Using GitLab CI to deploy to remote host over ssh
Create deployment user on your deploy server:
adduser deployusr
Adding user `deployusr' ...
Adding new group `deployusr' (1000) ...
Adding new user `deployusr' (1000) with group `deployusr' ...
Creating home directory `/home/deployusr' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for deployusr
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
Install MC:
apt-get install mc
Next, login by that user:
su deployusr
Generate ssh key pair. Do not add a passphrase to the SSH key, or the before_script will prompt for it:
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/deployusr/.ssh/id_rsa):
Created directory '/home/deployusr/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/deployusr/.ssh/id_rsa.
Your public key has been saved in /home/deployusr/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XbPwgpBEB889UhCMJhmm7NSoJ9o9lKvsFyV8EdG4lE8 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| o+*X+o. |
| . =o.B=Eo |
| =..+o=+ + o |
| + o.+..+ = o |
|o o o+ S o o |
|.+ o.. . |
|. . +. |
| . ... |
| .+. |
+----[SHA256]-----+
Next, run
ssh-copy-id [email protected]
Optional step: If cygwin is installed on your local machine, you can test connection with ssh key just created.
For this, copy ssh files from server to your local machine. I used to copying files with WinSCP. So, I copied files
Id_rsa.pub
Id_rsa
from servers /home/deployusr/.ssh to local machine to the directory c:\cygwin64\home\artkh\.ssh\ .
Open cygwin console, change permission of the copied file:
chmod 400 /home/artkh/.ssh/id_rsa
And try to connect to the server:
ssh [email protected]
This should open connection to your server console.
Then, create a new Secret Variable in your project settings on GitLab following Settings > Pipelines and look for the "Secret Variables" section. As Key add the name SSH_PRIVATE_KEY and in the Value field paste the content of your private key (/home/deployusr/.ssh/id_rsa) that you created earlier.
Add .gitlab-ci.yml file to the root directory of your GitLab project:
image: maven:latest
cache:
# untracked: true
key: QQQ3
paths:
- repo2/
stages:
- build
- deploy
before_script:
- apt-get update -y && apt-get upgrade -y
- apt-get install rsync -y
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
- ssh-add <(echo "$SSH_PRIVATE_KEY")
# For Docker builds disable host key checking. Be aware that by adding that
# you are suspectible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
# In order to properly check the server's host key, assuming you created the
# SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines
# instead.
# - mkdir -p ~/.ssh
# - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts'
maven-build:
stage: build
tags:
# - gitlab-org-high-cpu
# - 2gb
- docker
script:
- ls -a
- ls -a ~/
- ls -a /root/
- chmod +x apache-maven-3.5.0/bin/mvn
- chmod +x start.sh
- chmod +x mySite.service.sh
- apache-maven-3.5.0/bin/mvn package -B
- rm -rf .git
artifacts:
paths:
- .
#deployment-stage:
# stage: deploy
# script:
# - echo qqqqq
# - ls
# - pwd