PS.
I've now cloned my repository manually onto my prod Linux box (under /repos)
and updated deploy.config to reflect this. That is when the cap scripts are
running on my prod box it should call out to itself now for git repository.
I still get an authentication issue however (see below). There must be a
difference re ssh login between when a script runs the git command, and when
I manually run it?
----------prod messages log------------
Feb 6 16:52:00 home sshd_local(pam_unix)[10814]: session opened for user
root by (uid=0)
Feb 6 16:52:00 home sshd_local(pam_unix)[10814]: session closed for user
root
Feb 6 16:52:02 home sshd_local(pam_unix)[10833]: session opened for user
root by (uid=0)
Feb 6 16:52:03 home sshd_local(pam_unix)[10856]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=home.gregnet.org user=root
Feb 6 16:52:05 home sshd_local(pam_unix)[10857]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=home.gregnet.org user=root
Feb 6 16:52:07 home sshd_local(pam_unix)[10858]: authentication failure;
logname= uid=0 euid=0 tty=ssh ruser= rhost=home.gregnet.org user=root
Feb 6 16:52:10 home sshd_local(pam_unix)[10833]: session closed for user
root
-------prod secure log -----------------
Feb 6 16:55:12 home sshd_local[11041]: Accepted publickey for root from
::ffff:10.1.1.145 port 51107 ssh2
Feb 6 16:55:17 home sshd_local[11060]: Accepted publickey for root from
::ffff:10.1.1.145 port 51108 ssh2
Feb 6 16:55:17 home sshd_local[11082]: Postponed keyboard-interactive for
root from ::ffff:10.1.1.1 port 43930 ssh2
Feb 6 16:55:20 home sshd_local[11081]: error: PAM: Authentication failure
for root from home.gregnet.org
Feb 6 16:55:20 home sshd_local[11082]: Postponed keyboard-interactive for
root from ::ffff:10.1.1.1 port 43930 ssh2
Feb 6 16:55:22 home sshd_local[11081]: error: PAM: Authentication failure
for root from home.gregnet.org
Feb 6 16:55:22 home sshd_local[11082]: Postponed keyboard-interactive for
root from ::ffff:10.1.1.1 port 43930 ssh2
Feb 6 16:55:24 home sshd_local[11081]: error: PAM: Authentication failure
for root from home.gregnet.org
Feb 6 16:55:24 home sshd_local[11082]: Connection closed by ::ffff:10.1.1.1
----------capistrano output ---------------
Macintosh-2:equity greg$ cap deploy:update
* executing `deploy:update'
** transaction: start
* executing `deploy:update_code'
updating the cached checkout on all servers
executing locally: "git ls-remote [email protected]:/repos/equity/.git HEAD"
Enter passphrase for key '/Users/greg/.ssh/id_rsa':
* executing "if [ -d /u/apps/equity/shared/cached-copy ]; then cd
/u/apps/equity/shared/cached-copy && git fetch -q origin && git reset -q
--hard 7e92223c93c6f9019acd54d042fc8d348aa62a53; else git clone -q
[email protected]:/repos/equity/.git /u/apps/equity/shared/cached-copy && cd
/u/apps/equity/shared/cached-copy && git checkout -q -b deploy
7e92223c93c6f9019acd54d042fc8d348aa62a53; fi"
servers: ["10.1.1.1"]
Enter passphrase for /Users/greg/.ssh/id_rsa:
[[email protected]] executing command
** [10.1.1.1 :: err] Permission denied
(publickey,gssapi-with-mic,keyboard-interactive).
** [10.1.1.1 :: err] fatal: The remote end hung up unexpectedly
command finished
*** [deploy:update_code] rolling back
* executing "rm -rf /u/apps/equity/releases/20090206065213; true"
servers: ["10.1.1.1"]
[[email protected]] executing command
command finished
failed: "sh -c \"if [ -d /u/apps/equity/shared/cached-copy ]; then cd
/u/apps/equity/shared/cached-copy && git fetch -q origin && git reset -q
--hard 7e92223c93c6f9019acd54d042fc8d348aa62a53; else git clone -q
[email protected]:/repos/equity/.git /u/apps/equity/shared/cached-copy && cd
/u/apps/equity/shared/cached-copy && git checkout -q -b deploy
7e92223c93c6f9019acd54d042fc8d348aa62a53; fi\"" on [email protected]
2009/2/6 Greg Hauptmann <[email protected]>
> Hi guys,
>
> I'm stuck on this. I can ssh into my target prod server, and from there
> ssh into my repo server (for git) fine. When I run "cap deploy:update" it
> seems when the capistrano scripts running on my target prod server get a "
> *failed password*" when trying to access the repo server??? Any
> ideas??? Here's a tail of the secure.log on the repo server for both
> cases.
>
> ---------- repo server log when "manually ssh'ing in from prod server to
> repo server" -------------------
> Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
> succeeded, creating credential for user greg
> Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: checkpw()
> succeeded, creating shared credential for user greg
> Feb 6 15:23:18 Macintosh-2 com.apple.SecurityServer[21]: Succeeded
> authorizing right system.login.tty by client /usr/sbin/sshd for
> authorization created by /usr/sbin/sshd.
> Feb 6 15:23:18 Macintosh-2 sshd[2372]: *Accepted keyboard-interactive/pam
> for greg* from 10.1.1.1 port 49636 ssh2
>
> --------- repo server log when capistrano is trying to access repo server
> from prod server ------------
> Feb 6 15:23:53 Macintosh-2 sshd[2414]: error: *PAM: Authentication
> failure for greg from home.gregsdomainname.org*
> Feb 6 15:23:53: --- last message repeated 2 times ---
> Feb 6 15:23:53 Macintosh-2 sshd[2414]: Failed password for greg from
> 10.1.1.1 port 50366 ssh2
>
> --------- cap console out ---------------------
> Macintosh-2:equity greg$ cap deploy:update
> * executing `deploy:update'
> ** transaction: start
> * executing `deploy:update_code'
> updating the cached checkout on all servers
> executing locally: "git ls-remote . HEAD"
> * executing "if [ -d /u/apps/equity/shared/cached-copy ]; then cd
> /u/apps/equity/shared/cached-copy && git fetch -q origin && git reset -q
> --hard 581568057e9bc8d41a9681c15ad27d778faa551b; else git clone -q
> [email protected]:/Users/greg/source/equity/.git
> /u/apps/equity/shared/cached-copy && cd /u/apps/equity/shared/cached-copy &&
> git checkout -q -b deploy 581568057e9bc8d41a9681c15ad27d778faa551b; fi"
> servers: ["10.1.1.1"]
> Enter passphrase for /Users/greg/.ssh/id_rsa:
> [[email protected]] executing command
> ** [10.1.1.1 :: err] Permission denied, please try again.
> ** [10.1.1.1 :: err] Permission denied, please try again.
> ** [10.1.1.1 :: err] Permission denied
> (publickey,password,keyboard-interactive).
> ** [10.1.1.1 :: err] fatal: The remote end hung up unexpectedly
> command finished
> *** [deploy:update_code] rolling back
> * executing "rm -rf /u/apps/equity/releases/20090206051539; true"
> servers: ["10.1.1.1"]
> [[email protected]] executing command
> command finished
> failed: "sh -c \"if [ -d /u/apps/equity/shared/cached-copy ]; then cd
> /u/apps/equity/shared/cached-copy && git fetch -q origin && git reset -q
> --hard 581568057e9bc8d41a9681c15ad27d778faa551b; else git clone -q
> [email protected]:/Users/greg/source/equity/.git
> /u/apps/equity/shared/cached-copy && cd /u/apps/equity/shared/cached-copy &&
> git checkout -q -b deploy 581568057e9bc8d41a9681c15ad27d778faa551b; fi\"" on
> [email protected]
>
> Summary of Configuration
> ====================
> * Have two machines:
> - MacBook = Development & Git Repository
> - Linux Box (Redhat) = Target Prod Server
> * So the Linux box is calling back to the same Macbook for the repository.
> "cap deploy"[MacBook"] ===> "runs commands"[Linux Box] ==> "Git
> Repo"[MacBook]
>
> My MacBook /etc/ssh_config
> =========================
> Macintosh-2:etc greg$ cat /etc/ssh_config
> # Host *
> # ForwardAgent no
> # ForwardX11 no
> # RhostsRSAAuthentication no
> # RSAAuthentication yes
> PasswordAuthentication yes
> # HostbasedAuthentication no
> # GSSAPIAuthentication yes
> # GSSAPIDelegateCredentials no
> # GSSAPIKeyExchange yes
> # GSSAPITrustDNS no
> # BatchMode no
> # CheckHostIP yes
> # AddressFamily any
> # ConnectTimeout 0
> # StrictHostKeyChecking ask
> # IdentityFile ~/.ssh/identity
> # IdentityFile ~/.ssh/id_rsa
> # IdentityFile ~/.ssh/id_dsa
> # Port 22
> # Protocol 2,1
> # Cipher 3des
> # Ciphers
> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
> # EscapeChar ~
> # Tunnel no
> # TunnelDevice any:any
> # PermitLocalCommand no
>
>
>
>
> Thanks
>
>
>
>
>
>
>
>
>
>
>
>
--
Greg
http://blog.gregnet.org/
--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---
