Gitlab-ci使用SSH密钥configurationdocker runner进行部署
我正在尝试使用gitlab-ci和capistrano来部署我的symfony应用程序。 但是我不能通过在docker中注入密钥来部署SSH,脚本在连接时不断提示input密码。 我正在使用gitlab的本地实例。
在gitlab的SSH_PRIVATE_KEY私有variables中,我添加了git用户的私钥,并在SSH_SERVER_HOSTKEYS中添加了ssh-keyscan -H 192.168.0.226命令的结果。
在deploy的.ssh文件夹的authorized_keys文件中,我把git用户的公钥。
这里是configuration文件:
gitlab-ci.yml:
image: php:7.1 cache: paths: - vendor/ before_script: # Install dependencies - bash ci/docker_install.sh > /dev/null - bash ci/ssh_inject.sh stages: - deploy deploy: stage: deploy script: - apt-get install ruby-full -yqq - gem install capistrano -v 3.8.0 - gem install capistrano-symfony - cap production deploy environment: name: production url: http://website.com only: - master
ssh_inject.sh: 链接
#!/bin/bash set -xe # Install ssh-agent if not already installed, it is required by Docker. # (change apt-get to yum if you use a CentOS-based image) which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y ) # Run ssh-agent (inside the build environment) eval $(ssh-agent -s) # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store ssh-add <(echo "$SSH_PRIVATE_KEY") mkdir -p ~/.ssh [[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts
deploy.rb:
# config valid only for current version of Capistrano lock '3.8.0' set :application, 'symfony' set :repo_url, 'git@gitlab.local:symfony.git' # Default deploy_to directory is /var/www/my_app_name set :deploy_to, '/home/symfony' set :symfony_env, "prod" set :composer_install_flags, '--no-dev --prefer-dist --no-interaction --optimize-autoloader' set :symfony_directory_structure, 3 set :sensio_distribution_version, 5 # symfony-standard edition directories set :app_path, "app" set :web_path, "web" set :var_path, "var" set :bin_path, "bin" set :app_config_path, "app/config" set :log_path, "var/logs" set :cache_path, "var/cache" set :symfony_console_path, "bin/console" set :symfony_console_flags, "--no-debug" # asset management set :assets_install_path, "web" set :assets_install_flags, '--symlink' # Share files/directories between releases set :linked_files, %w(app/config/parameters.yml) set :linked_dirs, %w(web/uploads) # Set correct permissions between releases, this is turned off by default set :permission_method, false set :file_permissions_paths, ["var/logs", "var/cache"] set :file_permissions_users, ["apache"] before "deploy:updated", "deploy:set_permissions:acl" after "deploy:updated", "symfony:assetic:dump"
和production.rb:
server '192.168.0.226', user: 'deploy', roles: %w{app db web}
什么可能是错的? 我试图设置forward_agent为true,但它不工作。
如果我手动构buildDocker容器并安装所有依赖项,则可以在不询问密码的情况下build立ssh连接。
这是错误: 
编辑:
有没有什么可以添加在跑步者的configuration? 这里是:
concurrent = 1 check_interval = 0 [[runners]] name = "Docker runner" url = "http://gitlab.local/ci" token = "mytoken" executor = "docker" [runners.docker] tls_verify = false image = "php:7.1" privileged = false disable_cache = false volumes = ["/cache"] [runners.cache]
你需要用gitlab-runner用户在gitlab-runner上创build一个ssh密钥。
然后在authorized_keys文件中将此密钥的pubkey添加到您的服务器。
将ssh_inject.sh内容移入gitlab-ci.yml解决 。
如果有人有一个想法,为什么它需要在gitlab-ci.yml ,我想了解。