I am trying to deploy my rails application (Ruby 2.1.2 and Rails 4.1.4) through capistrano from mac. I have ssh keys set up on server. But i keep getting authentication error whenever i try to deploy. The error is:
SSHKit::Runner::ExecuteError: Exception while executing on host xxx.xxx: Authentication failed for user deploy#xxx.xxx
followed by:
Net::SSH::AuthenticationFailed: Authentication failed for user deploy#xxx.xx
This is my staging.rb:
server "xxx.xx.xxx", user: "deploy", roles: %w{web app db}
set :ssh_options, {
user: "root",
forward_agent: false,
keys: '~/.ssh/id_rsa',
auth_methods: %w(publickey password)
}
set :branch, "master"
set :rails_env, "staging"
I am able to login to server via terminal using ssh root#xxx.xx but cannot login with capistrano. Any help or advice will be appericiated.
At first. You use two different users in one config. Choice one and edit your staging.rb
Also I am not sure that using public key is a good way. Try to add private key for user Deploy. Then if you able to login as deploy
ssh -i id_rsa deploy#xxx.xx.xx.xx
try to update gem net-ssh to version 3.0.1. Then you can write your config like
set :ssh_options, {
user: "deploy",
keys: ["~/.ssh/id_rsa"]
}
I have faced the same issue for my application https://www.wiki11.com.
Those who are getting error
Net::SSH::AuthenticationFailed: Authentication failed for user deploy#XXX.XX.XX.XXX
Here is the solution,
First of all you need to ssh to your server and run
eval `ssh-agent`
and then
ssh-add ~/.ssh/id_rsa
and now change
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa.pub) }
#...
to
set :ssh_options, { forward_agent: true, user: fetch(:user), keys: %w(~/.ssh/id_rsa) }
#...
I just removed pub from id_rsa.pub.
And then run
cap production deploy:initial
It should work now.
Related
I'm deploying a Rails app with Capistrano, to an Ubuntu server (EC2).
When I deploy, with --trace, everything appears to go fine.
When I look at the revisions log on the server, it shows the latest commit hash was used on the most recent deploy, however, when I go into that latest release directory (yes I confirmed that a new release directory was created and that I'm in that one) it doesn't have the most recent commits.
If I do a 'git pull origin master' from with the new release directory on the server, of course it pulls the latest commits.
Any idea why the git pull wouldn't be happening on the Capistrano deploy?
EDIT:
Here's the deploy.rb file:
lock "~> 3.14.0"
set :pty, true
set :application, "123abc"
set :repo_url, "git#github.com:123/abc.git "
# ask :branch, `git rev-parse --abbrev-ref HEAD`.chomp
set :branch, "master"
set :rbenv_ruby, File.read('.ruby-version').strip
append :linked_files, "config/secrets.yml"
append :linked_dirs, "log", "tmp/pids", "tmp/cache", "tmp/sockets"
namespace :deploy do
before :compile_assets, :force_cleanup_assets do
on release_roles(fetch(:assets_roles)) do
within release_path do
with rails_env: fetch(:rails_env) do
execute :rake, 'assets:clobber'
end
end
end
end
app_service_name = "#{fetch(:application)}-#{fetch(:stage)}"
services = ["#{app_service_name}-workers"]
desc "Restart application"
task :restart do
on roles(:app), in: :sequence, wait: 5 do
execute :sudo, :systemctl, :stop, app_service_name
sleep 1
execute :sudo, :systemctl, :start, app_service_name
# execute :sudo, :systemctl, :restart, app_service_name
end
end
desc "Restart Workers"
task :restart_services do
on roles(:app), in: :sequence, wait: 5 do
services.each { |service| execute "sudo systemctl restart #{service}" }
end
end
desc "Start Workers"
task :start_services do
on roles(:app), in: :sequence, wait: 5 do
services.each { |service| execute "sudo systemctl start #{service}" }
end
end
desc "Stop Workers"
task :stop_services do
on roles(:app), in: :sequence, wait: 5 do
services.each { |service| execute "sudo systemctl stop #{service}" }
end
end
end
after "deploy:publishing", "deploy:restart"
after "deploy:publishing", "deploy:restart_services"
Is your organization using a proxy with ca certificate?.
Are you pulling from github site using SSL or from another git clone with a self signing certificate?.
Please try to su to the user used for the deployment, and attempt git pull, to see if it works?.
Are you using Tokens to authenticate or credentials or certificates?.
I would attempt to tcpdump to see what's going on, if effectively it attempts to connect to github.
Your deploy works with full clone or pull?. Can you deploy using full clone?.
Are you using SSH or HTTPS, and default or special ports?.
Can you publish the trace, or at least check that you don't have something like:
Connection refused - connect(2)
I guess that the ending spaces after your repourl are not in your final file.
Cheers
This could happen because of ownership/permissions inside <deploy_path>/repo, for example if once you had run deploy or git pull on server under other user.
Make sure that you have correct username in your deploy/<env>.rb configs and chown -r that_user:that_user <deploy_path>/repo (and may be other directories as well)
The steps i followed are:
Ansible login as root user
Update Server pacakges
Create a user called deploy
Clone a Git Repository from bitbucket.org
I want to clone the repository as deploy user in his home directory using ssh forwarding method.
But the issue is that, I am not able to get permissions even through ssh forwarding and the error returns as :Doesn't have rights to access the repository.
My inventory file:
[production]
rails ansible_host=(my host ip) ansible_user=ubuntu
My ansible.cfg file looks like this:
[ssh_connection]
pipelining=True
ssh_args = -o ForwardAgent=true
My playbook looks like this:
---
- hosts: production
remote_user: root
become: yes
tasks:
- name: Update all packages to latest version
apt:
upgrade: dist
- add deploy user tasks here
(deploy user add task)
- name: APP | Clone repo
git:
repo: git#github.com:e911/Nepali-POS-Tagger.git
dest: home/deploy/myproject
accept_hostkey: true
force: true
become: yes
become_user: deploy
tags: app
My deploy user is created but for some reason I cannot clone the user as deploy user. It doesnot have access right. I have researched and think this seems to be because of ssh keys not being attached. When I login in as ubuntu and switch user as deploy the attached keys are not forwarded to deploy. But I cannot have a solution for this.
How do you solve this ? Or what am I doing wrong here?
Here is the error snippet:
fatal: [rails]: FAILED! => {
"changed": false,
"cmd": "/usr/bin/git clone --origin origin '' /home/deploy/myproject",
"invocation": {
"module_args": {
"accept_hostkey": true,
"archive": null,
"bare": false,
"clone": true,
"depth": null,
"dest": "/home/deploy/myproject",
"executable": null,
"force": true,
"gpg_whitelist": [],
"key_file": null,
"recursive": true,
"reference": null,
"refspec": null,
"remote": "origin",
"repo": "git#github.com:e911/Nepali-POS-Tagger.git",
"separate_git_dir": null,
"ssh_opts": null,
"track_submodules": false,
"umask": null,
"update": true,
"verify_commit": false,
"version": "HEAD"
}
},
"msg": "",
"rc": 128,
"stderr": "Cloning into '/home/deploy/myproject'...\ngit#github.com: Permission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n",
"stderr_lines": [
"Cloning into '/home/deploy/myproject'...",
"git#github.com: Permission denied (publickey).",
"fatal: Could not read from remote repository.",
"",
"Please make sure you have the correct access rights",
"and the repository exists."
],
"stdout": "",
"stdout_lines": []
}
I have tried the solutions here: Ansible and Git Permission denied (publickey) at Git Clone but it was of not help.
We have alternative solution, using HTTP instead of SSH:
For GitHub:
Generate a Token from link: https://github.com/settings/tokens
Give permission with scope: repo (full control of private repositories)
Use that token git+https://<TOKEN>:x-oauth-basic#github.com/<ORGANIZATION>/<REPO>.git#<BRANCH>
For BitBucket:
Generate a random Password for your repo from link: https://bitbucket.org/account/settings/app-passwords
Give permission with scope Repositories: Read
Use that password to clone your repo as: git clone https://<USERNAME>:<GENERATED_PASSWORD>#bitbucket.org/<ORGANIZATION>/<REPO>.git
Hope this could be an alternative for the solution.
I am trying to optimize my application. I would like to deploy my rails application to different machines. Unfortunately I can't understand how to do it.
role :web, "ip1","ip2"
role :app, "ip1, ip2"
role :db, "db_ip", primary: true
set :application, "Name"
set :user, "root"
set :port, 22
set :deploy_to, "/home/#{user}/apps/#{application}"
set :ssh_options, {:forward_agent => true}
ssh_options[:forward_agent] = true
ssh_options[:keys] = %w(~/.ssh/id_key)
This is my configuration. I have two unicorn servers and one db server. When I use cap:deploy:cold it asks me for password but I can't understand the password of which machine I should enter? It doesn't work with all of the server's passwords. I receive
(Net::SSH::AuthenticationFailed: root)
Can someone explain me how should my configuration looks to be able to deploy to all of the machines?
This should just work, but you should set up your ssh connections so you do not have to enter a password, using ssh keys.
this is for for version 3, and was posted before seeing version was set 2.
try setting your global options like this.
set :ssh_options, {
keys: %w(/home/your_user/.ssh/id_key),
forward_agent: true,
}
And is your key called id_key (id_rsa is more common)
if you need to do it per server you can do this.
server 'ip1',
user: 'root',
roles: %w{web app},
ssh_options: {
user: 'foobar', # overrides user setting above
keys: %w(/home/user_name/.ssh/id_rsa),
forward_agent: false,
}
I am using the rails-server-template available here (https://github.com/TalkingQuickly/rails-server-template) to provision a Rails server (Ubuntu 12.04) using Chef. When I am setting up a new server, I copy my public ssh key ssh-copy-id -i ~/.ssh/id_rsa.pub ubuntu#my-server.amazonaws.com and am able to enter my server fine.
But after I download a new copy of this template (updating the nodes/my-server.json file to this:)
{
"environment": "production",
"authorization": {
"sudo": {
"users": ["deploy", "vagrant"]
}
},
"run_list": [
"role[server]",
"role[postgres-server]"
],
"automatic": {
"ipaddress": "my-server.amazonaws.com"
},
"postgresql": {
"password": {
"postgres": "password"
}
}
}
And also updating the deploy.json user in data_bags/users:
{
"id": "deploy",
// generate this with: openssl passwd -1 "plaintextpassword"
"password": "password",
"ssh_keys": [ "ssh-rsa my-public-key from ~/.ssh/id_rsa.pub"
],
"groups": [ "sysadmin"],
"shell": "\/bin\/bash"
}
For some weird reason, after provisioning the server with bundle exec knife solo bootstrap ubuntu#my-server.com, I get a Permission denied (publickey) error. When trying to log-in using ssh, I get asked for the password for the ubuntu user, which I don't know. I can't even log in with my key pair .pem file from Amazon EC2 anymore.
Am I missing something? I didn't change the server.json role, and I can't seem to figure out what is going on. Has something changed my ssh configuration during provisioning?
Turns out when I was trying to ssh into my server, the user I was using was ubuntu, whereas in the data_bags, I set up a new user with the id deploy. I needed to ssh in as the deploy user.
i'v try to deploy the grunt output folder ( dist ) to server space using grunt-deploy in Jenkins. it return success message after grunt deploy.but it actually not deploy to given target.and there is option for username and password of server.so i think its not secure method .if yes give me a correct method for that.also there is no option for source path . this is my deploy code.
deploy: {
liveservers: {
options:{
servers: [{
host: 'host',
port: 'port',
username: 'user',
password: 'pass'
}],
cmds_before_deploy: [],
cmds_after_deploy: [],
deploy_path: '/home/testdeploy'
}
} }
please help me :(
Use the mkdir command to create a releases subfolder:
cd /home/testdeploy
mkdir releases
then retry. The existence of releases is a hardcoded assumption in the source
References
grunt-deploy: deploy.js source