Created Deploy Key but still asking for username/password on git pull or git clone?

cHetterich · April 13, 2020, 6:17am

Hello!

I’m setting up CI/CD with a .gitlab-ci.yml file & running into some issues with deployment.

My goal is this:

Test stage

just run my mocha tests

Deploy stage

ssh to server
stop running the server
pull changes
restart the server

Tech Stack/Specs

I’m running a NodeJS server on an AWS EC2 instance.
The repository I am implementing CI/CD in is private
I didn’t set up anything special for the runner, so I assume my pipeline just runs on the Gitlab shared runners.

Issue

Test stage goes well, connecting to the server is fine, but it fails on trying to pull changes because it asks for a username/password.

I thought I set up my deployment key correctly, so I am confused why this is happening. The public machine key I used for my deployment key I got by using the command, ssh-keygen -y -f /path_to_key_pair/my-key-pair.pem, which I got from here.

From my understanding, I should be able to pull from the repo w/o a username/password when I ssh into the server (or CI/CD ssh’s into it) now that I have that deployment key set up. But it still asks for a username/password. I’ve tried finding the answer on my own to no avail & am lost now.

My .gitlab-ci.yml looks like this:

# Reference for building the CI/CD YAML file: https://docs.gitlab.com/ee/ci/yaml/README.html

stages:
 - test
 - deploy

# Run Tests
test_dev:
  stage: test
  image: node
  only:
    - development
  before_script:
    - echo -n "Starting Mocha Tests..."
  script:
    - npm install
    - npm test

# Deploy to development server
deploy_dev:
  stage: deploy
  image: node
  only:
   - development
  before_script:
   - mkdir -p ~/.ssh
   - echo -e "$DEV_DEPLOY_SSH_KEY" > ~/.ssh/id_rsa
   - chmod 600 ~/.ssh/id_rsa
   - ssh-keyscan $DEV_IP >> ~/.ssh/known_hosts
   - chmod 644 ~/.ssh/known_hosts
  script:
   - bash ./cicd/.gitlab-deploy-dev.sh

This is the ..gitlab-deploy-dev.sh file

# SSH into server, stop process, pull repo, restart server

echo "Deploy project on server $DEV_IP"
ssh ec2-user@$DEV_IP 'cd desktop/speed-dating-app-backend/ && pm2 stop all && git pull && pm2 start src/EntryPoint.js'

And finally, this is the error the runner ran into in the deployment stage (before this was just shutting down the server… I didn’t want to put my server’s IP in this post so I left everything before this out)

Super stumped on this issue and would be super grateful for a prompt resolution! Thanks!

nightman68 · April 13, 2020, 8:58am

The gitlab-runner by default is using HTTP(S) to fetch the repos. When you don’t want this you must disable it. Add this to your config:

  variables:
    GIT_STRATEGY: none

cHetterich · April 13, 2020, 4:53pm

Isn’t this just the strategy for the runner to get the repo though? My problem is when I ssh to the server. Also, I changed my .gitlab-deploy-dev.sh to do a git clone over ssh instead of doing a pull (so I am explicitly stating to do it over ssh) & get this issue:

 Cloning into 'speed-dating-app-backend'...
 Permission denied (publickey).
 fatal: Could not read from remote repository.
 Please make sure you have the correct access rights
 and the repository exists.

So it definitely seems to be an issue with permissions even though I have the Deploy Key set up

nightman68 · April 13, 2020, 7:53pm

yes that’s true, sorry I misinterpreted the screenshot.