1

Situation: shell gitlab runner, certificate configured, ssh connected as follows:

ssh-keygen --> id_rsa & id_rsa.pub

ssh-copy-id <user>@<remotehost>

ssh <user>@<remotehost> works as designed

id_rsa -> gitlab cicd variable called 'SSH_PRIVATE_KEY'

gitlab-ci as follows:


before_script:
  - echo "Before script section"
  # Install ssh-agent if not already installed, it is required by Docker.
  # (change apt-get to yum if you use a CentOS-based image)
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'

  # Run ssh-agent (inside the build environment)
  - eval $(ssh-agent -s)

  # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  - ssh-add < ~/.ssh/id_rsa
  - ssh-add -l

build1:
  stage: build
  script:
    - echo "Pulling on Dev\n"
    - ssh -A <user>@<remotehost> 
    - hostname
    - ssh-agent bash -c 'hostname'
    - ssh-agent bash -c 'awk "NR==1{print;exit}" /etc/php7/php.ini'

Complication: when executing commands via gitlab-ci after the ssh connection, it seems to be executed on the gitlab machine. (php is installed on the ssh'ed system, not on gitlab)

See gitlab job output below:

...
eval $(ssh-agent -s)
Agent pid 1234
$ ssh-add < ~/.ssh/id_rsa
Identity added: /home/gitlab-runner/.ssh/id_rsa (/home/gitlab-runner/.ssh/id_rsa)
$ ssh-add -l
4096 SHA256:<KEY> /home/gitlab-runner/.ssh/id_rsa (RSA)

# same behaviour with ssh -T <user>@<ipaddress> -p <portnumber> 
$ ssh -A <user>@<ipaddress> -p <portnumber>
Pseudo-terminal will not be allocated because stdin is not a terminal.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ hostname
gitlab
$ ssh-agent bash -c 'hostname'
gitlab
$ ssh-agent bash -c 'awk "NR==1{print;exit}" /etc/php7/php.ini'
awk: cannot open /etc/php7/php.ini (No such file or directory)

In what way do I need to configure the system, so that the commands are actually run on the ssh'ed system?

Improve this question

2 Answers 2

Reset to default
1

I'm currently working with a solution which seems a bit too dirty for me. In the gitlab-ci I'm pulling and running phpunit as follows

ssh -T <user>@<remotehost>  "cd /var/www/projectfolder; git pull https://<gitlabUser>:$GITLAB_TOKEN@<privateGitlab>/<gitRepo>.git;"
ssh -T <user>@<remotehost>  "cd /var/www/projectfolder/tests; phpunit;"

ie, I'm using a new ssh each time I'd like to run a command, which doesnt quite seem right to me. Any suggestions are welcome!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

@til As per your suggestion request, single ssh command... 

ssh -T <user>@<remotehost>  "cd /var/www/projectfolder; git pull https://<gitlabUser>:$GITLAB_TOKEN@<privateGitlab>/<gitRepo>.git; cd /var/www/projectfolder/tests; phpunit;"
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.