with the Docker executor, if you use it with shell
  ## you will overwrite your user's SSH config.
  ##
  #- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'

  ##
  ## Optionally, if you will be using any Git commands, set the user name and
  ## email.
  ##

  script:
    
    - ssh -v -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT"
  environment:
    name: production
    url: http://167.172.225.124
  only:
    - master

Answer 3

Answer №2

If you are working through the steps outlined in the DigitalOcean tutorial, you will need to have a non-root user with sudo privileges, as well as a user account on GitLab that has access to a container registry.

When installing the gitlab-runner service using script.deb.sh, you will be prompted for the password of a non-root user to proceed.

Furthermore, it is important to create a dedicated user specifically for deployment tasks, and then configure a CI/CD pipeline to use this user to log in to the server.

This means that the gitlab-ci process should not run as root, as root privilege is unnecessary and should not be involved in any part of the process.

Answer 4

If you are working through the steps outlined in the DigitalOcean tutorial, you will need to have a non-root user with sudo privileges, as well as a user account on GitLab that has access to a container registry.

When installing the gitlab-runner service using script.deb.sh, you will be prompted for the password of a non-root user to proceed.

Furthermore, it is important to create a dedicated user specifically for deployment tasks, and then configure a CI/CD pipeline to use this user to log in to the server.

This means that the gitlab-ci process should not run as root, as root privilege is unnecessary and should not be involved in any part of the process.

Encountering an SSH issue while attempting to deploy to Digital Ocean using Gitlab's CI/CD functionality

Answer №1

Answer №2

Similar questions

Is there a way to set a custom URL for Firebase Realtime Database without using the "default-rtdb" prefix?

Encountering a problem while trying to upload an image using multer in a Node.js application

Communication between the Node development server and the Spring Boot application was hindered by a Cross-Origin Request

Encountered a failure while attempting to substitute environment variables in configuration files with the help of Bash and

cycle through several handlebars entities

I am encountering difficulties displaying the image and CSS files from another folder in my HTML with Node.js

User experiencing data loss following JWT refresh

``There seems to be an issue with the Express app when trying to access it

Is it possible to dynamically add nodes to the palette without the need to restart the server?

A guide on compiling Sass without using gulp and Laravel Elixir [SOLUTION]

Upon triggering a GET request to the URL "http://localhost:3000/search", a "404 (Not Found)" error response was received. Interestingly

Utilizing cheerio to set outerHTML in HTML

Comparing the Distinctions of jQuery Post and HTML Form Post

Unexpected Undefined Return in Request Parameters

What is the best way to retrieve routes from a custom REST API using React Native?

Issue: Trying to access a property called 'name' on an undefined variable in NodeJS

Issue updating BrowserList using NPM

Struggling to locate a suitable mock server that can deliver JSON responses for a specific URL that has been predetermined

Unable to establish headers after they have been already sent through socket.io

How to Implement Dropdowns with a vue.js Router-Link