Search code examples
node.jsshellexpressgitlabgitlab-ci-runner

SSH error when trying to deploy to Digital Ocean via Gitlab CI/CD

Good Evening, I am trying to deploy to Digital Ocean via a Gitlab CI/CD pipeline, but when I run the pipeline I get a: "chmod: /root/.ssh/id_rsa: No such file or directory $ chmod og= ~/.ssh/id_rsa Cleaning up file based variables 00:00 ERROR: Job failed: exit code 1".

For some reason its not using the user that I have made for deployment, and is using the root, but when I use the cat command to view the ssh key in my server it shows in both root and deployer user. The below is my .yml file.

before_script:
  - echo $PATH
  - pwd
  - whoami 
  - mkdir -p ~/.ssh
  - cd ~/.ssh
  - echo "$SSH_PRIVATE_KEY" | tr -d '\r' > id_rsa
  - echo "$SSH_PUBLIC_KEY" | tr -d '\r' > id_rsa.pub
  - chmod 700 id_rsa id_rsa.pub
  - cp id_rsa.pub authorized_keys
  - cp id_rsa.pub known_hosts
  - ls -ld *
  - cd -

stages:
  - build
  - publish
  - deploy

variables:
  TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
  TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA

build:
  image: node:latest
  stage: build
  script:
    - npm install
    - echo   "ACCOUNT_SID=$ACCOUNT_SID" >> .env
    - echo   "AUTH_TOKEN=$AUTH_TOKEN" >> .env
    - echo   "API_KEY=$API_KEY" >> .env
    - echo   "API_SECRET=$API_SECRET" >> .env
    - echo   "PHONE_NUMBER=$PHONE_NUMBER" >> .env
    - echo    "sengrid_api=$sengrid_api" >> .env

publish:
  image: docker:latest
  stage: publish
  services:
    - docker:dind
  script:
    - docker build . -t $TAG_COMMIT -t $TAG_LATEST 
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
    - docker push $TAG_COMMIT
    - docker push $TAG_LATEST

deploy:
  image: alpine:latest
  stage: deploy
  tags:
    - deployment
  script:
    - whoami
    - uname -a
    - echo "user $SERVER_USER"
    - echo "ip $SERVER_IP"
    - echo "id_rsa $ID_RSA"
    - (which ifconfig) || (apt install net-tools)
    - /sbin/ifconfig
    - touch blah
    - find .
    - apk update && apk add openssh-client
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f my-app || true"
    - ssh  -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p 80:3000 --name my-app $TAG_COMMIT"
  environment:
    name: production
    url: http://167.172.225.124
  only:
    - master

Solution

  • The prerequisites of the DigitalOcean tutorial you are following include a sudo non-root user, and a user account on a GitLab instance with an enabled container registry.

    The gitlab-runner service installed through script.deb.sh should need a non-root user’s password to proceed.

    And it involves creating a user that is dedicated for the deployment task, with a CI/CD pipeline configured later to log in to the server with that user.

    That means the gitlab-ci is not supposed to be executed by root, which is not involved at any stage.