Поэтому я пытаюсь настроить CI / CD с помощью GitLab для развертывания моего веб-приложения в DigitalOcean Droplet с использованием SSH.
Проблема, с которой я сталкиваюсь, заключается в том, что сценарий GitLab не может подключиться к серверу по протоколу ssh. Где-то, если я попробую с моего компьютера, SSH работает.
Вот задание на развертывание, которое выполняется:
deploy:
only:
- master
stage: deploy
script:
- apt-get update -qq
- apt-get install -qq git
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo "$SSH_KEY" | tr -d '\r' | ssh-add - > /dev/null
- ls ~/.ssh/
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\t StrictHostKeyChecking no \n\n" > ~/.ssh/config'
- ssh-keyscan 159.65.156.240 >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh goutam@159.65.156.240 -v - StrictHostKeyChecking=no 'cd ~/wikiquotesapp; git checkout master; git pull; cd wiki-quotes-server; npm install; npm start:prod'
Переменная $ SSH_KEY содержит содержимое файла закрытого ключа. Вот отладочный вывод.
$ mkdir -p ~/.ssh
$ chmod 700 ~/.ssh
$ echo "$SSH_KEY" | tr -d '\r' | ssh-add - > /dev/null
Identity added: (stdin) ((stdin))
$ ls ~/.ssh/
$ [[ -f /.dockerenv ]] && echo -e "Host *\n\t StrictHostKeyChecking no \n\n" > ~/.ssh/config
$ ssh-keyscan 159.65.156.240 >> ~/.ssh/known_hosts
# 159.65.156.240:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
# 159.65.156.240:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
# 159.65.156.240:22 SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
$ chmod 644 ~/.ssh/known_hosts
$ ssh goutam@159.65.156.240 -v - StrictHostKeyChecking=no 'cd ~/wikiquotesapp; git checkout master; git pull; cd wiki-quotes-server; npm install; npm start:prod'
OpenSSH_7.4p1 Debian-10+deb9u6, OpenSSL 1.0.2r 26 Feb 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 159.65.156.240 [159.65.156.240] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: SELinux support disabled
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 159.65.156.240:22 as 'goutam'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:+g1ivOXzyPGG093s86TH/B1mEB46wVEgg9ES00vEDgg
debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.
ERROR: Job failed: exit code 1
