在这里的deploy_resource指南之后,我创建了我的deploy.rb配方(缩写):
deploy_branch "/var/www/html/ps" do
repo git@github.com:simonmorley/private-v2.git
ssh_wrapper "/tmp/.ssh/chef_ssh_deploy_wrapper.sh"
branch "rails4"
migrate false
environment "RAILS_ENV" => node[:ps][:rails_env]
purge_before_symlink %w{conf data log tmp public/system public/assets}
create_dirs_before_symlink []
symlinks( # the arrow is sort of reversed:
"conf" => "conf",# current/conf -> shared/conf
"data" => "data",# current/data -> shared/data
"log" => "log",# current/log -> shared/log
"tmp" => "tmp",# current/tmp -> shared/tmp
"system" => "public/system",# current/public/system -> shared/system
"assets" => "public/assets" # current/public/assets -> shared/assets
)
scm_provider Chef::Provider::Git # is the default,for svn: Chef::Provider::Subversion
notifies :restart,"service[ps]"
notifies :restart,"service[Nginx]"
end
在默认情况下,我有以下创建目录等.
directory "/tmp/.ssh" do action :create owner node[:base][:username] group node[:base][:username] recursive true end template "/tmp/.ssh/chef_ssh_deploy_wrapper.sh" do source "chef_ssh_deploy_wrapper.sh.erb" owner node[:base][:username] mode 0770 end # Put SSH private key to be used with SSH wrapper template "/tmp/.ssh/id_deploy" do source "id_rsa.pub.erb" owner node[:base][:username] mode 0600 end
在包装中:
#!/bin/sh exec ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "/tmp/.ssh/id_deploy" "$@"
我创建了一个公钥并将其上传到github.
当我部署配方时,它给了我一个错误:
deploy_branch[/var/www/html/ps] action deployEnter passphrase for key '/tmp/.ssh/id_deploy':
Obvs我没有设置密码……因此必须丢失私钥..
只是偶然,我从配方中删除了id_deploy键,删除了文件夹并再次运行它.低,看,它开始工作……原因是id_rsa.pub&&从我手动生成它们到测试时,id_rsa文件在/root/.ssh中.
我不明白我在这里做错了什么.因此,我的问题是:
>我在部署到的每个节点上是否需要私钥和公钥?文档没有提到这一点.
>这不应该作为非root用户部署吗?我在我的角色文件中设置了一个用户..
>为什么ssh_wrapper没有做到它应该做的事情
解决方法
只是为了澄清,这就是我为解决这个问题所做的.我不知道它是否正确,但它对我有用.
>生成一组public and private keys following this tutorial.
>将公钥添加到要克隆的Github存储库中.
>在我的默认配方中创建一个包含公钥和私钥的模板.见下文.
>为pub和私钥创建了相关模板.
>创建了chef_ssh_deploy_wrapper.sh.erb文件(见下文)
>创建了deploy.rb配方(见下文)
>上传并将食谱添加到我的角色.冉厨师 – 客户.
>嘿presto!坐下来喝啤酒,看看你的回购.聪明地克隆到你的目录.
模板如下:
创建目录和模板:
template "/tmp/.ssh/chef_ssh_deploy_wrapper.sh" do
source "chef_ssh_deploy_wrapper.sh.erb"
owner node[:base][:username]
mode 0770
end
template "/home/#{node[:base][:username]}/.ssh/id_rsa.pub" do
source "id_rsa.pub.erb"
owner node[:base][:username]
mode 0600
end
template "/home/#{node[:base][:username]}/.ssh/id_rsa" do
source "id_rsa.erb"
owner node[:base][:username]
mode 0600
end
创建一个ssh包装程序chef_ssh_deploy_wrapper.erb
#!/bin/sh
exec ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "/home/#{node[:base][:username]}/.ssh/id_rsa" "$@"
(确保您在此处使用私钥,否则将失败)
最后是deploy.rb配方:
deploy_branch node[:my_app][:deploy_to] do
repo node[:base][:repository]
ssh_wrapper "/tmp/.ssh/chef_ssh_deploy_wrapper.sh"
branch "rails4"
user node[:base][:username]
group node[:base][:username]
rollback_on_error true
migrate false
environment "RAILS_ENV" => node[:my_app][:environment]
purge_before_symlink %w{conf data log tmp public/system public/assets}
create_dirs_before_symlink []
symlinks(
"config" => "config","data" => "data","log" => "log","tmp" => "tmp","system" => "public/system","assets" => "public/assets"
)
scm_provider Chef::Provider::Git # is the default,for svn: Chef::Provider::Subversion
before_restart do
system("su #{node[:base][:username]} -c 'cd #{node[:my_app][:deploy_to]}/current && /usr/bin/bundle install'") or raise "bundle install Failed"
system("su #{node[:base][:username]} -c 'RAILS_ENV=production /usr/local/bin/rake assets:precompile'")
end
notifies :restart,"service[my_app]"
notifies :restart,"service[Nginx]"
end
之前重新启动已被替换,因为我们最初从源代码编译ruby但最终决定使用rvm.多用户安装更容易.
注意:我正在部署为sudo用户,如果你是以root身份进行部署(避免这种情况),请使用/root/.ssh路径.
我从this article那里获得了很多灵感.
祝你好运,我希望这对某人有所帮助.