We use git for version control. Right now only my account seems to be able to deploy successfully to a remote server for several apps, but I don't know why. I would like to set it up so that deploying works for other people at my company, but I don't really have the full picture laid out in my head so I don't know what needs to be done.
To me it seems like whoever wants to deploy needs a: user account on the server, an account on github, and permission to pull...? However, other users seem to have the notorious Permission denied (publickey). fatal: The remote end hung up unexpectedly and other errors.
Can anyone provide a short list of what I need to do on the server (make an account, add ssh keys or something?) and git (ssh keys again? not sure) to get the deploy to work?
Capistrano assumes you can ssh into the server you are deploying to. You are probably using a communal apps, deployer, or some other app-specific user to deploy your app. This will be the user that is set in your deploy.rb file.
You will need to copy everyone's public key into the authorized_keys of whatever your deploying user is. That is just how Capistrano works.
Related
Our company wants to build a Rails-based backend website and we chose the OpenShift platform to host and deploy. To connect the two, all the guides lead to the installation of the ruby rhc gem and then setup it.
I'm fresh to OpenShift and I'm trying to setup the rhc toolkit on a remote Ubuntu server. Now I ran gem install rhc and everything went fine. Since I have to configure rhc through rhc setup, I ran this command afterwards and just after asking which server I want to use (I left it blank to use openshift.redhat.com) it comes to the login part.
At this moment, OpenShift Online allows you to login only with your GitHub account, so I gave in the GitHub credentials and... voilà! Username or password is not correct. Tried this both on PuTTy and ConEmu.
I swear I checked the login data more than 1000 times, and I'm totally lost.
Thank you a lot in advance
If you want to use OpenShift Online NextGen Developer Preview, you do not use the rhc client. You need to use the oc client. So anything you read where it says rhc is the wrong documentation.
Once you are logged in through the new web console, select on the '?' in circle top right and select command line tools. It will give you links to the 'oc' tools to download, plus the command you need to run to login from the command line using a session access token.
The link to that page should be:
https://console.preview.openshift.com/console/command-line
Also suggest you get down and use the free eBook for the new platform at:
https://www.openshift.com/promotions/for-developers.html
It uses a VM, but ignore the client login step from that and use that from page above instead and then follow examples in the book against the Online NextGen Developer Preview instead.
I have this scenario:
I need to provide the same application to different clients, but they would have access to their own database and their own heroku account.
For example if I have 20 clients, when I make a push to my github repo, all their apps who are connected to my repo should be deployed(and run a rake task like db:migrate)...so I can easily update the application.
The clients shouldn't have access to the application source, just to their own database and command line.
Can anyone tell me how this can be achieved with heroku? Are there any services that do that?
Thanks
This question might be considered duplicate of this: Unable to use heroku gem cli after password changes, but it is not.
In my case I have the latest Mac OS X 10.8.3 and I've installed brand new Heroku tool belt. First thing I've tried is to authenticate by issuing this:
heroku login
I was asked for my Heroku credentials, which I've entered (many-many times), but I got "Authentication Failed" message.
I've tried signing in with my credentials to Heroku website multiple times from different browsers - it all works, but I can't authenticate with Heroku CLI.
I don't have ~/.netrc file, I don't have any fancy firewall software on my Mac. What am I possibly doing wrong?
Thanks,
Alex.
Update 03/18/2013 9 PM Mountain:
This is the Heroku issue and they are looking into it:
Sounds like it might be an SSH key issue.
Here is a good guide to resolving it.
https://devcenter.heroku.com/articles/keys
Heroku engineers have fixed it and I was able to authenticate. Thank you, Heroku!
I set up a rails app on a laptop, and started local git repository on that lap top.
I've copied that app folder onto another machine - using copy & paste.
From the second machine, I'm trying to deploy the app to Heroku.
I'm getting the following error -
! my.personal.email#gmail.com not authorized to access little-extras
I'd like to change the repo to be associated with the email I use for on my second laptop. As this is the email I have connected to my heroku account.
how can I do this?
Your ssh key is associated with a different account than you created the application with. One way to deal with this is to share the app with the account that the ssh key is associated with:
heroku sharing:add my.personal.email#gmail.com
I'd guess you probably need to run heroku auth:login.
I am getting ready to deploy to a true production environment. When I say true I mean that my current production environment will now be staging because there is other crap on the server and I am creating a new larger slice for what will actually be my production machine.
The capistrano-ext gem has made separating the deploy recipes quite easy. However, one issue I run into is getting my code from one slice to another. I have a git repo set up on my staging slice that I will be using for production. The flow will be:
Develop locally
Test locally
Push from local to stage
Test on stage
Push from stage to production
...
Therefore I obviously need a way to establish a secure connection between staging and production. When deploying to production, I get a "Permission denied (publickey)." error because this is not set up. How can I establish this connection? Do I need to generate keys on my production server and put the public on my staging? How do I know what user on my production server is trying to connect to my staging server?
Branches and capistrano multistage are your friends.
To solve the production not having access to the git repo issue, try…
set :deploy_via, :copy
…this deploys by checking out locally, and pushing a tar ball.
I find that branching or version tagging works much better for differentiating staging vs. production when using Capistrano.
For example, set up a 'staging' and 'production' branch for your application and use your source control tools to manage migrating changes from one to the next. During deployment simply deploy as you usually would, but with a particular branch instead of the main one.
It's not necessary to promote directly from staging to production, and in fact, this may be considered a bad idea since anyone with access to the staging machine potentially has access to the production server. In most environments a staging server is treated much more casually than the production site, so the security profile is usually quite different.
Do I need to generate keys on my production server and put the public on my staging?
Yes.
How do I know what user on my production server is trying to connect to my staging server?
The productionuser will be whatever user you connect with (see :user). The staginguser will be from the git url (see :repository).
When you use
set :deploy_via, :remote_cache
(which is the default), two ssh connections are actually occurring. The first one is from your local machine to production, and it uses the 'user' as configured in your recipe.
set :user, 'www-data'
The second ssh connection is made by that user, on production, to your git origin. So if git origin is on staging, the production user is trying to connect back to staging to pull code from git.
set :repository, "staginguser#staging.com:project.git"
Try this: ssh to production as the user. Then run the failing command by hand. You'll see the "permission denied" and maybe a prompt for a password. Add the public key of the staging server user to the production box and things should work better.
There's also:
set :gateway, 'staging server ip'
which should allow you to tunnel all the way through to your firewalled production box. But if you're deploying from staging you need to set up keys on the staging box if you're going to go through it that way.
On a side note, it's important to be able to do this whole process from your home box, staging really shouldn't need to have a capistrano gem, the hope is that you can do the whole process without ever having to actually log into a server. That includes logging in to your staging server. :)
If there's an issue of data pushing between the two this could easily be added onto just the production config so that it automatically takes data from staging and rsync's it over.