docker-remote-deployment-action icon indicating copy to clipboard operation
docker-remote-deployment-action copied to clipboard

Published 20 hours ago verified publisher icon TapTap21

Github ssh add known hosts

Open Rukamakama opened this issue 2 years ago • 5 comments

Hello,

Am trying to use this action to deploy my containers with docker-compose. Here my ci file

  dev_deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Start Deployments
        uses: TapTap21/[email protected]
        with:
          remote_docker_host: ${{ secrets.DEV_HOST }}
          ssh_private_key: ${{ secrets.DEV_SSHKEY }}
          ssh_public_key: ${{ secrets.DEV_SSHKEY_PUB }}
          stack_file_name: docker-compose.yml
          docker_login_password: ${{ secrets.DIGITALOCEAN_USER }}
          docker_login_user: ${{ secrets.DIGITALOCEAN_ACCESS_PASSWORD }}
          docker_login_registry: registry.digitalocean.com
          args: up -d --build

This job is failing but the failure message is not clear to me. Here is the job logs

Registering SSH keys...
Agent pid 11
Identity added: /github/home/.ssh/id_rsa (/github/home/.ssh/id_rsa)
Add known hosts
# 1.1.1.1:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
# 1.1.1.1::22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
# 1.1.1.1::22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2
# 1.1.1.1::22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.2

Rukamakama avatar Apr 15 '22 14:04 Rukamakama

Hi @Rukamakama thanks for opening the issue.

Is there any additional info you can provide? What error does the action show when it fails?

TapTap21 avatar Apr 21 '22 06:04 TapTap21

Hi @Rukamakama thanks for opening the issue.

Is there any additional info you can provide? What error does the action show when it fails?

When it fails I just see above output from job logs

Rukamakama avatar Apr 22 '22 10:04 Rukamakama

Hi,

I had the same problem as @Rukamakama. The problem is ssh-keyscan can actually send output to stderr even during successful execution see https://serverfault.com/questions/636655/ssh-keyscan-stderr-comment-on-success.

Update: After debugging the container I found out that the second call of the ssh-keyscan exited with code 1. It has nothing to do with logs in stderr mentioned above. Sometimes there is an error message in stderr for example: write (xxx.xxx.xxx.xxx): Connection refused sometimes nothing is shown. I'm testing it with Digitalocean same as @Rukamakama, so my guess is rate-limiting from DO prevents the second call to finish successfully.

s7anley avatar May 24 '22 13:05 s7anley

@s7anley I tested locally and with EC2 and had no issues.

The rate-limiting could be an answer, but it does seem like a very low limit. A few other explanations:

  1. Providing the wrong ssh port would cause ssh-keyscan to fail with exit-code 1
  2. Perhaps there is a network timeout? ssh-keyscan has a default timeout of 5s. Please try running the ssh-keyscan commands locally. The timeout could be altered using the -T if flag. If this is the issue, I'll release an update to change the timeout.

I could release a "debug" version with all verbosity set to max? This will have to be under a different tag to prevent accidental verbosity in production environments.

TapTap21 avatar Jun 01 '22 09:06 TapTap21

After doing ssh-keygen -t rsa -b 4096 -C "user@host" -q -N "" and adding the key to cat id_rsa.pub >> authorized_keys on the server I got pass that error, but now I got:

Login Succeeded
Command: docker-compose -f docker-compose.yml pull
Traceback (most recent call last):
  File "/usr/bin/docker-compose", line 11, in <module>
    load_entry_point('docker-compose==1.25.4', 'console_scripts', 'docker-compose')()
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 72, in main
    command()
  File "/usr/lib/python3.8/site-packages/compose/cli/main.py", line 125, in perform_command
    project = project_from_options('.', options)
  File "/usr/lib/python3.8/site-packages/compose/cli/command.py", line 54, in project_from_options
    return get_project(
  File "/usr/lib/python3.8/site-packages/compose/cli/command.py", line 1[47](https://github.com/Awerito/fastapi-mongodb/runs/7361520218?check_suite_focus=true#step:4:48), in get_project
    client = get_client(
  File "/usr/lib/python3.8/site-packages/compose/cli/command.py", line 118, in get_client
    client = docker_client(
  File "/usr/lib/python3.8/site-packages/compose/cli/docker_client.py", line 127, in docker_client
    client = APIClient(**kwargs)
  File "/usr/lib/python3.8/site-packages/docker/api/client.py", line 165, in __init__
    self._custom_adapter = SSHHTTPAdapter(
  File "/usr/lib/python3.8/site-packages/docker/transport/sshconn.py", line 111, in __init__
    self._connect()
  File "/usr/lib/python3.8/site-packages/docker/transport/sshconn.py", line 119, in _connect
    self.ssh_client.connect(**self.ssh_params)
  File "/usr/lib/python3.8/site-packages/paramiko/client.py", line 435, in connect
    self._auth(
  File "/usr/lib/python3.8/site-packages/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/usr/lib/python3.8/site-packages/paramiko/client.py", line 740, in _auth
    self._transport.auth_publickey(username, key)
  File "/usr/lib/python3.8/site-packages/paramiko/transport.py", line 1580, in auth_publickey
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/lib/python3.8/site-packages/paramiko/auth_handler.py", line 2[50](https://github.com/Awerito/fastapi-mongodb/runs/7361520218?check_suite_focus=true#step:4:51), in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

Awerito avatar Jul 15 '22 16:07 Awerito