Fatal编程技术网
  • symfony/
  • Symfony Gitlab ci配置docker runner以使用SSH密钥进行部署

Symfony Gitlab ci配置docker runner以使用SSH密钥进行部署

symfony docker ssh gitlab

Symfony Gitlab ci配置docker runner以使用SSH密钥进行部署,symfony,docker,ssh,capistrano,gitlab,Symfony,Docker,Ssh,Capistrano,Gitlab,我正在尝试使用gitlab ci和capistrano部署我的symfony应用程序。但我无法通过向docker中注入密钥来使用SSH进行部署,脚本在连接时不断提示输入密码。我正在使用gitlab的本地实例 在gitlab的SSH_PRIVATE_KEY PRIVATE变量中,我添加了git用户的私钥,并在SSH_SERVER_HOSTKEYS中添加了SSH keyscan-H 192.168.0.226命令的结果。 在deploy的.ssh文件夹中的文件authorized_keys中,我放置

我正在尝试使用gitlab ci和capistrano部署我的symfony应用程序。但我无法通过向docker中注入密钥来使用SSH进行部署,脚本在连接时不断提示输入密码。我正在使用gitlab的本地实例

在gitlab的SSH_PRIVATE_KEY PRIVATE变量中,我添加了git用户的私钥,并在SSH_SERVER_HOSTKEYS中添加了
SSH keyscan-H 192.168.0.226
命令的结果。
在deploy的.ssh文件夹中的文件authorized_keys中,我放置了git用户的公钥

以下是配置文件:

gitlab ci.yml:

image: php:7.1

cache:
  paths:
  - vendor/

before_script:
# Install dependencies
- bash ci/docker_install.sh > /dev/null
- bash ci/ssh_inject.sh

stages:
  - deploy

deploy:
  stage: deploy
  script:
  - apt-get install ruby-full -yqq
  - gem install capistrano -v 3.8.0
  - gem install capistrano-symfony
  - cap production deploy
  environment:
    name: production
    url: http://website.com
  only:
  - master

# config valid only for current version of Capistrano
lock '3.8.0'

set :application, 'symfony'
set :repo_url, 'git@gitlab.local:symfony.git'

# Default deploy_to directory is /var/www/my_app_name
set :deploy_to, '/home/symfony'

set :symfony_env,  "prod"

set :composer_install_flags, '--no-dev --prefer-dist --no-interaction --optimize-autoloader'

set :symfony_directory_structure, 3
set :sensio_distribution_version, 5

# symfony-standard edition directories
set :app_path, "app"
set :web_path, "web"
set :var_path, "var"
set :bin_path, "bin"

set :app_config_path, "app/config"
set :log_path, "var/logs"
set :cache_path, "var/cache"

set :symfony_console_path, "bin/console"
set :symfony_console_flags, "--no-debug"

# asset management
set :assets_install_path, "web"
set :assets_install_flags,  '--symlink'

# Share files/directories between releases
set :linked_files, %w(app/config/parameters.yml)
set :linked_dirs, %w(web/uploads)

# Set correct permissions between releases, this is turned off by default
set :permission_method, false
set :file_permissions_paths, ["var/logs", "var/cache"]
set :file_permissions_users, ["apache"]

before "deploy:updated", "deploy:set_permissions:acl"
after "deploy:updated", "symfony:assetic:dump"

server '192.168.0.226', user: 'deploy', roles: %w{app db web}
ssh\u inject.sh:

生产。rb:

image: php:7.1

cache:
  paths:
  - vendor/

before_script:
# Install dependencies
- bash ci/docker_install.sh > /dev/null
- bash ci/ssh_inject.sh

stages:
  - deploy

deploy:
  stage: deploy
  script:
  - apt-get install ruby-full -yqq
  - gem install capistrano -v 3.8.0
  - gem install capistrano-symfony
  - cap production deploy
  environment:
    name: production
    url: http://website.com
  only:
  - master

# config valid only for current version of Capistrano
lock '3.8.0'

set :application, 'symfony'
set :repo_url, 'git@gitlab.local:symfony.git'

# Default deploy_to directory is /var/www/my_app_name
set :deploy_to, '/home/symfony'

set :symfony_env,  "prod"

set :composer_install_flags, '--no-dev --prefer-dist --no-interaction --optimize-autoloader'

set :symfony_directory_structure, 3
set :sensio_distribution_version, 5

# symfony-standard edition directories
set :app_path, "app"
set :web_path, "web"
set :var_path, "var"
set :bin_path, "bin"

set :app_config_path, "app/config"
set :log_path, "var/logs"
set :cache_path, "var/cache"

set :symfony_console_path, "bin/console"
set :symfony_console_flags, "--no-debug"

# asset management
set :assets_install_path, "web"
set :assets_install_flags,  '--symlink'

# Share files/directories between releases
set :linked_files, %w(app/config/parameters.yml)
set :linked_dirs, %w(web/uploads)

# Set correct permissions between releases, this is turned off by default
set :permission_method, false
set :file_permissions_paths, ["var/logs", "var/cache"]
set :file_permissions_users, ["apache"]

before "deploy:updated", "deploy:set_permissions:acl"
after "deploy:updated", "symfony:assetic:dump"

server '192.168.0.226', user: 'deploy', roles: %w{app db web}
有什么不对劲吗?我试着将代理设置为true,但它不起作用

如果我手动构建docker容器并安装所有依赖项,则可以在不要求密码的情况下建立ssh连接

以下是错误:

编辑:

image: php:7.1

cache:
  paths:
  - vendor/

before_script:
# Install dependencies
- bash ci/docker_install.sh > /dev/null
- bash ci/ssh_inject.sh

stages:
  - deploy

deploy:
  stage: deploy
  script:
  - apt-get install ruby-full -yqq
  - gem install capistrano -v 3.8.0
  - gem install capistrano-symfony
  - cap production deploy
  environment:
    name: production
    url: http://website.com
  only:
  - master

# config valid only for current version of Capistrano
lock '3.8.0'

set :application, 'symfony'
set :repo_url, 'git@gitlab.local:symfony.git'

# Default deploy_to directory is /var/www/my_app_name
set :deploy_to, '/home/symfony'

set :symfony_env,  "prod"

set :composer_install_flags, '--no-dev --prefer-dist --no-interaction --optimize-autoloader'

set :symfony_directory_structure, 3
set :sensio_distribution_version, 5

# symfony-standard edition directories
set :app_path, "app"
set :web_path, "web"
set :var_path, "var"
set :bin_path, "bin"

set :app_config_path, "app/config"
set :log_path, "var/logs"
set :cache_path, "var/cache"

set :symfony_console_path, "bin/console"
set :symfony_console_flags, "--no-debug"

# asset management
set :assets_install_path, "web"
set :assets_install_flags,  '--symlink'

# Share files/directories between releases
set :linked_files, %w(app/config/parameters.yml)
set :linked_dirs, %w(web/uploads)

# Set correct permissions between releases, this is turned off by default
set :permission_method, false
set :file_permissions_paths, ["var/logs", "var/cache"]
set :file_permissions_users, ["apache"]

before "deploy:updated", "deploy:set_permissions:acl"
after "deploy:updated", "symfony:assetic:dump"

server '192.168.0.226', user: 'deploy', roles: %w{app db web}
在runner配置中是否有需要添加的内容?这是:

concurrent = 1
check_interval = 0

[[runners]]
  name = "Docker runner"
  url = "http://gitlab.local/ci"
  token = "mytoken"
  executor = "docker"
  [runners.docker]
    tls_verify = false
    image = "php:7.1"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
  [runners.cache]
您需要使用
gitlab runner
用户在gitlab runner上创建ssh密钥

然后将此密钥的公钥添加到服务器的
authorized_keys
文件中。

通过将ssh_inject.sh内容移动到gitlab-ci.yml中解决

如果有人知道为什么它需要放在gitlab-ci.yml中,我想知道。

bash ci/ssh\u inject.sh
不起作用,因为它运行在不同的shell中。使用:

source./ci/ssh\u inject.sh

相反。

谢谢你的回答。但这不起作用,我在deploy user的文件authorized_keys中添加了公钥,尝试删除ssh_inject.sh调用,用gitlab runner私钥更改了ssh_私钥,但它仍在请求密码。我可以做宋承宪deploy@192.168.0.226从带有gitlab runner用户(无密码)的终端。我想我遗漏了什么。我应该用哪一位遗嘱执行人来执行跑步者?parallels,ssh,virtualbox,docker+机器,docker ssh+机器,docker,docker ssh,shell,kubernetes?以前我用的是dockerstrange。对于我的纯部署运行程序,我使用
shell
进行ci测试
docker+machine
如果使用docker,您必须在docker容器内执行操作,但这应该在.gitlab ci和cap SKcript中起作用。但是说实话,我不认为容器化部署运行程序有什么意义——如果你使用运行程序进行部署和其他(ci)工作,那就另当别论了。我更喜欢使用docker进行更新。但是使用
shell
似乎很好!