deployer Do not automatically populate known

Do not automatically populate known_hosts

Open antonmedv opened this issue 3 years ago • 1 comments

Currently, the known_host file is automatically updated based on repository config. It caused lots of problems and was not secure.

I'm going to delete this code and write a doc on how to manually update known_host for your repo provider.

Jan 05 '22 20:01 antonmedv

I'm also getting the getaddrinfo error when trying to use multiple deploy key on the same server as per Github docs recommended. I'm using Deployer 7.0.0-rc.3.

UPDATE: Not a solution to this issue, just a workaround: adding set('auto_ssh_keygen', false); to bypass populating known_hosts fixes my issue below.

In my `deploy.php` I set the repository to use an alias instead of just `github.com`:

set('repository', '[email protected]:testrepo/alias.git');

In the server ~/.ssh/config I have this entry setup:

Host github.com-alias
    Hostname github.com
    IdentityFile /home/deployer/.ssh/alias-deployer

I can successfully connect to Github using the alias when tested with SSH and cloning manually with Git from the server:

$ ssh -T [email protected]
Hi testrepo/alias! You've successfully authenticated, but GitHub does not provide shell access.

$ git clone [email protected]:testrepo/alias.git
Cloning into 'alias'...
remote: Enumerating objects: 4718, done.
remote: Counting objects: 100% (4718/4718), done.
remote: Compressing objects: 100% (2613/2613), done.
remote: Total 4718 (delta 3363), reused 3316 (delta 1970), pack-reused 0
Receiving objects: 100% (4718/4718), 42.25 MiB | 6.83 MiB/s, done.
Resolving deltas: 100% (3363/3363), done.

Full error that I get when running dep deploy -v:

> dep deploy -v
Using /home/pokgak/alias-test/vendor/bin/dep
task deploy:info                                                                                                                                                   
[alias.test] run locally git rev-parse --abbrev-ref HEAD
[alias.test] main
[alias.test] info deploying main
task deploy:setup
[alias.test] run [ -d /var/www/alias-test ] || mkdir -p /var/www/alias-test;
cd /var/www/alias-test;
[ -d .dep ] || mkdir .dep;
[ -d releases ] || mkdir releases;
[ -d shared ] || mkdir shared;
[alias.test] run if [ ! -L /var/www/alias-test/current ] && [ -d /var/www/alias-test/current ]; then echo +right; fi
task deploy:lock
[alias.test] run locally git config --get user.name
[alias.test] pokgak
[alias.test] run [ -f /var/www/alias-test/.dep/deploy.lock ] && echo +locked || echo 'pokgak' > /var/www/alias-test/.dep/deploy.lock
task deploy:release
[alias.test] run cd /var/www/alias-test && (if [ -h release ]; then echo +yes; fi)
[alias.test] +yes
[alias.test] run cd /var/www/alias-test && (rm -rf "$(readlink release)")
[alias.test] run cd /var/www/alias-test && (rm release)
[alias.test] run cd /var/www/alias-test && (if [ -d releases ] && [ "$(ls -A releases)" ]; then echo +correct; fi)
[alias.test] run cd /var/www/alias-test && (cat .dep/latest_release || echo 0)
[alias.test] 1
[alias.test] run cd /var/www/alias-test && (if [ -d releases/2 ]; then echo +indeed; fi)
[alias.test] run cd /var/www/alias-test && (echo 2 > .dep/latest_release)
[alias.test] run cd /var/www/alias-test && (echo '{"created_at":"2022-01-09T09:58:50+0000","release_name":"2","user":"pokgak","target":"HEAD"}' >> .dep/releases_log)
[alias.test] run cd /var/www/alias-test && (mkdir -p releases/2)
[alias.test] run cd /var/www/alias-test && ((man ln 2>&1 || ln -h 2>&1 || ln --help 2>&1) | grep -- --relative || true)
[alias.test]        -r, --relative
[alias.test] run cd /var/www/alias-test && (ln -nfs --relative releases/2 /var/www/alias-test/release)
task deploy:update_code
[alias.test] run command -v 'git' || which 'git' || type -p 'git'
[alias.test] /usr/bin/git
[alias.test] run ssh-keygen -F github.com-alias:22 || ssh-keyscan -p 22 -H github.com-alias >> ~/.ssh/known_hosts
[alias.test] getaddrinfo github.com-alias: Name or service not known
[alias.test] getaddrinfo github.com-alias: Name or service not known
[alias.test] getaddrinfo github.com-alias: Name or service not known
[alias.test] getaddrinfo github.com-alias: Name or service not known
[alias.test] getaddrinfo github.com-alias: Name or service not known
[alias.test]  error  in update_code.php on line 42:
[alias.test] exit code 1 (General error)
task deploy:failed
task deploy:unlock
[alias.test] run rm -f /var/www/alias-test/.dep/deploy.lock

Note: I renamed my actual repo and hostname to testrepo/alias and alias.test

Jan 09 '22 10:01 pokgak

deployer deployer copied to clipboard

Do not automatically populate known_hosts

deployer
deployer copied to clipboard