CI Deployment error even google doesn't know = key_load_file: Bad file descriptor

Hi,

I’m trying to run CI/CD from gitlab to digital ocean server. Mostly it seems ok, web is running, I can manually checkout the repository, do any git operations, etc. Only thing which is not working is CI/CD.

It always fails on this: key_load_file: Bad file descriptor

ofc I tried google, but seems like this error wasn’t bothering anyone in the past which I find incredible…

.gitlab-ci.yml looks like this:

stages:
  - deploy

deploy_production:
  variables:
CI_DEBUG_TRACE: "true"
  stage: deploy
  environment: Production
  image: node:8.9
  only:
- master
  script:
- 'which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )'
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan zlatypisek.cz >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
- ssh root@zlatypisek.cz "
  cd /var/www/zlatypisek &&
  git fetch --all &&
  git checkout $CI_COMMIT_SHORT_SHA &&
  composer install &&
  npm install &&
  npm run prod &&
  php artisan migrate &&
  php artisan cache:clear &&
  php artisan config:clear &&
  php artisan view:clear &&
  php artisan route:clear
  "

The output is then:

Running with gitlab-runner 13.7.0-rc1 (98e2e32d)

[2](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L2) on docker-auto-scale 72989761

[3](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L3)Preparing the "docker+machine" executor

[4](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L4)Using Docker executor with image node:8.9 ...

[5](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L5)Pulling docker image node:8.9 ...

[6](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L6)Using docker image sha256:672002a50a0b96b7b74190aea84739592ea0f83819e40a47b4b31ce5d9c31b28 for node:8.9 with digest node@sha256:5afc7736a71bcf24281d9dbff878c771106e0791d56949b1a4e8d27c50424283 ...

[8](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L8)Preparing environment

[9](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L9)Running on runner-72989761-project-23418518-concurrent-0 via runner-72989761-srm-1609687521-18b6edf7...

[11](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L11)Getting source from Git repository

[12](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L12)$ eval "$CI_PRE_CLONE_SCRIPT"

[13](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L13)Fetching changes with git depth set to 50...

[14](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L14)Initialized empty Git repository in /builds/CeeeCZ/zlatypisek/.git/

[15](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L15)Created fresh repository.

[16](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L16)Checking out b28b07f8 as master...

[17](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L17)Skipping Git submodules setup

[19](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L19)Executing "step_script" stage of the job script

[20](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L20)$ which ssh-agent || ( apt-get update -y && apt-get install openssh-client -y )

[21](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L21)/usr/bin/ssh-agent

[22](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L22)$ eval $(ssh-agent -s)

[23](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L23)Agent pid 12

[24](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L24)$ echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > ssh-add -

[25](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L25)Identity added: (stdin) (myemail@gmail.com)

[26](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L26)key_load_file: Bad file descriptor

[28](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L28)Cleaning up file based variables

[30](https://gitlab.com/CeeeCZ/zlatypisek/-/jobs/941373405#L30)ERROR: Job failed: exit code 1

tried to look into all possible logs, but nothing even remotely connected is in there. I’d be extremely thankful for any suggestions and tips since I’m probably at the end of my skill options here.

Thank you very much!!!

What is this line attempting to perform?

echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > ssh-add -

Running it standalone in a bash shell will produce the same error. It looks like you’re redirecting stdout of the ssh-add command, to another command which also expects a stdin (a second time), which results in the bad file descriptor error when it tries to read.

Perhaps you intended to place a filename here instead of repeating the same command?

That is actually correct! I mean your answer. My friend pointed me the same direction as well. I took this specific line from other older project, shame on me. But it works there, for some reason… I’m currently trying to figure it out the right syntax to whaat I need and try to report the solution here afterwards. Thanks a ton!

As far as I can tell, the output of ssh-add does not seem to be a correct input format for another ssh-add. It looks like the goal is to add the key to ssh-add, which the part before the redirect achieves well.

The commands used are similar to the ones documented at Using SSH keys with GitLab CI/CD | GitLab

Yeah you are right. Probably looking into it for 20 hours straight lowered my ability too see what is right in front of me :)).

I solved it by two changes - first fixed that mistake you pointed out just by:

   - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null

then I noticed I’m setting known hosts twice for … I don’t really know what reason. So I left only

 ssh-keyscan zlatypisek.cz >> ~/.ssh/known_hosts

and then it worked! Sometimes a hint and few hours of sleep will do the magic. Thank you again :slight_smile: