SSH based Deployment
Sometimes using complex and modern platforms like Kubernetes, serverless systems, etc are not practical and quite painful to maintain for individual and smaller organization. Like many integrations that we provide, you can also deploy your code using SSH-based transfer.
Deployment is usually the last step of a pipeline after your code passed through various stages. Either you use your own scripting or use standard tools like Capistrano(Ruby), Fabric(Python), Deployer(PHP), or Rsync for deploying your code. The tools mentioned use SSH protocol and deploy your code over a secure channel.
How it works¶
The SSH private key that you upload in pipeline's variables section, is injected into each workflow run and already configured with correct permissions in
~/.ssh folder. You can simply run the commands that you usually would from your laptop to deploy your application to remote servers. For example, to restart an apache server on a remote host -
$ ssh [email protected] 'sudo service apache restart'
Razorops provides first-class support for SSH-based deployment and can be easily integrated within your pipeline. Please follow the following steps -
Generate SSH credentials if you don't have any
We recommend creating a new set of keys for deployment purposes and configuring your remote system with the public key as follows -
ssh-keygen -t rsa -b 4096 -C "[email protected]" mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go-rwx ~/.ssh/ nano ~/.ssh/authorized_keys
SSH credentials generally include private and public key pair in various formats. We support RSA, DSA, ECDSA, OPENSSH and ED25519 key formats currently.
Upload SSH private key in pipeline settings
Please login to the dashboard and navigate to a pipeline's variables section and click on "SSH Keys" tab. Afterward, you can upload the private key and specify the remote system FQDN or IPAddress. On successful upload, it will show the fingerprint impression of the private key.
Run commands on remote servers
You're almost done. Now you can use your favorite tool which works over SSH to perform deployment activities. Here is an example -
rsync -avz ./dist/ [email protected]$$SSH_HOST:~/dist/
If you're not using your own script, you can use various standard tools which use SSH under the hood -
You can use rsync to synchronize the files from the pipeline to the remote system. rsync is already part of our Linux-VM build environment, but if you're using a custom environment or your own docker image, it's pretty trivial to install -
# Ubuntu & Debian based Docker images sudo apt-get update && sudo apt-get install rsync # Alpine based Docker images apk update && apk add rsync
After you can simply transfer files using rsync or scp-
rsync -va --delete src/public/ $SSH_USER@$SSH_INSTANCE:www/public scp -r src/public $SSH_USER@$SSH_INSTANCE:~/www/public
If you have a Ruby-based application, Capistrano is an excellent deployment tool to ship software to single or multi machines in one go. Please follow the official guide on how to configure your project with Capistrano. As part of the pipeline, you can trigger deployment with -
bundle install cap install STAGES=production
If you have a Python-based application, Fabric is an excellent deployment tool to ship software to single or multi machines in one go. Please follow the official guide on how to configure your project with Fabric. As part of the pipeline, you can trigger deployment with -
pip install fabric fab deploy # uses fabfile.py
If you have a PHP-based application, Deployer is an excellent deployment tool to ship software to single or multi machines in one go. Please follow the official guide on how to configure your project with Deployer. As part of the pipeline, you can trigger deployment with -
composer require deployer/deployer dep deploy dep rollback # if pipeline fails
Docker and SSH¶
If you're running Docker based application and don't have sophisticated orchestration platforms like Kubernetes, Nomad, or Docker swarm, you can simply run commands on the remote system to pull the image and re-create containers -
steps: - run: | export CONTAINER_NAME=web-app # change as per yout app export IMAGE=acme/web-app:v1 # change as per your app ssh [email protected] <<'ENDSSH' docker pull $IMAGE docker stop $CONTAINER_NAME && docker rm $CONTAINER_NAME docker run --name=$CONTAINER_NAME --restart=always -v $PWD:/app -d $IMAGE ENDSSH
Ansible is an excellent tool to provision and configure your remote systems using a declarative manner over SSH protocol. You can execute ansible as part of the pipeline and ship your applications easily -
... steps: - run: | # Install ansible if not present in pipeline build environment sudo apt-get install software-properties-common sudo apt-add-repository ppa:ansible/ansible -y sudo apt-get update sudo apt-get install ansible # execute playbook ansible-playbook provisioning/playbook.yml