github-action
github-action copied to clipboard
Host key verification failed.
Hey, I keep getting the "Host key verification failed." error.
What I've done so far:
- On Github, configured repo secret SSH_HOST_KEY (/root/.ssh/id_rsa.pub)
- On the server, created a new SSH key (/home/dokku/.ssh/deploy_key)
- On the server, added this SSH key to the SSH Agent
- On Github, configured repo secret SSH_PRIVATE_KEY (/home/dokku/.ssh/deploy_key)
- Updated the Action yaml file to use these variables & SSH as dokku user (as in the example)
- On Github, also configured repo 'Deploy key', taking the public key from the server (/home/dokku/.ssh/deploy_key.pub), following this doc
- On the server, added the SSH deploy key also to dokku via 'dokku ssh-keys:add deploy /home/dokku/.ssh/deploy_key.pub'
Unfortunately, keep getting the following result: What am I doing wrong?
Setting up SSH Key
Adding SSH_HOST_KEY to known_hosts
Adding SSH Key to ssh-agent
Agent pid 17
Identity added: /root/.ssh/id_rsa ([email protected])
Pushing to Dokku Host
Host key verification failed.
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
And my yaml file:
# deploy to dokku
name: 'deploy'
# yamllint disable-line rule:truthy
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Cloning repo
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Push to dokku
uses: dokku/github-action@master
with:
git_remote_url: 'ssh://[email protected]:22/appname'
ssh_host_key: ${{ secrets.SSH_HOST_KEY }}
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
From the docs:
The SSH_HOST_KEY value can be retrieved by calling
ssh-keyscan -t rsa $HOST
, where$HOST
is the Dokku server's hostname.
I think you are setting the wrong value there, or maybe not understanding what host keys verification does (it verifies the host is exactly the one you expect to talk to without any MITM attacks). Try either setting the correct value or dropping usage and your deploys should start working again.
Ah, added the host key as I was getting some authentication issues before. That was solved now, SSH access works. However, now running into the issue of being unable to find the repository / no permissions.
See below:
Setting up SSH Key
Generating SSH_HOST_KEY from ssh-keyscan against server3.rbnhd.nl:22
# server3.domain.nl:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
# server3.domain.nl:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
# server3.domain.nl:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
# server3.domain.nl:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
# server3.domain.nl:22 SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
Adding SSH Key to ssh-agent
Agent pid 24
Identity added: /root/.ssh/id_rsa ([email protected])
Pushing to Dokku Host
Warning: Permanently added the ECDSA host key for IP address '188.166.1.212' to the list of known hosts.
fatal: '/appname' does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I tried changing
git_remote_url: 'ssh://[email protected]:22/appname'
to
git_remote_url: 'ssh://[email protected]:appname',
but this gives me the error 'incorrect port' configured.
Als tried adding '.git' at the end of git_remote_url, same issue. The key which I'm using to push to the server, was added to dokku via 'dokku ssh-keys:add'.
Any clue?
You need to change appname
to match the name of the app you're deploying, and this app needs to exist on the dokku server:
dokku apps:create appname
Yep that’s done - for sake of simplicity using appname & server.hostname in this example.
Can you show the exact value you are setting for git_remote_url
? It seems like the app name isn't being parsed properly, so I wonder if something else is up.
Jup, find below the unmasked file:
# deploy to dokku
name: 'deploy'
# yamllint disable-line rule:truthy
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Cloning repo
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Push to dokku
uses: dokku/github-action@master
with:
git_remote_url: 'ssh://[email protected]:22/kamersoc-master'
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
And the app exists on the server:
I have the same problem with appname (for my case 'carpa') :(
@danialeresbar can you post your exact config (please don't redact anything) as well as the exact output that config is giving you?
Hi @josegonzalez My config is:
My output is:
My dokku apss:
I am sure that the key is configured correctly because it is the same that I use to deploy with
gi push
When I deploy with git there is no problem
I don't understand why I get the '/' character as a prefix of the app name. Is there any way to avoid it?
Yeah that seems like the bug in question. Can you copy-paste the exact config here (not a screenshot) of that workflow?
Ok, here it go:
name: CARPA CI/CD
on:
push:
branches: [master, develop]
pull_request:
branches: [master, develop]
jobs:
deploy:
runs-on: ubuntu-20.04
steps:
- name: Cloning repo
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Push to dokku
uses: dokku/github-action@master
with:
git_remote_url: 'ssh://[email protected]:22/carpa'
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
Great thanks, I'll try and replicate with this.
@josegonzalez Any progress?
No it was like 4am when I posted but I’ll have time this week at some point, maybe today
Ok thanks a lot :D
I just ran into this issue as well:
fatal: '/appname' does not appear to be a git repository
fatal: Could not read from remote repository.
It seems like when using the SSH form for Git URLs, it will look for the repo at an absolute path (see https://stackoverflow.com/questions/14348874/git-repository-url-ssh-syntax-without-absolute-path), hence this error message as Dokku will by default clone repos relative to the Dokku user's home directory, rather than the root directory.
When I specified git_remote_url
like git_remote_url: 'ssh://[email protected]:22/~/appname'
, rather than git_remote_url: 'ssh://[email protected]:22/appname'
, then this worked fine for me. Possibly the documentation/examples should indicate this?
This solved the issue for me! Thanks @bobwhitelock
When I specified git_remote_url like git_remote_url: 'ssh://[email protected]:22/~/appname', rather than git_remote_url: 'ssh://[email protected]:22/appname', then this worked fine for me.
Had the same issue, and this worked for me as well.
I've tried both
git_remote_url: 'ssh://[email protected]:22/~/appname'
and
git_remote_url: 'ssh://[email protected]:22/appname'
with a working Dokku install and both fail with
fatal: not a git repository (or any parent up to mount point /github)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
Running the usual git push dokku command works.
@danjac i think your issue is different, mind filing a separate issue?
@justinalexandershaw mind posting your complete workflow file? Additionally, if you push from a local install, what does your remote look like?
@josegonzalez sure!
#deploy.yaml
---
name: 'deploy'
# Triggers the workflow on push to main branch
on:
push:
branches:
- main
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Cloning repo
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Packages
run: npm install
- name: Build Project
run: npm run build
- name: Push to dokku
uses: dokku/github-action@master
with:
branch: main
git_remote_url: 'ssh://[email protected]:22/~/appname'
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
Remote is an EC2 running Ubuntu 20.04.2 LTS (GNU/Linux 5.4.0-1045-aws x86_64)
@josegonzalez it was a mistake on my part: needed to clone repo in previous step:
- name: Cloning repo
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Push to Dokku
uses: dokku/github-action@master
...
Plain git_remote_url i.e. /appname
not ~/appname
worked fine.
Now that I think of it, I remember our deploy pipeline working fine without the ~/appname
in our original build. We changed cloud providers recently and /appname
worked on the old one and failed on the new one (switched from a bare-metal host to AWS EC2). The fix for EC2 was to add the tilde. Maybe that will help someone?
@robinwo @bobwhitelock @danialeresbar you three wouldn't happen to also be on ec2, would you?
@justinalexandershaw how did you install on EC2?
@josegonzalez Nothing special about the install iirc. Just followed the docs: https://dokku.com/docs/getting-started/installation/#1-install-dokku
Mind posting the output of dokku report
?
click me
-----> uname: Linux webserver 5.4.0-1045-aws #47-Ubuntu SMP Tue Apr 13 07:02:25 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux-----> memory: total used free shared buff/cache available Mem: 7666 390 4602 1 2672 7009 Swap: 0 0 0 -----> docker version: Client: Docker Engine - Community Version: 20.10.7 API version: 1.41 Go version: go1.13.15 Git commit: f0df350 Built: Wed Jun 2 11:56:38 2021 OS/Arch: linux/amd64 Context: default Experimental: true
Server: Docker Engine - Community Engine: Version: 20.10.7 API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: b0f5bc3 Built: Wed Jun 2 11:54:50 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.6 GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d runc: Version: 1.0.0-rc95 GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 docker-init: Version: 0.19.0 GitCommit: de40ad0
-----> docker daemon info: Client: Context: default WARNING: No swap limit support Debug Mode: true Plugins: app: Docker App (Docker Inc., v0.9.1-beta3) buildx: Build with BuildKit (Docker Inc., v0.5.1-docker)
Server: Containers: 1 Running: 1 Paused: 0 Stopped: 0 Images: 5 Server Version: 20.10.7 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 1 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: d71fcd7d8303cbf684402823e425e9dd2e99285d runc version: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 init version: de40ad0 Security Options: apparmor seccomp Profile: default Kernel Version: 5.4.0-1045-aws Operating System: Ubuntu 20.04.2 LTS OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 7.487GiB Name: webserver ID: GERX:YFC3:5C6B:Z24Q:QDOD:5X5I:QTUI:R5EU:PPTR:6OUE:CMU6:6Z2R Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false
-----> git version: git version 2.25.1 -----> sigil version: 0.6.0 -----> herokuish version: herokuish: 0.5.28 buildpacks: heroku-buildpack-multi v1.0.0 heroku-buildpack-ruby v228 heroku-buildpack-nodejs v185 heroku-buildpack-clojure v87 heroku-buildpack-python v196 heroku-buildpack-java v69 heroku-buildpack-gradle v35 heroku-buildpack-scala v90 heroku-buildpack-play v26 heroku-buildpack-php v194 heroku-buildpack-go v153 buildpack-nginx v14 buildpack-null v3 -----> dokku version: dokku version 0.24.10 -----> plugn version: plugn: 0.6.1 -----> dokku plugins: 00_dokku-standard 0.24.10 enabled dokku core standard plugin 20_events 0.24.10 enabled dokku core events logging plugin app-json 0.24.10 enabled dokku core app-json plugin apps 0.24.10 enabled dokku core apps plugin builder 0.24.10 enabled dokku core builder plugin builder-dockerfile 0.24.10 enabled dokku core builder-dockerfile plugin builder-herokuish 0.24.10 enabled dokku core builder-herokuish plugin builder-pack 0.24.10 enabled dokku core builder-pack plugin buildpacks 0.24.10 enabled dokku core buildpacks plugin certs 0.24.10 enabled dokku core certificate management plugin checks 0.24.10 enabled dokku core checks plugin common 0.24.10 enabled dokku core common plugin config 0.24.10 enabled dokku core config plugin cron 0.24.10 enabled dokku core cron plugin docker-options 0.24.10 enabled dokku core docker-options plugin domains 0.24.10 enabled dokku core domains plugin enter 0.24.10 enabled dokku core enter plugin git 0.24.10 enabled dokku core git plugin letsencrypt 0.11.9 enabled Automated installation of let's encrypt TLS certificates logs 0.24.10 enabled dokku core logs plugin network 0.24.10 enabled dokku core network plugin nginx-vhosts 0.24.10 enabled dokku core nginx-vhosts plugin plugin 0.24.10 enabled dokku core plugin plugin proxy 0.24.10 enabled dokku core proxy plugin ps 0.24.10 enabled dokku core ps plugin repo 0.24.10 enabled dokku core repo plugin resource 0.24.10 enabled dokku core resource plugin scheduler-docker-local 0.24.10 enabled dokku core scheduler-docker-local plugin shell 0.24.10 enabled dokku core shell plugin ssh-keys 0.24.10 enabled dokku core ssh-keys plugin storage 0.24.10 enabled dokku core storage plugin tags 0.24.10 enabled dokku core tags plugin tar 0.24.10 enabled dokku core tar plugin trace 0.24.10 enabled dokku core trace plugin
@robinwo @bobwhitelock @danialeresbar you three wouldn't happen to also be on ec2, would you?
No, I'm using Linode