By default, Capistrano WILL load ~/.bashrc for each command (since about cap 2.4 or so). However, this default causes problems with interactive processes, like sudo or svn or other processes that may want to prompt for input. Thus, it is common for people to tell Capistrano to request a pty from the server, via default_run_options[:pty] = true. However, when cap requests a pty, the shell will not load the user's profile script.
There's no good solution for this, except to NOT rely on your .bashrc (or similar) script. What kinds of things are you expecting to be set that way? You can mimic a pty-less SSH session like this: ssh -T host.com "git clone -q /repos/equity/.git /tmp/test" Likewise, you can mimic SSH session with pty-allocation like this: ssh -t host.com "git clone -q /repos/equity/.git /tmp/test" (pty-allocation is the default for openssh, but the difference there is that ssh requests an interactive user shell, and capistrano does not.) This will probably be my last email on this thread. I do not know what else I can suggest. - Jamis On Sat, Feb 7, 2009 at 1:48 PM, Greg Hauptmann <[email protected]> wrote: > Hi Jamis, > First thanks for responding so fully, it's very impressive. Here's my > responses, BUT have a look at the last few comments....I had some progress, > although I don't know why. > > 2009/2/8 Jamis Buck <[email protected]> >> >> > Feb 6 20:36:24 home sshd_local(pam_unix)[26758]: session opened for >> > user >> > root by (uid=0) >> > Feb 6 20:36:25 home sshd_local(pam_unix)[26758]: session closed for >> > user >> > root >> >> This is really weird to me. It looks like your syslog is logging to >> the console? Anyway, I'm ignoring it, but if you don't know what it's >> from either, maybe you'll want to investigate it since it might be a >> further symptom of the problem you're having. > > Sorry, should have made it clear I'd copy/pasted this from a system log > file. >> >> git clone -q [email protected]:/repos/equity/.git >> /u/apps/equity/shared/cached-copy >> >> Well, there are two interesting things here, to me. The first is that >> you're using 'root' to log in for git. Not seeing the rest of your >> deploy.rb, I have to ask: are setting the :user variable to root, >> also? In other words, are the remote commands being executed as root, >> or as some other user? (I won't get into the severe security issues >> with ever ssh'ing into a server as root.) > > Should be ok I think. Here is my deploy.rb > > set :application, "equity" > set :repository, "[email protected]:/repos/equity/.git" > set :scm, :git > set :deploy_via, :remote_cache > role :app, "[email protected]" > role :web, "[email protected]" > role :db, "[email protected]", :primary => true > > As a side note, take your point re security. I think I had a hiccup when > trying to move to non-root and gave up (should have another crack at this). > I should point-out this is all on my internal network however, nothing > exposed. > >> >> The other interesting thing is that the remote host and the repository >> host are the same. > > In fact at first I had my repository on my local server (i.e. so the remote > server would have be calling out via git to the local server), however I had > the same problem. It was after this I thought I would "clone" a copy of the > repo to the remote server so the git call would be remote server => remote > server. I tried to setup the git repository location as a local file path > but this didn't seem to work > >> >> * If you log into 10.1.1.1 as whichever user you're deploying as >> (root?) and then try to ssh FROM THERE to 10.1.1.1 AS ROOT, does it >> prompt you for a password? If not, does the log in succeed? > > > Yes is succeeds. Works fine > >> >> * Assuming you can ssh from 10.1.1.1 to 10.1.1.1 as root, can you >> execute the "git clone" command that cap is trying to do? Log into >> 10.1.1.1 (as your deploy user), and then try the execute the following >> command: "git clone -q [email protected]:/repos/equity/.git /tmp/test" > > This works fine (i.e. this is where I manually took the capistrano output > from a dry run and executed on the remote host and everything worked fine) > >> >> Lastly, since the repo URL is the same as the remote host, you might >> want to consider this reconfiguration. Instead of setting the >> :repository variable to "[email protected]:/repos/equity/.git" (and, >> assuming your deploy user is "root", too), you might try this: >> >> set :repository, "/repos/equity/.git" >> set :local_repository, "[email protected]:/repos/equity/.git" > > Unfortunately this didn't work either :( > > Jamis, I'm not a unix guru but I'm wondering if there is a difference in how > an interactive session's shell is handled versus an automated session. That > is, it's the shell profile derived from some file's like .profile or > something when you manually login, but if it were a script it might use > .bashrc or something? If there were a difference then me logging on as root > and running the commands would not be a valid test of what capistrano is > trying to do? Make any sense. This is the only thing I can think of at the > moment. Is there a way to take a single command (e.g. "git clone -q > /repos/equity/.git /u/apps/equity/shared/cached-copy") and run this from my > local server directly that would emulate capistrano (i.e. this would be > something I could post on a unix forum and I wouldn't get the question, we > need to see the capistrano scripts to see what's happening). > Here's some background info. > * testing manually on remote server > > [r...@home ~]# cd /u/apps/equity/shared > [r...@home shared]# ls -l > total 3 > drwxrwxr-x 2 root root 1024 Feb 7 21:25 log > drwxrwxr-x 2 root root 1024 Feb 6 06:25 pids > drwxrwxr-x 2 root root 1024 Feb 6 06:25 system > [r...@home shared]# > [r...@home shared]# git clone -q /repos/equity/.git > /u/apps/equity/shared/cached-copy > [r...@home shared]# echo "ie this worked ok" > ie this worked ok > [r...@home shared]# > > * current deploy.config > > Macintosh-2:equity greg$ cat config/deploy.rb > set :application, "equity" > set :repository, "/repos/equity/.git" > set :local_repository, "[email protected]:/repos/equity/.git" > set :scm, :git > set :deploy_via, :remote_cache > role :app, "[email protected]" > role :web, "[email protected]" > role :db, "[email protected]", :primary => true > > * last cap run output => OMG. Just as I repeated the same cap deploy > command again to do a copy/paste it seems to have got further. I have no > idea why... > > Macintosh-2:equity greg$ cap deploy > * executing `deploy' > * executing `deploy:update' > ** transaction: start > * executing `deploy:update_code' > updating the cached checkout on all servers > executing locally: "git ls-remote [email protected]:/repos/equity/.git HEAD" > * executing "if [ -d /u/apps/equity/shared/cached-copy ]; then cd > /u/apps/equity/shared/cached-copy && git fetch -q origin && git reset -q > --hard 7e92223c93c6f9019acd54d042fc8d348aa62a53; else git clone -q > /repos/equity/.git /u/apps/equity/shared/cached-copy && cd > /u/apps/equity/shared/cached-copy && git checkout -q -b deploy > 7e92223c93c6f9019acd54d042fc8d348aa62a53; fi" > servers: ["10.1.1.1"] > Enter passphrase for /Users/greg/.ssh/id_rsa: > [[email protected]] executing command > command finished > copying the cached version to /u/apps/equity/releases/20090207204308 > * executing "cp -RPp /u/apps/equity/shared/cached-copy > /u/apps/equity/releases/20090207204308 && (echo > 7e92223c93c6f9019acd54d042fc8d348aa62a53 > > /u/apps/equity/releases/20090207204308/REVISION)" > servers: ["10.1.1.1"] > [[email protected]] executing command > command finished > * executing `deploy:finalize_update' > * executing "chmod -R g+w /u/apps/equity/releases/20090207204308" > servers: ["10.1.1.1"] > [[email protected]] executing command > command finished > * executing "rm -rf /u/apps/equity/releases/20090207204308/log > /u/apps/equity/releases/20090207204308/public/system > /u/apps/equity/releases/20090207204308/tmp/pids &&\\\n mkdir -p > /u/apps/equity/releases/20090207204308/public &&\\\n mkdir -p > /u/apps/equity/releases/20090207204308/tmp &&\\\n ln -s > /u/apps/equity/shared/log /u/apps/equity/releases/20090207204308/log &&\\\n > ln -s /u/apps/equity/shared/system > /u/apps/equity/releases/20090207204308/public/system &&\\\n ln -s > /u/apps/equity/shared/pids /u/apps/equity/releases/20090207204308/tmp/pids" > servers: ["10.1.1.1"] > [[email protected]] executing command > command finished > * executing "find /u/apps/equity/releases/20090207204308/public/images > /u/apps/equity/releases/20090207204308/public/stylesheets > /u/apps/equity/releases/20090207204308/public/javascripts -exec touch -t > 200902072043.10 {} ';'; true" > servers: ["10.1.1.1"] > [[email protected]] executing command > command finished > * executing `deploy:symlink' > * executing "rm -f /u/apps/equity/current && ln -s > /u/apps/equity/releases/20090207204308 /u/apps/equity/current" > servers: ["10.1.1.1"] > [[email protected]] executing command > command finished > ** transaction: commit > * executing `deploy:restart' > * executing "sudo -p 'sudo password: ' -u app > /u/apps/equity/current/script/process/reaper" > servers: ["10.1.1.1"] > [[email protected]] executing command > *** [err :: [email protected]] sudo: no passwd entry for app! > *** [err :: [email protected]] > command finished > failed: "sh -c \"sudo -p 'sudo password: ' -u app > /u/apps/equity/current/script/process/reaper\"" on [email protected] > Macintosh-2:equity greg$ > > > I'll try to follow up myself with solving the last one. I think I remember > a cap sudo config parameter that could be set. I'll look this up.......at > least I'm further down the track now :) :) > > REgards > Greg > > > > > > > > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
