Using GitLab CI to deploy to remote host over ssh
Create deployment user on your deploy server:
adduser deployusr Adding user `deployusr' ... Adding new group `deployusr' (1000) ... Adding new user `deployusr' (1000) with group `deployusr' ... Creating home directory `/home/deployusr' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for deployusr Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] Y
apt-get install mc
Next, login by that user:
Generate ssh key pair. Do not add a passphrase to the SSH key, or the before_script will prompt for it:
ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/deployusr/.ssh/id_rsa): Created directory '/home/deployusr/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/deployusr/.ssh/id_rsa. Your public key has been saved in /home/deployusr/.ssh/id_rsa.pub. The key fingerprint is: SHA256:XbPwgpBEB889UhCMJhmm7NSoJ9o9lKvsFyV8EdG4lE8 [email protected] The key's randomart image is: +---[RSA 2048]----+ | o+*X+o. | | . =o.B=Eo | | =..+o=+ + o | | + o.+..+ = o | |o o o+ S o o | |.+ o.. . | |. . +. | | . ... | | .+. | +----[SHA256]-----+
ssh-copy-id [email protected]
Optional step: If cygwin is installed on your local machine, you can test connection with ssh key just created.
For this, copy ssh files from server to your local machine. I used to copying files with WinSCP. So, I copied files
from servers /home/deployusr/.ssh to local machine to the directory c:\cygwin64\home\artkh\.ssh\ .
Open cygwin console, change permission of the copied file:
chmod 400 /home/artkh/.ssh/id_rsa
And try to connect to the server:
This should open connection to your server console.
Then, create a new Secret Variable in your project settings on GitLab following Settings > Pipelines and look for the "Secret Variables" section. As Key add the name SSH_PRIVATE_KEY and in the Value field paste the content of your private key (/home/deployusr/.ssh/id_rsa) that you created earlier.
Add .gitlab-ci.yml file to the root directory of your GitLab project:
image: maven:latest cache: # untracked: true key: QQQ3 paths: - repo2/ stages: - build - deploy before_script: - apt-get update -y && apt-get upgrade -y - apt-get install rsync -y # Install ssh-agent if not already installed, it is required by Docker. # (change apt-get to yum if you use a CentOS-based image) - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )' # Run ssh-agent (inside the build environment) - eval $(ssh-agent -s) # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store - ssh-add <(echo "$SSH_PRIVATE_KEY") # For Docker builds disable host key checking. Be aware that by adding that # you are suspectible to man-in-the-middle attacks. # WARNING: Use this only with the Docker executor, if you use it with shell # you will overwrite your user's SSH config. - mkdir -p ~/.ssh - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' # In order to properly check the server's host key, assuming you created the # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines # instead. # - mkdir -p ~/.ssh # - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts' maven-build: stage: build tags: # - gitlab-org-high-cpu # - 2gb - docker script: - ls -a - ls -a ~/ - ls -a /root/ - chmod +x apache-maven-3.5.0/bin/mvn - chmod +x start.sh - chmod +x mySite.service.sh - apache-maven-3.5.0/bin/mvn package -B - rm -rf .git artifacts: paths: - . #deployment-stage: # stage: deploy # script: # - echo qqqqq # - ls # - pwd