AutoDeploy rails app via jenkins and capistrano - ruby-on-rails

As first steps I have configured AWS EC2 instance with Ubuntu 16.04 and configured Capistrano for deploy from local to this AWS EC2 instance.
Now I am trying to make autodeploy rails app from GitHub to this Ubuntu Server (AWS EC2) via Jenkins and Capistrano. Note: I am creating autodeploy for the first time.
My rails app (production) and Jenkins are on the same Amazon EC2 instance.
When Jenkins task starts, it clones repo to the jenkins workspace, install gems and then execute: cap production deploy
But now I can“t check that the Capistrano was configured correctly for deploy to another folder of the same server, because when cap production deploy executes I get this error:
Net::SSH::AuthenticationFailed: Authentication failed for user jenkins#
I tried to create ssh-key for user jenkins and add it to ubuntu user (default non-root sudo user) by:
ssh-keygen
ssh-copy-id ubuntu#127.0.0.1
and always get permission denied error.
Does anybody have any suggestions?
Thank you in advance
capistrano version 3.11

You can add jenkin user's public-key in the authorized_keys file of ubuntu user. You can find it at /home/ubuntu/.ssh/authorized_keys.
However, In my opinion, you should migrate the jenkins runner to a separate server.
You can create a VPC group, and put both the servers, production and jenkins runner in that single VPC, and expose ssh port in the same VPC, so that no one outside can access it.
Then add the public key of thejenkins server to the production server as I have explained above.

Related

Capistrano 3 asks for SSH user's password since `do-release-upgrade` was done on Ubuntu 20.04 server

I have a rails app that I could so far successfully deploy to my Ubuntu server using capistrano 3.
Last night I did a successful server update using do-release-upgrade:
Linux my-server 5.15.0-47-generic #51-Ubuntu SMP Thu Aug 11 07:51:15 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
I can still ssh into the server using my id_rsa key from my Mac Terminal:
ssh user#my-server.example.com
Welcome to Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-47-generic x86_64)
However Capistrano now asks for the password instead of asking me for the passkey of my id_rsa certificate:
cap production deploy
user#my-server.example.com's password:
I tried to run ssh-copy-id too to make sure the certificate is re-uploaded:
ssh-copy-id user#my-server.example.com
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)
It's all quite weird since just yesterday I did do several deployments:
ls -lia rails/releases/ | grep 20220913 | wc -l
9
I did not enable passwords for the SSH access at all so I am wondering how to re-enable the SSH communication with my sever.
Update
The issue might be related to "SSH agent forwarding". I did use capistrano-ssh-doctor and it told me that:
SSH agent forwarding report
[success] repo_url setting ok
[success] ssh private key file exists
[success] ssh-agent process seems to be running locally
[success] ssh-agent process recognized by ssh-add command
[success] ssh private keys added to ssh-agent
[success] application repository accessible from local machine
[success] all hosts using passwordless login
[success] forward_agent ok for all hosts
[success] ssh agent successfully forwarded to remote hosts
[error] It seems Capistrano cannot access application git repository from these hosts: my-server.example.com
Actions:
make sure all the previous checks pass. That should make this one work too.
It seems SSH agent forwarding is not set up correctly. Follow the
suggested steps described in error messages. Errors (if more than one)
are ordered by importance, so always start with the first one.
So I logged in on the server and I was able to successfully clone the repository.
There is some information in this post:
I'd still like to find out why I can't use the git#github.com:{github-organization}/{private-repo}.git format for :repo_url, with keys, when all of the SSH forwarding report's requirements seem to be met. If you need further info from me just let me know - and thanks again for any help!
So it seems that the :repo_url needs to be changed. I'll give that a shot.
I did figure out that now for some reason the following command does no longer work:
cap staging deploy
Instead I need to use bundler
bundle exec cap staging deploy
Had the same issue. This fixed it for me: https://askubuntu.com/questions/1409105/ubuntu-22-04-ssh-the-rsa-key-isnt-working-since-upgrading-from-20-04
Add this to the end of /etc/ssh/sshd_config:
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa

How to sftp into non-AWS SFTP from rails app on ec2 instance?

I have been working on this for a while now. I currently have a rails application on an AWS Ec2 instance. I have set up sidekiq/redis and have been deploying with capistrano. I am working to SFTP into a NON-AWS sftp server. I have added the gem 'net-sftp' and bundle installed locally and then deployed. Worker runs when expected.
Currently when running worker locally (starting redis,sidekiq,rails c run worker) everything runs as expected with the following code:
Net::SFTP.start(sftp_host, sftp_user, :password => sftp_pass) do |sftp|
sftp.download!("/import/", "storage/", :recursive => true)
end
Yet on my AWS EC2 Rails application I get the following error:
"error_message":"Net::SFTP::StatusException opendir /import/ (2, \"no such file\")"...
I can SSH directly into EC2 instance (Ubuntu) and connect to sftp server directly from command line and see directory and files.
Any help would be greatly appreciated!

Authentication failed for user when deploying to Amazon EC2

I am trying to run cap production deploy under my project folder using Capistrano 3. I am able to ssh into my production server using the pem as login credential. But when I run cap production deploy, I get the following message:
cap aborted!
SSHKit::Runner::ExecuteError: Exception while executing on host cityspade.com: Authentication failed for user ec2-user#cityspade.com
The EC2 server has already allowed my IP for SSH connecting. No idea how to fix this issue.
Capistrano uses your default available keys to login. You might need to set up ssh-agent and add the pem to the available keys.

Capistrano forward_agent

I'm trying to deploy my app from a remote git repo with capistrano. Everything was working fine till I installed ssl certificate on my server. Now the problem is when capistrano restarts the apache server the server asks for the passphrase. My question is how can I enter that passphrase from my local machine. I have enabled forward_agent by using this line but its not working.
set :ssh_options, { :forward_agent => true }
I was wondering if there is any other way to enter value on server from your local system.
Agent forwarding is for ssh keys, on apache restart most probably it's the sudo asking for password.
Add the deploy user to sudoers to allow apache restart, for example
deployer ALL=(ALL) NOPASSWD:/etc/init.d/apache2 restart

How to provide password for Capistrano rails 3.1 app deployment to aws ec2 ubuntu server?

We are trying to deploy a rails 3.1 app on a aws ec2 instance running ubuntu 12.04. With cap deploy, However, we are stuck with the password hint. There is only private key in aws ecs login and there is no password. How can we pass the ssh login for ec2 deployment?
Thanks so much.
This is what I did to solve this scenario:
On the local machine, generate a key using e.g. ssh-keygen. Keep the standard location to not overcomplicate things, i.e. keyfiles should be ~/.ssh/id_rsa and id_rsa.pub; SKIP THIS STEP IF YOU ALREADY HAVE KEYS IN .ssh
Copy the content of the id_rsa.pub file
SSH into the EC2 instance using your .pem keyfile
Paste the content of your local id_rsa.pub into /home/[YOUR_EC2_USER]/.ssh/authorized_keys
You should now be able to use capistrano for your deployment.

Resources