skip to Main Content

I am playing with Gitlab CI CD and docker. So far I have the following setup:

  • A server with gitlab-runner (docker executor)
  • A staging server with docker installed
  • A self-hosted GitLab instance

After building and pushing images to the container registry, I am trying to deploy the app on a staging server by doing following steps:

    - eval $(ssh-agent -s)
    - echo "$DEPLOY_SSH_PRIVATE_KEY" | tr -d 'r' | ssh-add - > /dev/null
    - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY_IMAGE
    - docker-compose -H "ssh://$DEPLOY_USER@$DEPLOY_SERVER" down --remove-orphans || true
    - docker-compose -H "ssh://$DEPLOY_USER@$DEPLOY_SERVER" pull
    - docker-compose -H "ssh://$DEPLOY_USER@$DEPLOY_SERVER" up -d

It fails on the 4th step, where as far as I understood, it points to wrong container registry:

error during connect: Get "http://docker.example.com/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.project%3Drepo_name%22%3Atrue%7D%7D&limit=0": command [ssh -l deployer — staging-server-ip docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=Host key verification failed.

Do I have to run docker login on a staging server as well, or what am I missing?

2

Answers


  1. Chosen as BEST ANSWER

    It turns out that there were several issues:

    1. Make sure to use the correct ssh key
    2. I had to run docker on the deployment server in rootles mode (Not sure if it's required)
    3. Also, on a client machine from where we try to connect to the deployment server, I had to disable strict host key checks in the /etc/ssh/ssh_config

  2. stderr=Host key verification failed happens when server’s public host key is not yet added to the client’s known_hosts file. If the client were connecting through a terminal, the server prompts the client to confirm if it is connected to the correct system. Answering Yes to this question, would add the server’s public host key to the clients ~/.ssh/known_hosts. But here since you are connecting to the server in a gitlab CI pipeline, you can use ssh-keyscan to gather ssh public host key from the server. Just insert the below code above line 4:

    ssh-keyscan $DEPLOY_SERVER >> ~/.ssh/known_hosts
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search