CentOS Question posted in
The official documentation can be found here.

how to execute commands via ssh shell runner from private gitlab to private server – CentOS

Situation:
shell gitlab runner, certificate configured, ssh connected as follows:

ssh-keygen --> id_rsa & id_rsa.pub

ssh-copy-id <user>@<remotehost>

ssh <user>@<remotehost> works as designed

id_rsa -> gitlab cicd variable called 'SSH_PRIVATE_KEY'

gitlab-ci as follows:


before_script:
  - echo "Before script section"
  # Install ssh-agent if not already installed, it is required by Docker.
  # (change apt-get to yum if you use a CentOS-based image)
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'

  # Run ssh-agent (inside the build environment)
  - eval $(ssh-agent -s)

  # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
  - ssh-add < ~/.ssh/id_rsa
  - ssh-add -l

build1:
  stage: build
  script:
    - echo "Pulling on Devn"
    - ssh -A <user>@<remotehost> 
    - hostname
    - ssh-agent bash -c 'hostname'
    - ssh-agent bash -c 'awk "NR==1{print;exit}" /etc/php7/php.ini'

Complication:
when executing commands via gitlab-ci after the ssh connection, it seems to be executed on the gitlab machine. (php is installed on the ssh’ed system, not on gitlab)

See gitlab job output below:

...
eval $(ssh-agent -s)
Agent pid 1234
$ ssh-add < ~/.ssh/id_rsa
Identity added: /home/gitlab-runner/.ssh/id_rsa (/home/gitlab-runner/.ssh/id_rsa)
$ ssh-add -l
4096 SHA256:<KEY> /home/gitlab-runner/.ssh/id_rsa (RSA)

# same behaviour with ssh -T <user>@<ipaddress> -p <portnumber> 
$ ssh -A <user>@<ipaddress> -p <portnumber>
Pseudo-terminal will not be allocated because stdin is not a terminal.

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
$ hostname
gitlab
$ ssh-agent bash -c 'hostname'
gitlab
$ ssh-agent bash -c 'awk "NR==1{print;exit}" /etc/php7/php.ini'
awk: cannot open /etc/php7/php.ini (No such file or directory)

In what way do I need to configure the system, so that the commands are actually run on the ssh’ed system?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I'm currently working with a solution which seems a bit too dirty for me. In the gitlab-ci I'm pulling and running phpunit as follows

    ssh -T <user>@<remotehost>  "cd /var/www/projectfolder; git pull https://<gitlabUser>:$GITLAB_TOKEN@<privateGitlab>/<gitRepo>.git;"
ssh -T <user>@<remotehost>  "cd /var/www/projectfolder/tests; phpunit;"

    ie, I'm using a new ssh each time I'd like to run a command, which doesnt quite seem right to me. Any suggestions are welcome!


  2. 0

    @til As per your suggestion request, single ssh command… 

    ssh -T <user>@<remotehost>  "cd /var/www/projectfolder; git pull https://<gitlabUser>:$GITLAB_TOKEN@<privateGitlab>/<gitRepo>.git; cd /var/www/projectfolder/tests; phpunit;"
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search