Gitlab CI SSH Deploy

  1. Create SSH Key on Remote host
Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$ remote-server: ssh-keygen -o -t rsa -b 4096 -C "yoru@email.com"
$ remote-server: ssh-keygen -o -t rsa -b 4096 -C "yoru@email.com"
 $ remote-server: ssh-keygen -o -t rsa -b 4096 -C "yoru@email.com"

2. Copy Generated Private key from remote Server

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$ remote-server: cat .ssh/id_rsa
$ remote-server: cat .ssh/id_rsa
$ remote-server: cat .ssh/id_rsa

3. Save this Generated Private Key in to Gitlab as this case LIVE_SSH_KEY

4. Generate SS Key for gitlab-runner or root user from Gitlab Server

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$gitlab-runner@gitlab-server: ssh-keygen -o -t rsa -b 4096
$gitlab-runner@gitlab-server: ssh-keygen -o -t rsa -b 4096
$gitlab-runner@gitlab-server: ssh-keygen -o -t rsa -b 4096

5. Write Gitlab Runner Public key on the Remote Server

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
$gitlab-runner@gitlab-server: cat ~/.ssh/id_rsa.pub | ssh yoursshusername@remote-server.com 'cat >> .ssh/authorized_keys'
$gitlab-runner@gitlab-server: cat ~/.ssh/id_rsa.pub | ssh yoursshusername@remote-server.com 'cat >> .ssh/authorized_keys'
$gitlab-runner@gitlab-server: cat ~/.ssh/id_rsa.pub | ssh yoursshusername@remote-server.com 'cat >> .ssh/authorized_keys'

Now, SSH without Password connection completed.

6. Creating our gitlab-ci.yml for Auto deployment (For information, in this example, i have two http request added for DB update actions and etc., if you not need, please not using this curl requests)

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
image: ubuntu
before_script:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- mkdir -p ~/.ssh
- echo "$DEV_SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
- chmod 700 ~/.ssh/id_rsa
- eval "$(ssh-agent -s)"
- ssh-add ~/.ssh/id_rsa
- ssh-keyscan -H 'remote-server.com' >> ~/.ssh/known_hosts
- apt-get install rsync -y -qq
- apt-get install curl -y -qq
stages:
- deploy_production
- deploy_live
deploy_production:
stage: deploy_production
script:
# Upload .htaccess for Waiting.
- rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/production/directory/
# Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess
- ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess"
# Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files
- rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/production/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess' --exclude '.htaccess_lock'
# DB UPDATE EXAMPLE
- curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123'
# ROLLBACK THE .htaccess workflow
- ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess"
only:
- master
deploy_live:
stage: deploy_live
script:
# Upload .htaccess for Waiting.
- rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/live/directory/
# Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess
- ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess"
# Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files
- rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/live/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess' --exclude '.htaccess_lock'
# DB UPDATE EXAMPLE
- curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123'
# ROLLBACK THE .htaccess workflow
- ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess"
only:
- develop
image: ubuntu before_script: - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )' - eval $(ssh-agent -s) - mkdir -p ~/.ssh - echo "$DEV_SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa - chmod 700 ~/.ssh/id_rsa - eval "$(ssh-agent -s)" - ssh-add ~/.ssh/id_rsa - ssh-keyscan -H 'remote-server.com' >> ~/.ssh/known_hosts - apt-get install rsync -y -qq - apt-get install curl -y -qq stages: - deploy_production - deploy_live deploy_production: stage: deploy_production script: # Upload .htaccess for Waiting. - rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/production/directory/ # Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess - ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess" # Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files - rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/production/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess' --exclude '.htaccess_lock' # DB UPDATE EXAMPLE - curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123' # ROLLBACK THE .htaccess workflow - ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess" only: - master deploy_live: stage: deploy_live script: # Upload .htaccess for Waiting. - rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/live/directory/ # Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess - ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess" # Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files - rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/live/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess' --exclude '.htaccess_lock' # DB UPDATE EXAMPLE - curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123' # ROLLBACK THE .htaccess workflow - ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess" only: - develop
image:  ubuntu

before_script:
  - 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
  - eval $(ssh-agent -s)
  - mkdir -p ~/.ssh
  - echo "$DEV_SSH_PRIVATE_KEY" | tr -d '\r' > ~/.ssh/id_rsa
  - chmod 700 ~/.ssh/id_rsa
  - eval "$(ssh-agent -s)"
  - ssh-add ~/.ssh/id_rsa
  - ssh-keyscan -H 'remote-server.com' >> ~/.ssh/known_hosts
  - apt-get install rsync -y -qq
  - apt-get install curl -y -qq

stages:
  - deploy_production
  - deploy_live



deploy_production:
  stage: deploy_production
  script:
    # Upload .htaccess for Waiting.
    - rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/production/directory/
    # Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess"
    # Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files
    - rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/production/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess'  --exclude '.htaccess_lock'
    # DB UPDATE EXAMPLE
    - curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123'
    # ROLLBACK THE .htaccess workflow
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/production/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess"
  only:
    - master

deploy_live:
  stage: deploy_live
  script:
    # Upload .htaccess for Waiting.
    - rsync -avz .htaccess_update_redirect sshusername@remote-server.com:./www/htdocs/your/live/directory/
    # Change .htaccess to .htaccess_live and .htaccess_update_redirect to .htaccess
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_live && mv .htaccess_update_redirect .htaccess"
    # Upload new files without .git directory, .gitlab-ci.yml und .htaccess'S files
    - rsync -avzuh -e ssh ./ sshusername@remote-server.com:./www/htdocs/your/live/directory/ --progress --exclude '.git' --exclude '.gitlab-ci.yml' --exclude '.htaccess'  --exclude '.htaccess_lock'
    # DB UPDATE EXAMPLE
    - curl --request GET --url 'https://your-url.com/dbupdate.php?security=123' && curl --request GET --url 'https://your-url.com/sendEmail.php?security=123'
    # ROLLBACK THE .htaccess workflow
    - ssh sshusername@remote-server.com "cd /www/htdocs/your/live/directory/ && mv .htaccess .htaccess_lock && mv .htaccess_live .htaccess"
  only:
    - develop

Views: 35