注意:我使用的是Capistrano 3.2.1和Rails 4.1.1。
基本上,由于我的远程服务器上的服务器权限安排,我需要Capistrano在默认情况下为所有任务附加sudo -u deploy-user。
这是我的config/deploy.rb文件:
# config valid only for Capistrano 3.1
set :stages, %w(qaenv production)
set :default_stage, 'production'
set :application, "my_rails_app"
set :repo_url, 'git@my-git-server.com:repositories/my_rails_app.git'
set :domain, "my-remote-server"
set :database, "mysql"
set :use_sudo, true
#set :user, "surya"
set :deploy_user, "deploy-user"
set :migration_user, "www"
set :sample_user, "sample"
set :ssh_options, { forward_agent: true, port: 2445 }
#set :deploy_via, :copy
set :deploy_to, "/var/www/#{fetch(:application)}"
set :branch, "master"
set :scm, :git
role :web, fetch(:domain) # Your HTTP server, Apache/etc
role :app, fetch(:domain) # This may be the same as your `Web` server
role :db, fetch(:domain), :primary => true # This is where Rails migrations will run
set :pty, true
set :log_level, :trace
set :sudo, ' -u deploy-user ' # I hoped that it'll work, but it doesn't
set :linked_files, %w{config/database.yml}
这是我得到的错误跟踪:
[surya@my-server my_rails_app]$ cap qaenv deploy:check:directories
INFO[0fe8c58d] Running /usr/bin/env mkdir -pv /var/www/my_rails_app/shared /var/www/my_rails_app/releases on my-remote-server
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
Password: MySecretPassword
cap aborted!
Exception while executing on host my-remote-server: Authentication failed for user deploy-user@my-remote-server
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/net-ssh-2.9.1/lib/net/ssh.rb:219:in `start'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/connection_pool.rb:50:in `call'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/connection_pool.rb:50:in `create_new_entry'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/connection_pool.rb:22:in `checkout'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/netssh.rb:179:in `with_ssh'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/netssh.rb:131:in `block in _execute'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/netssh.rb:128:in `tap'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/netssh.rb:128:in `_execute'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/netssh.rb:66:in `execute'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/capistrano-3.2.1/lib/capistrano/tasks/deploy.rake:47:in `block (4 levels) in <top (required)>'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/netssh.rb:54:in `instance_exec'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/backends/netssh.rb:54:in `run'
/usr/local/rvm/gems/ruby-2.1.2-p95/gems/sshkit-1.5.1/lib/sshkit/runners/parallel.rb:13:in `block (2 levels) in execute'
Tasks: TOP => deploy:check:directories
(See full trace by running task with --trace)
[surya@my-server my_rails_app]$
如果您查看错误跟踪行:
INFO[0fe8c58d] Running /usr/bin/env mkdir -pv /var/www/my_rails_app/shared /var/www/my_rails_app/releases on my-remote-server
Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text.
Password: MySecretPassword
cap aborted!
Exception while executing on host my-remote-server: Authentication failed for user deploy-user@my-remote-server
它试图运行:
/usr/bin/env mkdir -pv /var/www/my_rails_app/shared /var/www/my_rails_app/releases
我想让它做的是:
sudo -u deploy-user /usr/bin/env mkdir -pv /var/www/my_rails_app/shared /var/www/my_rails_app/releases
我该怎么做才能确保我的所有cap任务都使用sudo -u deploy-user运行?
确保您的部署用户具有无密码的sudo访问权限,并在deploy.rb文件中确保use_sudo设置为true。
首先,将其添加到deploy.rb文件中。
set :use_sudo, true
然后编辑您的sudoers文件,并为您的部署用户提供无密码的sudo。只需打开sudoers文件:
sudo visudo
然后将这一行添加到文件的底部(假设您的用户名为"deploy")
deploy ALL=(ALL) NOPASSWD:ALL
注意:这不应该轻易做到。这是一个安全风险,在你这样做之前,你应该了解其中的含义。当然,如果你需要部署用户访问sudo,那么这就是你的做法。有关为什么无密码sudo不好的更多详细信息,请查看文档:
http://capistranorb.com/documentation/getting-started/authentication-and-authorisation/#authorisation