问题
I'm trying to deploy my application using Capistrano towards my DigitalOcean server.
This isn't the first time I've configured a RoR server on DigitalOcean with Capistrano deploys that's why I'm confused; I haven't changed anything in my workflow.
Here is my Capistrano configuration file:
require 'bundler/capistrano'
require 'rvm/capistrano'
set :application, "foobar"
set :repository, "git@bitbucket.org:sergiotapia/foobar.git"
set :ping_url, "http://192.168.1.1/"
set :scm, :git
set :scm_verbose, true
default_run_options[:pty] = true
set :user, "sergiotapia" # The user on the VPS server.
set :password, "hunter2"
set :use_sudo, false
set :deploy_to, "/home/sergiotapia/www/#{application}"
set :deploy_via, :remote_cache
set :keep_releases, 1
set :rails_env, "production"
set :migrate_target, :latest
role :web, "192.168.1.1"
role :app, "192.168.1.1"
namespace :deploy do
task :start do ; end
task :stop do ; end
task :restart, roles: :app, except: { no_release: true } do
run "sudo touch #{File.join(current_path,'tmp','restart.txt')}"
end
end
# Add this to add the `deploy:ping` task:
namespace :deploy do
task :ping do
system "curl --silent #{fetch(:ping_url)}"
end
end
namespace :gems do
task :bundle, :roles => :app do
run "cd #{release_path} && bundle install --without development && rake db:migrate RAILS_ENV=production"
end
end
after "deploy:update_code", "gems:bundle"
# Add this to automatically ping the server after a restart:
after "deploy:restart", "deploy:ping"
When running a cap deploy:setup and cap deploy:check everything comes back green-lighted (working fine).
It fails on the actual cap deploy command.
** [192.168.1.1 :: out] Enter passphrase for key '/home/sergiotapia/.ssh/id_rsa':
Password:
** [192.168.1.1 :: out]
** [192.168.1.1 :: out] Permission denied (publickey).
** [192.168.1.1 :: out]
** [192.168.1.1 :: out] fatal: Could not read from remote repository.
** [192.168.1.1 :: out]
** [192.168.1.1 :: out]
** [192.168.1.1 :: out] Please make sure you have the correct access rights
** [192.168.1.1 :: out]
** [192.168.1.1 :: out] and the repository exists.
** [192.168.1.1 :: out]
I've already added my id_rsa.pub file to BitBucket and also made sure it's added to my SSH agent using the ssh-add -l command.
Even testing out SSH from the remote server works fine:
sergiotapia@tappia:~/www$ ssh -T git@bitbucket.org
logged in as sergiotapia.
You can use git or hg to connect to Bitbucket. Shell access is disabled.
So what gives, why is denying me access to the repository on BitBucket?
Is Capistrano running as a user other than sergiotapia? Would that be the cause of it?
回答1:
Make sure to add your ssh key to the authentication agent:
ssh-add ~/.ssh/id_rsa
and ensure in deploy.rb
ssh_options[:forward_agent] = true
Edit: If you are losing the ssh-add configuration on reboots, you should do the following:
As of macOS Sierra 10.12.2 Apple added an ssh_config option called UseKeychain which allows a 'proper' resolution to the problem. Add the following to your ~/.ssh/config file:
Host *
AddKeysToAgent yes
UseKeychain yes
回答2:
- You can setup the SSH agent on the :app server,
- Setup keys that do not require a passphrase between the :app server and bitbucket.
- Change deploy_via to: :deploy_via, :copy (No need for the deployed server to checkout files, potentially slower though.)
来源:https://stackoverflow.com/questions/18435808/capistrano-bitbucket-permission-denied-publickey