thanks again Jamis - hopefully the thread will be a useful to others too - I'm nearly there & with the info you've given I'm in a much better position to be self-sufficient. Have a great weekend. Greg
2009/2/8 Jamis Buck <[email protected]> > > By default, Capistrano WILL load ~/.bashrc for each command (since > about cap 2.4 or so). However, this default causes problems with > interactive processes, like sudo or svn or other processes that may > want to prompt for input. Thus, it is common for people to tell > Capistrano to request a pty from the server, via > default_run_options[:pty] = true. However, when cap requests a pty, > the shell will not load the user's profile script. > > There's no good solution for this, except to NOT rely on your .bashrc > (or similar) script. What kinds of things are you expecting to be set > that way? > > You can mimic a pty-less SSH session like this: > > ssh -T host.com "git clone -q /repos/equity/.git /tmp/test" > > Likewise, you can mimic SSH session with pty-allocation like this: > > ssh -t host.com "git clone -q /repos/equity/.git /tmp/test" > > (pty-allocation is the default for openssh, but the difference there > is that ssh requests an interactive user shell, and capistrano does > not.) > > This will probably be my last email on this thread. I do not know what > else I can suggest. > > - Jamis > > On Sat, Feb 7, 2009 at 1:48 PM, Greg Hauptmann > <[email protected]> wrote: > > Hi Jamis, > > First thanks for responding so fully, it's very impressive. Here's my > > responses, BUT have a look at the last few comments....I had some > progress, > > although I don't know why. > > > > 2009/2/8 Jamis Buck <[email protected]> > >> > >> > Feb 6 20:36:24 home sshd_local(pam_unix)[26758]: session opened for > >> > user > >> > root by (uid=0) > >> > Feb 6 20:36:25 home sshd_local(pam_unix)[26758]: session closed for > >> > user > >> > root > >> > >> This is really weird to me. It looks like your syslog is logging to > >> the console? Anyway, I'm ignoring it, but if you don't know what it's > >> from either, maybe you'll want to investigate it since it might be a > >> further symptom of the problem you're having. > > > > Sorry, should have made it clear I'd copy/pasted this from a system log > > file. > >> > >> git clone -q [email protected]:/repos/equity/.git > >> /u/apps/equity/shared/cached-copy > >> > >> Well, there are two interesting things here, to me. The first is that > >> you're using 'root' to log in for git. Not seeing the rest of your > >> deploy.rb, I have to ask: are setting the :user variable to root, > >> also? In other words, are the remote commands being executed as root, > >> or as some other user? (I won't get into the severe security issues > >> with ever ssh'ing into a server as root.) > > > > Should be ok I think. Here is my deploy.rb > > > > set :application, "equity" > > set :repository, "[email protected]:/repos/equity/.git" > > set :scm, :git > > set :deploy_via, :remote_cache > > role :app, "[email protected]" > > role :web, "[email protected]" > > role :db, "[email protected]", :primary => true > > > > As a side note, take your point re security. I think I had a hiccup when > > trying to move to non-root and gave up (should have another crack at > this). > > I should point-out this is all on my internal network however, nothing > > exposed. > > > >> > >> The other interesting thing is that the remote host and the repository > >> host are the same. > > > > In fact at first I had my repository on my local server (i.e. so the > remote > > server would have be calling out via git to the local server), however I > had > > the same problem. It was after this I thought I would "clone" a copy of > the > > repo to the remote server so the git call would be remote server => > remote > > server. I tried to setup the git repository location as a local file > path > > but this didn't seem to work > > > >> > >> * If you log into 10.1.1.1 as whichever user you're deploying as > >> (root?) and then try to ssh FROM THERE to 10.1.1.1 AS ROOT, does it > >> prompt you for a password? If not, does the log in succeed? > > > > > > Yes is succeeds. Works fine > > > >> > >> * Assuming you can ssh from 10.1.1.1 to 10.1.1.1 as root, can you > >> execute the "git clone" command that cap is trying to do? Log into > >> 10.1.1.1 (as your deploy user), and then try the execute the following > >> command: "git clone -q [email protected]:/repos/equity/.git /tmp/test" > > > > This works fine (i.e. this is where I manually took the capistrano output > > from a dry run and executed on the remote host and everything worked > fine) > > > >> > >> Lastly, since the repo URL is the same as the remote host, you might > >> want to consider this reconfiguration. Instead of setting the > >> :repository variable to "[email protected]:/repos/equity/.git" (and, > >> assuming your deploy user is "root", too), you might try this: > >> > >> set :repository, "/repos/equity/.git" > >> set :local_repository, "[email protected]:/repos/equity/.git" > > > > Unfortunately this didn't work either :( > > > > Jamis, I'm not a unix guru but I'm wondering if there is a difference in > how > > an interactive session's shell is handled versus an automated session. > That > > is, it's the shell profile derived from some file's like .profile or > > something when you manually login, but if it were a script it might use > > .bashrc or something? If there were a difference then me logging on as > root > > and running the commands would not be a valid test of what capistrano is > > trying to do? Make any sense. This is the only thing I can think of at > the > > moment. Is there a way to take a single command (e.g. "git clone -q > > /repos/equity/.git /u/apps/equity/shared/cached-copy") and run this from > my > > local server directly that would emulate capistrano (i.e. this would be > > something I could post on a unix forum and I wouldn't get the question, > we > > need to see the capistrano scripts to see what's happening). > > Here's some background info. > > * testing manually on remote server > > > > [r...@home ~]# cd /u/apps/equity/shared > > [r...@home shared]# ls -l > > total 3 > > drwxrwxr-x 2 root root 1024 Feb 7 21:25 log > > drwxrwxr-x 2 root root 1024 Feb 6 06:25 pids > > drwxrwxr-x 2 root root 1024 Feb 6 06:25 system > > [r...@home shared]# > > [r...@home shared]# git clone -q /repos/equity/.git > > /u/apps/equity/shared/cached-copy > > [r...@home shared]# echo "ie this worked ok" > > ie this worked ok > > [r...@home shared]# > > > > * current deploy.config > > > > Macintosh-2:equity greg$ cat config/deploy.rb > > set :application, "equity" > > set :repository, "/repos/equity/.git" > > set :local_repository, "[email protected]:/repos/equity/.git" > > set :scm, :git > > set :deploy_via, :remote_cache > > role :app, "[email protected]" > > role :web, "[email protected]" > > role :db, "[email protected]", :primary => true > > > > * last cap run output => OMG. Just as I repeated the same cap deploy > > command again to do a copy/paste it seems to have got further. I have no > > idea why... > > > > Macintosh-2:equity greg$ cap deploy > > * executing `deploy' > > * executing `deploy:update' > > ** transaction: start > > * executing `deploy:update_code' > > updating the cached checkout on all servers > > executing locally: "git ls-remote [email protected]:/repos/equity/.git > HEAD" > > * executing "if [ -d /u/apps/equity/shared/cached-copy ]; then cd > > /u/apps/equity/shared/cached-copy && git fetch -q origin && git reset -q > > --hard 7e92223c93c6f9019acd54d042fc8d348aa62a53; else git clone -q > > /repos/equity/.git /u/apps/equity/shared/cached-copy && cd > > /u/apps/equity/shared/cached-copy && git checkout -q -b deploy > > 7e92223c93c6f9019acd54d042fc8d348aa62a53; fi" > > servers: ["10.1.1.1"] > > Enter passphrase for /Users/greg/.ssh/id_rsa: > > [[email protected]] executing command > > command finished > > copying the cached version to /u/apps/equity/releases/20090207204308 > > * executing "cp -RPp /u/apps/equity/shared/cached-copy > > /u/apps/equity/releases/20090207204308 && (echo > > 7e92223c93c6f9019acd54d042fc8d348aa62a53 > > > /u/apps/equity/releases/20090207204308/REVISION)" > > servers: ["10.1.1.1"] > > [[email protected]] executing command > > command finished > > * executing `deploy:finalize_update' > > * executing "chmod -R g+w /u/apps/equity/releases/20090207204308" > > servers: ["10.1.1.1"] > > [[email protected]] executing command > > command finished > > * executing "rm -rf /u/apps/equity/releases/20090207204308/log > > /u/apps/equity/releases/20090207204308/public/system > > /u/apps/equity/releases/20090207204308/tmp/pids &&\\\n mkdir -p > > /u/apps/equity/releases/20090207204308/public &&\\\n mkdir -p > > /u/apps/equity/releases/20090207204308/tmp &&\\\n ln -s > > /u/apps/equity/shared/log /u/apps/equity/releases/20090207204308/log > &&\\\n > > ln -s /u/apps/equity/shared/system > > /u/apps/equity/releases/20090207204308/public/system &&\\\n ln -s > > /u/apps/equity/shared/pids > /u/apps/equity/releases/20090207204308/tmp/pids" > > servers: ["10.1.1.1"] > > [[email protected]] executing command > > command finished > > * executing "find /u/apps/equity/releases/20090207204308/public/images > > /u/apps/equity/releases/20090207204308/public/stylesheets > > /u/apps/equity/releases/20090207204308/public/javascripts -exec touch -t > > 200902072043.10 {} ';'; true" > > servers: ["10.1.1.1"] > > [[email protected]] executing command > > command finished > > * executing `deploy:symlink' > > * executing "rm -f /u/apps/equity/current && ln -s > > /u/apps/equity/releases/20090207204308 /u/apps/equity/current" > > servers: ["10.1.1.1"] > > [[email protected]] executing command > > command finished > > ** transaction: commit > > * executing `deploy:restart' > > * executing "sudo -p 'sudo password: ' -u app > > /u/apps/equity/current/script/process/reaper" > > servers: ["10.1.1.1"] > > [[email protected]] executing command > > *** [err :: [email protected]] sudo: no passwd entry for app! > > *** [err :: [email protected]] > > command finished > > failed: "sh -c \"sudo -p 'sudo password: ' -u app > > /u/apps/equity/current/script/process/reaper\"" on [email protected] > > Macintosh-2:equity greg$ > > > > > > I'll try to follow up myself with solving the last one. I think I > remember > > a cap sudo config parameter that could be set. I'll look this > up.......at > > least I'm further down the track now :) :) > > > > REgards > > Greg > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- Greg http://blog.gregnet.org/ --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
