ruby-on-rails – 主厨deploy_resource私有repo,ssh部署密钥和ssh_wrapper

前端之家收集整理的这篇文章主要介绍了ruby-on-rails – 主厨deploy_resource私有repo,ssh部署密钥和ssh_wrapper前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有很多麻烦让我的厨师食谱克隆私人回购.好吧,我昨天工作了,但是在我的Vagrant盒子’cheffin’六次之后,我已经打破了它.你可能猜到我是厨师新手.

在这里的deploy_resource指南之后,我创建了我的deploy.rb配方(缩写):

deploy_branch "/var/www/html/ps" do
  repo              git@github.com:simonmorley/private-v2.git
  ssh_wrapper       "/tmp/.ssh/chef_ssh_deploy_wrapper.sh"
  branch            "rails4"
  migrate           false
  environment       "RAILS_ENV" => node[:ps][:rails_env] 
  purge_before_symlink %w{conf data log tmp public/system public/assets}
  create_dirs_before_symlink []
  symlinks(                        # the arrow is sort of reversed:
    "conf"   => "conf",# current/conf          -> shared/conf
    "data"   => "data",# current/data          -> shared/data
    "log"    => "log",# current/log           -> shared/log
    "tmp"    => "tmp",# current/tmp           -> shared/tmp
    "system" => "public/system",# current/public/system -> shared/system
    "assets" => "public/assets"    # current/public/assets -> shared/assets
  )
  scm_provider Chef::Provider::Git # is the default,for svn: Chef::Provider::Subversion
  notifies :restart,"service[ps]"
  notifies :restart,"service[Nginx]"
end

在默认情况下,我有以下创建目录等.

directory "/tmp/.ssh" do
  action :create
  owner node[:base][:username]
  group node[:base][:username]
  recursive true
end

template "/tmp/.ssh/chef_ssh_deploy_wrapper.sh" do
  source "chef_ssh_deploy_wrapper.sh.erb"
  owner node[:base][:username]
  mode 0770
end

# Put SSH private key to be used with SSH wrapper
template "/tmp/.ssh/id_deploy" do
  source "id_rsa.pub.erb"
  owner node[:base][:username]
  mode 0600
end

在包装中:

#!/bin/sh
exec ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "/tmp/.ssh/id_deploy" "$@"

我创建了一个公钥并将其上传到github.

当我部署配方时,它给了我一个错误

deploy_branch[/var/www/html/ps] action deployEnter passphrase for key '/tmp/.ssh/id_deploy':

Obvs我没有设置密码……因此必须丢失私钥..

只是偶然,我从配方中删除了id_deploy键,删除文件夹并再次运行它.低,看,它开始工作……原因是id_rsa.pub&&从我手动生成它们到测试时,id_rsa文件在/root/.ssh中.

我不明白我在这里做错了什么.因此,我的问题是:

>我在部署到的每个节点上是否需要私钥和公钥?文档没有提到这一点.
>这不应该作为非root用户部署吗?我在我的角色文件中设置了一个用户..
>为什么ssh_wrapper没有做到它应该做的事情

解决方法

花了好几天时间才弄清楚这一点.

只是为了澄清,这就是我为解决这个问题所做的.我不知道它是否正确,但它对我有用.

>生成一组public and private keys following this tutorial.
>将公钥添加到要克隆的Github存储库中.
>在我的默认配方中创建一个包含公钥和私钥的模板.见下文.
>为pub和私钥创建了相关模板.
>创建了chef_ssh_deploy_wrapper.sh.erb文件(见下文)
>创建了deploy.rb配方(见下文)
>上传并将食谱添加到我的角色.冉厨师 – 客户.
>嘿presto!坐下来喝啤酒,看看你的回购.聪明地克隆到你的目录.

模板如下:

创建目录和模板:

template "/tmp/.ssh/chef_ssh_deploy_wrapper.sh" do
  source "chef_ssh_deploy_wrapper.sh.erb"
  owner node[:base][:username]
  mode 0770
end

template "/home/#{node[:base][:username]}/.ssh/id_rsa.pub" do
  source "id_rsa.pub.erb"
  owner node[:base][:username]
  mode 0600
end

template "/home/#{node[:base][:username]}/.ssh/id_rsa" do
  source "id_rsa.erb"
  owner node[:base][:username]
  mode 0600
end

创建一个ssh包装程序chef_ssh_deploy_wrapper.erb

#!/bin/sh
exec ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "/home/#{node[:base][:username]}/.ssh/id_rsa" "$@"

(确保您在此处使用私钥,否则将失败)

最后是deploy.rb配方:

deploy_branch node[:my_app][:deploy_to] do
  repo              node[:base][:repository]
  ssh_wrapper       "/tmp/.ssh/chef_ssh_deploy_wrapper.sh"
  branch            "rails4"
  user               node[:base][:username]
  group              node[:base][:username]
  rollback_on_error  true
  migrate            false
  environment        "RAILS_ENV" => node[:my_app][:environment] 
  purge_before_symlink %w{conf data log tmp public/system public/assets}
  create_dirs_before_symlink []
  symlinks(                        
    "config"   => "config","data"   => "data","log"    => "log","tmp"    => "tmp","system" => "public/system","assets" => "public/assets"  
  )
  scm_provider Chef::Provider::Git # is the default,for svn: Chef::Provider::Subversion
  before_restart do
    system("su #{node[:base][:username]} -c 'cd #{node[:my_app][:deploy_to]}/current && /usr/bin/bundle install'") or raise "bundle install Failed"
    system("su #{node[:base][:username]} -c 'RAILS_ENV=production /usr/local/bin/rake assets:precompile'")
  end
  notifies :restart,"service[my_app]"
  notifies :restart,"service[Nginx]"
end

之前重新启动已被替换,因为我们最初从源代码编译ruby但最终决定使用rvm.多用户安装更容易.

注意:我正在部署为sudo用户,如果你是以root身份进行部署(避免这种情况),请使用/root/.ssh路径.

我从this article那里获得了很多灵感.

祝你好运,我希望这对某人有所帮助.

猜你在找的Ruby相关文章