I'm trying to deploy a Rails app with Capistrano to my Ubuntu server.
Having these in my production.rb:
set :pty, false
set :use_sudo, false
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w[~/.ssh/id_ed25519.pub] }
This used to work, but now I'm getting no tty present and no askpass program specified errors. I have also tried changing permissions for my deploying user on the server, giving it ALL permissions. This is happening when it's trying to run: sudo /bin/systemctl restart puma_production
I feel like I have tried every possible combination of settings out there. If I set set :pty, true it will ask for a password but I can't enter it.
What am I missing here?
Related
Local Computer Username: Christopher
Ubuntu Server Username: my_app_name
I have followed the Digital Ocean documentation to set up an Ubuntu 16.04 server with Ruby on Rails and is my first time doing so, though when I get to cap production deploy:initial the console returns Net::SSH::AuthenticationFailed: Authentication failed for user Christopher#12.23.34.45 even though I am able to ssh without a problem into my root and user accounts.
I followed these instructions:
How to connect your droplet with Digital Ocean
https://www.digitalocean.com/community/tutorials/how-to-connect-to-your-droplet-with-ssh
Initial Server Setup with Ubuntu 16.04
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
I generated an ssh public/private key pair on my local computer using:
ssh-keygen -t rsa
I added the public key from my local computer to the servers ~/.ssh/authorized_keys file. I was then able to ssh into my root and user accounts.
I then followed these instructions:
Deploying a Rails App on Ubuntu 14.04 with Capistrano, Nginx, and Puma
https://www.digitalocean.com/community/tutorials/deploying-a-rails-app-on-ubuntu-14-04-with-capistrano-nginx-and-puma
I generated another ssh key, this time on the server and added the public key to my github's deploy keys list. I was then able to successfully clone my repo through ssh.
I run the following commands:
cat ~/.ssh/id_rsa.pub | ssh -p your_port_num deploy#your_server_ip 'cat >> ~/.ssh/authorized_keys'
cap production deploy:initial
And get back:
Net::SSH::AuthenticationFailed: Authentication failed for user Christopher#12.23.34.45
I would really appreciate any help as this is my very first time deploying to an Ubuntu server and I would really like to learn what it is I'm doing wrong. Thank you in advance.
Did you add your key to the Agent?
What do you see when you run:
$ ssh-add -l
If you get 'The agent has no identities.', then add your key with:
$ ssh-add id_rsa_key_name
First of all you need to ssh to your server and run
eval `ssh-agent`
and then
ssh-add ~/.ssh/id_rsa
and now change
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa.pub) }
#
to
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa) }
#
I just removed pub from id_rsa.pub.
And then run
cap production deploy:initial
It should work now. Same changes fixed the issues for my app https://www.wiki11.com.
You have :
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa.pub) }
Change it to:
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa) }
Keys should have private key location only. Also, enable ssh-agent on local machine using ssh-add. Add ForwardAgent yes in ~/.ssh/config for your Host.
I had some weird problems as long as I did not use bundler. So using capistrano like so then worked again for me:
# good
bundle exec cap production deploy
Instead of just:
# no good
cap production deploy
You need to add the following line to your config/deploy.rb
ssh_options[:forward_agent] = true
Refer this post.
I recently started deploying my rails apps using Capistrano, but I can't seem to figure out how to not display my password when deploying the app when it prompts me for my password.
I get the following warning,
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
I installed both of those gems, and my password is still being echoed in clear text. Any help would greatly be appreciated.
Add this in config/deploy/production.rb
set :ssh_options, {
keys: %w(/Users/artemadamcov/.ssh/id_rsa),
forward_agent: true,
auth_methods: %w(publickey password),
port: 4321
}
And enter it in terminal
ssh-add ~/.ssh/id_rsa
I'm trying to deploy a Rails App with Capistrano on an AWS-EC2 instance, with the default user (Ubuntu) in another user's home but it gaves me a "Permission Denied" error. This is my code:
server "9.9.9.9", :web, :app, :db, primary: true
set :application, "some_app"
set :user, "ubuntu"
set :keep_releases, 3
set :location, "9.9.9.9"
ssh_options[:keys] = ["~/Keys/serverkey.pem"]
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
set :use_sudo, false
task :hello do
run "echo 'Hello World' > /home/other_user/i_was_here.txt"
end
And this is the output:
$ cap hello
* 2013-03-22 14:11:29 executing `hello'
* executing "echo 'Hello World' > /home/other_user/i_was_here.txt"
servers: ["9.9.9.9"]
[9.9.9.9] executing command
** [out :: 9.9.9.9] sh: cannot create /home/other_user/i_was_here.txt: Permission denied
command finished in 798ms
failed: "sh -c 'echo '\\''Hello World'\\'' > /home/other_user/i_was_here.txt'" on 9.9.9.9
What could be wrong? The purpose is to deploy a Rails App for another user, so I have some doubts:
Is there a way to deploy the Rails App on an AWS-EC2 instance directly with the other user?
If the answer for #1 is "no", what is the right way to deploy the Rails App with the default user Ubuntu for other users? (for no having problems with permissions in the future when the other users try to access to the apps)
In the server are managed many users because we want to get the storage and bandwidth for each user, so we did it this way and until today we are starting with Capistrano haha.
Thanks in advance.
The usual is to deploy as the user that should run/maintain the application. Otherwise you have to really be sure both users are not messing around with the permissions.
Is the reason for this scenario is that you don't want to share credentials? If so, consider using a special deploy ssh key that is added to .ssh/authorized_keys for every user.
Remove ssh_options[:forward_agent] = true line from your config file, even I had the same issue I removed this line and its working fine for me now
Thank you everyone for your answers. What I did was follow this steps and connect with Capistrano with the specific user.
http://utkarshsengar.com/2011/01/manage-multiple-accounts-on-1-amazon-ec2-instance/
The ubuntu user does not have permission to access other_user's home directory, unless sudo is used, or you change the permissions on /home/other_user.
The best approach, if you want to run the app as other_user, is to configure capistrano to deploy as other_user. You'll need to add your public ssh key to /home/other_user/.ssh/authorized_keys. If you want the app to run as ubuntu, deploy to /home/ubuntu.
Totally new to Capistrano.
I have a local git repository that I want to publish to my remote server. I've followed other answers here and came up with this configuration:
require 'bundler/capistrano'
set :application, "app_name"
set :repository, '~/Dropbox/app/.git'
set :user, 'user_name'
set :deploy_to, 'ssh://remote_host/~/railsApps/app_name'
set :scm_verbose, true
set :deploy_via, :copy
default_run_options[:pty] = true
server "remote_server", :web, :app, :db, :primary => true
set :scm, :git
set :branch, "master"
ssh_options[:keys] = %w(~/.ssh/id_rsa)
after "deploy:restart", "deploy:cleanup"
This no longer asks for a password for the remote server, but fails always with the following error:
The --deployment flag requires a Gemfile.lock. Please make sure you have checked your Gemfile.lock into version control before deploying.
I am definitely including the Gemfile.lock file in my git repo.
If I change the Capistrano configuration to clone from the remote git folder to which I push (which is in that same server) then I don't get an error but it asks for my password every time I try to connect.
Help please.
Note that SSH key pairing works fine when used from the CLI for regular SSH connection.
Solution
Thanks to Tigraine I was able to solve it. In the hopes that this helps someone else, here is what finally did the trick:
Tigraine is correct in that the paths are local to the remote server, but I was getting an error when trying to use local paths, Capistrano kept searching on my local machine and throwing errors when it couldn't find those paths.
What I had to do was add the local_repository to the config and then everything worked. So the bits I changed are these:
set :local_repository, '~/Dropbox/app_name/.git'
set :repository, '~/railsApps/app_name.git'
set :deploy_to, '~/railsApps/app_name'
The local_repository path is local to my machine and the repository and deploy_to paths are local to the remote server.
First of all: Capistrano always executes it's commands on the remote server you are deploying to.
This means that all paths you use like in set :deploy_to are local paths on the server.
In my case the config looks something like this:
set :scm, 'git'
set :repository, "<repo url>"
set :branch, 'master'
set :git_shallow_clone, 1
set :scm_verbose, true
set :deploy_to, '/var/www/app'
set :deploy_via, :remote_cache
The important part here is the :deploy_to that is a local path on the server not a SSH path. This is where your config is wrong!
This gets even more important if you look at the commands capistrano then runs. It for example will usually do things like bash cd /var/www/app && bundle instal ....
If the path is not local the command will most likely fail.
Secondly this also means that Capistrano will deploy to your Git Server from your Remote Server, so you have to make sure the remote server has access to the Git Server.
The ssh_options[:keys] therefore specifies the local SSH key used to connect to that remote_server, while on the server the default key from ~/.ssh/id_rsa.pub will be used.
You can avoid having to set up your SSH key on the Server by using SSH Agent forwarding by including ssh_options[:forward_agent] = true. This will simply forward your local SSH agent socket to the server and use that (good because your key never leaves your machine)
More info on SSH Agent forwarding can be found here
Thins to check:
Check in the remote server for .ssh folder and make sure your ssh key(id_rsa.pub) is added to authorized keys with no space appended.
do ssh-add from you local folder from where you are running the cap script.
Check for the permissions of .ssh folder on remote, it should be 700 and files inside with 600 permission.
If I change the Capistrano configuration to clone from the remote git folder to which I push (which is in that same server) then I don't get an error but it asks for my password every time I try to connect.
Now clone it from the git,
From what I've read, including this article on GitHub itself, by using ssh agent forwarding, I should not have needed to upload my private id_rsa key to my server in order for Capistrano to connect to GitHub. Yet, until I uploaded it, cap deploy would fail trying to pull from GitHub saying "Permission denied (publickey)".
A little about my setup: My server is a shared Dreamhost server. I'm on Windows using the mysysgit Git Bash as my CLI. I previously set up passwordless ssh login to the Dreamhost server by copying my public key to authorized_keys. I can push to GitHub from my dev. Another symptom was that I could ssh into GitHub from my box, but from the server it gave the same error as above. That tipped me off about uploading my private key to resolve the issue. But it shouldn't have been necessary as I understand it.
Here's my deploy.rb:
default_run_options[:pty] = true
set :domain, "myactualdomain"
set :user, "myusernameeverywhere"
# source
set :scm, :git
set :repository, "git#github.com:#{user}/#{myreponame}.git"
set :branch, "master"
ssh_options[:forward_agent] = true
set :deploy_via, :remote_cache
set :scm_verbose, true
# deployment
set :use_sudo, false
set :deploy_to, "/home/#{user}/#{domain}"
role :web, "#{domain}"
role :app, "#{domain}"
role :db, "#{domain}", :primary => true
Why did I have to upload my private key? Is there a way to handle this where that isn't necessary?
Agent forwarding is handled by the net-ssh gem. Did you try to update it to >=1.1.0 ?