Open nemonik opened 7 years ago
@nemonik What is your drone version (latest) ?
Drone v0.5
Specifically
➜ ~ docker images | grep drone
drone/drone 0.5 a8f47231e47e 6 weeks ago 26.3 MB
drone cli version
➜ ~ drone -v
drone version 0.5.0+dev
Docker info:
➜ ~ docker info
Containers: 36
Running: 13
Paused: 0
Stopped: 23
Images: 85
Server Version: 1.13.0
Storage Driver: overlay
Backing Filesystem: xfs
Supports d_type: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Swarm: active
NodeID: 8ld3vo1wypixghhzxx7x53fd2
Is Manager: true
ClusterID: c74e0jm5efzrpt45tagk9bjmz
Managers: 1
Nodes: 4
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 3
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Node Address: 10.205.45.208
Manager Addresses:
10.205.45.208:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 03e5862ec0d8d3b3f750e19fca3ee367e13c090e
runc version: 2f7393a47307a16f8cee44a37b262e8b81021e3e
init version: 949e6fa
Security Options:
seccomp
Profile: default
Kernel Version: 3.10.0-514.6.1.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.64 GiB
Name: example
ID: KJVX:RIKV:EDJY:PGKQ:I7BR:GYF3:HQCD:X6DF:ULIL:IOJK:XPNL:LD24
Docker Root Dir: /docker/var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Experimental: false
Insecure Registries:
example.dev:5000
127.0.0.0/8
Live Restore Enabled: false
Could you help me try the latest drone-ssh
image?
deploy:
+ pull: true
image: appleboy/drone-ssh
I did that and also removed the image so it would pull the newest appleboy/drone-ssh.
2017/02/10 12:47:02 example.dev: commands: whoami
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x54e043]
goroutine 5 [running]:
panic(0x62b220, 0xc42000a060)
/usr/local/go/src/runtime/panic.go:500 +0x1a1
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.publicKeyCallback.auth(0xc4200118c0, 0xc4200bc720, 0x20, 0x20, 0xc42000abd0, 0x7, 0x772a00, 0xc4200b6000, 0x770600, 0xc420016720, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:191 +0xb3
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc420092600, 0xc4200900c0, 0x0, 0xa)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:34 +0x31c
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc420092600, 0xc420016f00, 0x22, 0xc4200900c0, 0x0, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:107 +0x2ed
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.NewClientConn(0x774b20, 0xc42002a060, 0xc420016f00, 0x22, 0xc420063a90, 0x774b20, 0xc42002a060, 0x0, 0x0, 0xc4200118c0, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:75 +0x105
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.Dial(0x666e8c, 0x3, 0xc420016f00, 0x22, 0xc420063a90, 0x22, 0x0, 0x1)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:171 +0xb3
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).connect(0xc420063e90, 0x45c075, 0xc42002a018, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:77 +0x16b
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Stream(0xc420063e90, 0xc4200100ce, 0x6, 0x33, 0x47, 0x50, 0x793200)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:95 +0x40
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Run(0xc420063e90, 0xc4200100ce, 0x6, 0x666c32, 0x1, 0xc4200100ce, 0x6)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:130 +0x5d
main.Plugin.Exec.func1(0xc42000aba0, 0xa, 0x0, 0x0, 0xc42000abd0, 0x7, 0x0, 0x0, 0xc42000aa10, 0x1, ...)
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:71 +0x330
created by main.Plugin.Exec
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:79 +0x16e
And yes it did pull a new image, at first I thought it was the same as my previous comment, but in the time between my first comment above and now I had already pulled the new appleboy/drone-ssh and have been trying to get it to work with that. so yes I'm am seeing the same problem.
➜ ~ docker images | grep apple
appleboy/drone-ssh latest a419b6580448 6 days ago 11.6 MB
Thoughts?
If this is a bug I'd be curious to hear what was the problem.
@nemonik I will test the latest version of drone-ssh and drone server today.
Maybe a bug or not. I can't confirm without testing..
if I clone
go build
after go get
dependencies it builds.
go test
fails w/
2017/02/17 02:11:33 localhost: commands: whoami
2017/02/17 02:11:36 localhost: outputs:
2017/02/17 02:11:36 drone-ssh error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain
2017/02/17 02:11:36 localhost: commands: whoami
2017/02/17 02:11:36 localhost: outputs:
2017/02/17 02:11:36 drone-ssh error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
--- FAIL: TestSSHScriptFromRawKey (0.04s)
Error Trace: plugin_test.go:86
Error: Expected nil, but got: &errors.errorString{s:"ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain"}
2017/02/17 02:11:36 localhost: commands: whoami
ls -al
2017/02/17 02:11:36 127.0.0.1: commands: whoami
ls -al
2017/02/17 02:11:36 127.0.0.1: outputs:
2017/02/17 02:11:36 drone-ssh error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
--- FAIL: TestSSHScriptFromKeyFile (0.04s)
Error Trace: plugin_test.go:101
Error: Expected nil, but got: &errors.errorString{s:"ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain"}
FAIL
exit status 1
FAIL _/home/nemonik/Development/workspace/drone-ssh 2.569s
But if I docker build as the docs say... It builds the container like so
➜ drone-ssh git:(master) CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -tags netgo
➜ drone-ssh git:(master) docker build -t my/drone-ssh .
Sending build context to Docker daemon 7.535 MB
Step 1/4 : FROM alpine:3.4
---> 0766572b4bac
Step 2/4 : RUN apk update && apk add ca-certificates openssh-client && rm -rf /var/cache/apk/*
---> Using cache
---> 7ef92cd6ff53
Step 3/4 : ADD drone-ssh /bin/
---> Using cache
---> 3df02583c867
Step 4/4 : ENTRYPOINT /bin/drone-ssh
---> Using cache
---> 7afd2f74efb0
Successfully built 7afd2f74efb0
And then try to run:
➜ drone-ssh git:(master) docker run --rm -e PLUGIN_HOST=example.dev -e nemonik -e PLUGIN_KEY="$(cat ${HOME}/.ssh/ephemeral)" -e PLUGIN_SCRIPT=whoami -v $(pwd):$(pwd) -w $(pwd) my/drone-ssh
2017/02/17 07:14:50 example.dev: commands: whoami
2017/02/17 07:14:50 example.dev: outputs:
2017/02/17 07:14:50 drone-ssh error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
This is with the private key at the path, and this ~/.ssh/config
➜ drone-ssh git:(master) cat ~/.ssh/config
Host example.dev
IdentityFile ~/.ssh/ephemeral
IdentitiesOnly yes
If I ssh nemonik@example.dev
I authenticate via my key w/o an issue like so:
➜ drone-ssh git:(master) ssh nemonik@example.dev
Last login: Fri Feb 17 02:08:48 2017 from localhost
Just hit this myself, after trying to setup ssh deploy I hit the error s below.
2017/02/19 18:37:13 example.com: commands: echo 'to be added'
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x5d42e3]
goroutine 5 [running]:
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.publicKeyCallback.auth(0xc420084be0, 0xc420085860, 0x20, 0x20, 0xc42000a2cc, 0xf, 0x784c20, 0xc4200706e0, 0x782620, 0xc420016870, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:193 +0xb3
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc420052880, 0xc42007a0c0, 0x0, 0xa)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:36 +0x369
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc420052880, 0xc420084c00, 0x1d, 0xc42007a0c0, 0x0, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:105 +0x2e6
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.NewClientConn(0x786e20, 0xc42000c078, 0xc420084c00, 0x1d, 0xc420035ad8, 0x786e20, 0xc42000c078, 0x0, 0x0, 0xc420084be0, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:75 +0xe2
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.Dial(0x676bf0, 0x3, 0xc420084c00, 0x1d, 0xc420035ad8, 0x1d, 0x0, 0x1)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:169 +0xb3
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).connect(0xc420035ed0, 0x0, 0x0, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:77 +0x16e
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Stream(0xc420035ed0, 0xc42000a2ee, 0x12, 0x3a, 0x4e, 0x50, 0x7a5860)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:95 +0x40
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Run(0xc420035ed0, 0xc42000a2ee, 0x12, 0x6769b0, 0x1, 0xc42000a2ee, 0x12)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:130 +0x5d
main.Plugin.Exec.func1(0xc42000a3ab, 0xa, 0x0, 0x0, 0xc42000a2cc, 0xf, 0x0, 0x0, 0xc42000eb40, 0x1, ...)
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:71 +0x31e
created by main.Plugin.Exec
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:79 +0x176
Can't reproduce this problem.
@nemonik
$ docker run --rm \
→ -e PLUGIN_HOST=192.168.1.100 \
→ -e PLUGIN_USER=drone-scp \
→ -e PLUGIN_KEY="$(cat ${HOME}/.ssh/id_rsa)" \
→ -e PLUGIN_SCRIPT="whoami" \
→ -v $(pwd):$(pwd) \
→ -w $(pwd) \
→ appleboy/drone-ssh
2017/02/25 06:32:00 + ssh drone-scp@192.168.1.100:22
drone-scp
Copy content of id_rsa.pub
into .ssh/authorized_keys
of drone-scp
user.
@appleboy not sure if this is the same as @nemonik but this is how i am getting the error.
Well this is what i am doing, i have set the SSH_KEY secret on drone to be SSH_KEY=@/home/user/.ssh/id_rsa
Then in my .drone.yml file i pass in the KEY like below and then get the error above.
my understanding is that drone secrets should then provide the key to drone-ssh
pipeline:
publish-test:
pull: True
image: appleboy/drone-ssh
host: example.com
user: ${SSH_USER}
key: "${SSH_KEY}"
port: 22
script:
- echo ${SSH_USER}
- echo "${SSH_KEY}"
- echo 'to be added'
Then i get the error above, i can see in the echo that it actually shows @/file/path and not the key not sure if thats correct or not.
@olymk2
Change
key: "${SSH_KEY}"
to
key: ${SSH_KEY}
remove the double quotes and try to remove - echo 'to be added'
then test again.
@appleboy tried that, so i now have the below yaml, the double quotes where based on a suggestion from @bradrydzewski how ever if i remove the quotes i get invalid character in the yaml presumably the @ symbol
pipeline:
publish-test:
pull: True
image: appleboy/drone-ssh
host: example.com
user: ${SSH_USER}
key: ${SSH_KEY}
port: 22
script:
- echo ${SSH_USER}
- echo ${SSH_KEY}
Running Matrix job #0
yaml: line 10: found character that cannot start any token
One thing i would like to clarify is when setting the secret to your ssh key should it be a remote or local file, currently using local because it complains about file not found if i use remote so i am assuming that th local key is copied up from the local file.
@olymk2 What is your version of drone? The following config is working for me.
# start app for production, listen master branch
ssh_production:
image: appleboy/drone-ssh
pull: true
host:
- 10.135.xxx.xxx
- 10.135.xxx.xxx
port: 22
user: deploy
key: ${SSH_KEY}
script:
- xxxxx
- xxxxx
when:
event: tag
status: [ success ]
Try the following changes:
script:
- - echo ${SSH_USER}
- - echo ${SSH_KEY}
+ - whoami
@appleboy that errors as well, I did take out the key: ${SSH_KEY} because as mentioned the yml errors with out the quotes.
Running Matrix job #0
[publish-test:L0:0s] 2017/02/25 12:38:13 example.com: commands: whoami
[publish-test:L1:0s] panic: runtime error: invalid memory address or nil pointer dereference
[publish-test:L2:0s] [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x5d42e3]
It feels a bit like the issue might be with secrets, did you specify your SSH_KEY above with drones secrets command and using @ to point at the file ?
I am running the latest drone compiled last night.
drone version 0.5.0+dev
@olymk2 My secret command as the following:
drone secret add --skip-verify --event pull_request appleboy/drone-ssh SSH_KEY @/Users/xxxxxx/.ssh/id_rsa
Thanks for persevering @appleboy it seems --skip-verify is the key, perhaps an error message would help going forward, not sure if drone or drone-ssh should do that.
looking at @nemonik command at the top --skip-verify has not been provided so this maybe the difference thats triggering this error.
@olymk2 Please make sure that resign drone sig file if you don't use --skip-verify
flag.
drone secret add --event pull_request appleboy/drone-ssh SSH_KEY @/Users/xxxxxx/.ssh/id_rsa
drone sign your_project
Apparently this bug seems to be related to the type of SSH key. I can reproduce this bug with using a ECDSA-type SSH key.
@appleboy
You seem to be using your own id_rsa
, but could you please try using id_ecdsa
?
I think we support ECDSA-type
SSH key. Please see the following specs.
I will try it asap.
I am experiencing this issue also. For reference I am using a ssh key generated by AWS for an ec2 instance (not sure what type of key they use).
my recommendation would be that someone add a unit test for the type of key they think is failing to parse and/or panic https://github.com/appleboy/drone-ssh/blob/master/plugin_test.go
this should be easily provable
Just getting back to this...
So
$ docker run --rm \
→ -e PLUGIN_HOST=192.168.1.100 \
→ -e PLUGIN_USER=drone-scp \
→ -e PLUGIN_KEY="$(cat ${HOME}/.ssh/id_rsa)" \
→ -e PLUGIN_SCRIPT="whoami" \
→ -v $(pwd):$(pwd) \
→ -w $(pwd) \
→ appleboy/drone-ssh
Modified for my environment works returning:
2017/02/27 17:45:34 cocreate-centos7: commands: whoami
2017/02/27 17:45:34 cocreate-centos7: outputs: nemonik
@nemonik So maybe we can close this issue?
Not yet... working from top to bottom...
drone secret add --skip-verify --event pull_request Ephemeral/nodejs-helloworld SSH_KEY @/home/nemonik/.ssh/ephemeral
blows up like before using:
deploy:
pull: true
image: appleboy/drone-ssh
host: example.dev
user: nemonik
key: ${ssh_key}
port: 22
script:
- whoami
when:
branch:
include: [ master, release/* ]
still working my way down...
But again
docker run --rm -e PLUGIN_HOST=example.dev -e PLUGIN_USER=nemonik -e PLUGIN_KEY="$(cat /home/nemonik/.ssh/ephemeral)" -e PLUGIN_SCRIPT="whoami" -v $(pwd):$(pwd) -w $(pwd) appleboy/drone-ssh
works perfectly.
For drone/drone:0.5
and drone CLI version 0.5.0+dev, it is stil a great big fail whale.
Okay. Every step:
➜ nodejs-helloworld git:(master) ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/nemonik/.ssh/id_rsa): /home/nemonik/.ssh/ephemeral
/home/nemonik/.ssh/ephemeral already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/nemonik/.ssh/ephemeral.
Your public key has been saved in /home/nemonik/.ssh/ephemeral.pub.
The key fingerprint is:
0a:df:04:70:65:1b:0c:50:f0:fd:3b:63:2e:9b:ed:b8 nemonik@example.dev
The key's randomart image is:
+--[ RSA 2048]----+
| +++++ |
| + o.o |
| o o |
| . . |
| . S . |
| o + . |
| o . = |
| .* o |
| E=+ |
+-----------------+
rm ~/.ssh/authorized_keys
cat ~/.ssh/ephemeral.pub > ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
rm ~/.ssh/known_hosts
Then ls -las ~/.ssh
returns:
total 20
0 drwx------. 2 nemonik nemonik 77 Feb 27 14:21 .
4 drwx------. 13 nemonik nemonik 4096 Feb 27 14:22 ..
4 -rw-------. 1 nemonik nemonik 421 Feb 27 14:19 authorized_keys
4 -rw-------. 1 nemonik nemonik 97 Feb 17 02:07 config
4 -rw-------. 1 nemonik nemonik 1675 Feb 27 14:16 ephemeral
4 -rw-------. 1 nemonik nemonik 421 Feb 27 14:16 ephemeral.pub
Add the private kek:
drone secret add --event pull_request Ephemeral/nodejs-helloworld SSH_KEY @/home/nemonik/.ssh/ephemeral
View via drone secret ls Ephemeral/nodejs-helloworld
returns:
SSH_KEY
Events: push, tag, deployment, pull_request
SkipVerify: false
Conceal: false
Sign my project:
➜ ~ cd ~/Development/workspace/ephemeral/nodejs-helloworld
➜ nodejs-helloworld git:(master) drone sign Ephemeral/nodejs-helloworld
➜ nodejs-helloworld git:(master) drone sign Ephemeral/nodejs-helloworld
➜ nodejs-helloworld git:(master) ✗ git add .
➜ nodejs-helloworld git:(master) ✗ git commit -m "drone signed"
[master 84f4345] drone signed
1 file changed, 1 insertion(+)
create mode 100644 .drone.yml.sig
➜ nodejs-helloworld git:(master) git push
Counting objects: 4, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 1.19 KiB | 0 bytes/s, done.
Total 3 (delta 1), reused 1 (delta 0)
To ssh://git@example.dev:10022/Ephemeral/nodejs-helloworld.git
4f4629b..84f4345 master -> master
For this .drone.yml:
deploy:
image: appleboy/drone-ssh
pull: true
host:
- example.dev
port: 22
user: nemonik
key: ${SSH_KEY}
script:
- whoami
I get:
2017/02/27 19:32:21 example.dev: commands: whoami
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x5d42e3]
goroutine 18 [running]:
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.publicKeyCallback.auth(0xc42007f540, 0xc42007fb20, 0x20, 0x20, 0xc42000a36c, 0x7, 0x784c20, 0xc42008c840, 0x782620, 0xc42006e630, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:193 +0xb3
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc42007a680, 0xc4200940c0, 0x0, 0xa)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:36 +0x369
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc42007a680, 0xc42006eed0, 0x22, 0xc4200940c0, 0x0, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:105 +0x2e6
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.NewClientConn(0x786e20, 0xc42007c050, 0xc42006eed0, 0x22, 0xc420067ad8, 0x786e20, 0xc42007c050, 0x0, 0x0, 0xc42007f540, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:75 +0xe2
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.Dial(0x676bf0, 0x3, 0xc42006eed0, 0x22, 0xc420067ad8, 0x22, 0x0, 0x1)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:169 +0xb3
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).connect(0xc420067ed0, 0x0, 0x0, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:77 +0x16e
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Stream(0xc420067ed0, 0xc42000a10e, 0x6, 0x33, 0x47, 0x50, 0x7a5860)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:95 +0x40
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Run(0xc420067ed0, 0xc42000a10e, 0x6, 0x6769b0, 0x1, 0xc42000a10e, 0x6)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:130 +0x5d
main.Plugin.Exec.func1(0xc42000a26b, 0xa, 0x0, 0x0, 0xc42000a36c, 0x7, 0x0, 0x0, 0xc42006a8a0, 0x1, ...)
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:71 +0x31e
created by main.Plugin.Exec
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:79 +0x176
If I run appleboy/drone-ssh
on the command line like so
docker run --rm -e PLUGIN_HOST=example.dev -e PLUGIN_USER=nemonik -e PLUGIN_KEY="$(cat /home/nemonik/.ssh/ephemeral)" -e PLUGIN_SCRIPT="whoami" -v $(pwd):$(pwd) -w $(pwd) appleboy/drone-ssh:latest
I get:
2017/02/27 19:40:58 example.dev: commands: whoami
2017/02/27 19:40:59 example.dev: outputs: nemonik
2017/02/27 19:40:59 Successfully executed commands to all host.
Am I missing something like fundamentally stupid?
Cloned and added debugging fmt.Println
's and then determined I needed --image=ephemeral/drone-ssh
in the drone secret add
. I could finally see the key
drone secret add --image=ephemeral/drone-ssh Ephemeral/nodejs-helloworld SSH_KEY @/home/nemonik/.ssh/ephemeral
but...
Still getting same
2017/02/27 19:32:21 example.dev: commands: whoami
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x5d42e3]
goroutine 18 [running]:
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.publicKeyCallback.auth(0xc42007f540, 0xc42007fb20, 0x20, 0x20, 0xc42000a36c, 0x7, 0x784c20, 0xc42008c840, 0x782620, 0xc42006e630, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:193 +0xb3
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc42007a680, 0xc4200940c0, 0x0, 0xa)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client_auth.go:36 +0x369
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc42007a680, 0xc42006eed0, 0x22, 0xc4200940c0, 0x0, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:105 +0x2e6
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.NewClientConn(0x786e20, 0xc42007c050, 0xc42006eed0, 0x22, 0xc420067ad8, 0x786e20, 0xc42007c050, 0x0, 0x0, 0xc42007f540, ...)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:75 +0xe2
github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh.Dial(0x676bf0, 0x3, 0xc42006eed0, 0x22, 0xc420067ad8, 0x22, 0x0, 0x1)
/srv/app/src/github.com/appleboy/drone-ssh/vendor/golang.org/x/crypto/ssh/client.go:169 +0xb3
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).connect(0xc420067ed0, 0x0, 0x0, 0x0)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:77 +0x16e
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Stream(0xc420067ed0, 0xc42000a10e, 0x6, 0x33, 0x47, 0x50, 0x7a5860)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:95 +0x40
github.com/appleboy/drone-ssh/easyssh.(*MakeConfig).Run(0xc420067ed0, 0xc42000a10e, 0x6, 0x6769b0, 0x1, 0xc42000a10e, 0x6)
/srv/app/src/github.com/appleboy/drone-ssh/easyssh/easyssh.go:130 +0x5d
main.Plugin.Exec.func1(0xc42000a26b, 0xa, 0x0, 0x0, 0xc42000a36c, 0x7, 0x0, 0x0, 0xc42006a8a0, 0x1, ...)
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:71 +0x31e
created by main.Plugin.Exec
/srv/app/src/github.com/appleboy/drone-ssh/plugin.go:79 +0x176
error. GRRRR.
I am confused why your image
in drone secret add --image=ephemeral/drone-ssh Ephemeral/nodejs-helloworld SSH_KEY @/home/nemonik/.ssh/ephemeral
should not be --image=appleboy/drone-ssh
? Wouldn't your drone.yml
also have to use ephemeral/drone-ssh
as an image? It was my understanding that the image specified in the drone.yml
should match the one you specify in the drone secret add
command.
In addition, I cannot tell what I am doing differently from nemonik but I keep getting
drone-ssh error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
I assume this means my key is not being properly injected into the image? If there a proper way to verify if those secrets are being injected or not?
@PeterCat12, I cloned the appleboy/drone-ssh repo, added logging to print out p
inside the Exec function in plugin.go to verify envs were being passed, then built the image.
I added SSH_KEY_PATH and SSH_KEY secrets via drone respectfully like so
drone secret add --image=ephemeral/drone-ssh Ephemeral/nodejs-helloworld SSH_KEY_PATH /home/nemonik/.ssh/ephemeral
drone secret add --image=ephemeral/drone-ssh Ephemeral/nodejs-helloworld SSH_KEY @/home/nemonik/.ssh/ephemeral
Passing SSH_KEY_PATH ephemeral/drone-ssh spits out
{
"Config": {
"Key": "${SSH_KEY_PATH}",
"KeyPath": "/home/nemonik/.ssh/ephemeral",
"UserName": "nemonik",
"Password": "",
"Host": [
"example.dev"
],
"Port": 22,
"Timeout": 0,
"Script": [
"whoami"
]
}
}
for .drone.yml entry
ssh-deploy:
# image: appleboy/drone-ssh
image: ephemeral/drone-ssh
# pull: true
host: example.dev
port: 22
user: nemonik
key: ${SSH_KEY_PATH}
script:
- whoami
And then for the SSH_KEY
{
"Config": {
"Key": "${SSH_KEY}",
"KeyPath": "/home/nemonik/.ssh/ephemeral",
"UserName": "nemonik",
"Password": "",
"Host": [
"example.dev"
],
"Port": 22,
"Timeout": 0,
"Script": [
"whoami"
]
}
}
for .drone.yml entry
ssh-deploy:
# image: appleboy/drone-ssh
image: ephemeral/drone-ssh
# pull: true
host: example.dev
port: 22
user: nemonik
key: ${SSH_KEY}
script:
- whoami
Notice in prior comment in both instances the plugin.go code favored the KeyPath because I had left both the SSH_KEY_PATH and SSH_KEY as drone secrets, but if I re-run after removing the SSH_KEY_PATH secret the plugin spits out
{
"Config": {
"Key": "${SSH_KEY}",
"KeyPath": "",
"UserName": "nemonik",
"Password": "",
"Host": [
"example.dev"
],
"Port": 22,
"Timeout": 0,
"Script": [
"whoami"
]
}
}
Ah. Apologies. The fact that you cloned the repo went right by me. Isn't this only verifying that the config
is successfully being changed and not that the resulting docker image holds the correct environment variables? That is what I am interested in. Since my version of
python docker run --rm -e PLUGIN_HOST=example.dev -e PLUGIN_USER=nemonik -e PLUGIN_KEY="$(cat /home/nemonik/.ssh/ephemeral)" -e PLUGIN_SCRIPT="whoami" -v $(pwd):$(pwd) -w $(pwd) appleboy/drone-ssh:latest
works fine for me on the CL but drone keeps throwing up.
Same here works fine when you run from docker, but not through drone...
I'm now working through what github.com/appleboy/drone-ssh/easyssh is doing when it gets called...
What is your host OS? Mine is CentOS Linux release 7.3.1611 (Core).
host OS is a Ubuntu 16.04.1 LTS.
I copied my private key out of /home/nemonik/.ssh/ephemeral to /home/nemonik and changed group and other rights to permit reading the key, and then triggered a build... This time the SSH_KEY env is holding the contents of my private key vice not.
Printing out the env variables
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=efda408c7aee
PLUGIN_PORT=22
DRONE_REPO_TRUSTED=false
DRONE_VERSION=0.5.0+826
SSH_KEY=-----BEGIN RSA PRIVATE KEY-----
7NWuL0VJ4d3luUR2u3RQYJqQqxleWBw72R3bMijFcYLuk939nD17iauCiwiYmlkX
liSWuz1oYgVejztVeLGWJ8m/1tFyt9gtfb7ekdqnVpIJEiHFnlN1UWFeDIlYVRXj
<snip>
lyEAdRUCgYEA5xPu0N4FspHGv0HtMTLMlqc1Ac9+teIexuDNQsLoZEppr2OA63vM
+/B+e7DX4cHTdGv2KUVnjvKM6nmiRsUlMTPtoSh52C7Dc5thqoHCSeNQv4K9G8vq
-----END RSA PRIVATE KEY-----
DRONE_ARCH=linux/amd64
PLUGIN_SCRIPT=whoami
DRONE_JOB_FINISHED=0
DRONE_JOB_STATUS=running
DRONE_REPO_OWNER=Ephemeral
DRONE_JOB_NUMBER=1
DRONE_COMMIT_AUTHOR=nemonik
DRONE_COMMIT_SHA=89fcca9d3adc5d0d4ec2f5584e1b1d0df5f5fee8
DRONE_COMMIT_BRANCH=master
DRONE=true
DRONE_BUILD_EVENT=push
DRONE_REPO_NAME=nodejs-helloworld
DRONE_JOB_EXIT_CODE=0
DRONE_REPO_LINK=http://example.dev:10080/Ephemeral/nodejs-helloworld
DRONE_BUILD_STARTED=0
DRONE_PREV_COMMIT_SHA=ffef83d7c945c77c9712c201f137a78a8e6d15c
DRONE_REMOTE_URL=http://example.dev:10080/Ephemeral/nodejs-helloworld.git
DRONE_BUILD_LINK=http://example.dev:8000/Ephemeral/nodejs-helloworld/100
DRONE_REPO=Ephemeral/nodejs-helloworld
DRONE_YAML_VERIFIED=true
PLUGIN_HOST=example.dev
DRONE_REPO_BRANCH=master
DRONE_REPO_PRIVATE=false
DRONE_COMMIT_REF=refs/heads/master
PLUGIN_USER=nemonik
PLUGIN_KEY=${SSH_KEY}
DRONE_YAML_SIGNED=true
DRONE_BUILD_CREATED=1488315481
DRONE_PREV_BUILD_STATUS=failure
DRONE_BUILD_NUMBER=100
CI=drone
DRONE_BUILD_FINISHED=0
DRONE_PREV_BUILD_NUMBER=99
DRONE_JOB_STARTED=1488315481
DRONE_COMMIT_MESSAGE=trigger build
DRONE_COMMIT_AUTHOR_AVATAR=https://www.gravatar.com/avatar/0625457a68a9f7cc74f99680427430e3.jpg?s=128
DRONE_BRANCH=master
DRONE_BUILD_STATUS=success
DRONE_COMMIT_AUTHOR_EMAIL=nemonik@example.dev
DRONE_COMMIT=89fcca9d3adc5d0d4ec2f5584e1b1d0df5f5fee8
HOME=/root
p
in plugin.go is
{
"Config": {
"Key": "${SSH_KEY}",
"KeyPath": "",
"UserName": "nemonik",
"Password": "",
"Host": [
"example.dev"
],
"Port": 22,
"Timeout": 0,
"Script": [
"whoami"
]
}
}
still getting
2017/02/28 20:58:03 example.dev: commands: whoami
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x20 pc=0x591650]
goroutine 19 [running]:
panic(0x6efa00, 0xc82000a0a0)
/usr/lib/golang/src/runtime/panic.go:481 +0x3e6
golang.org/x/crypto/ssh.publicKeyCallback.auth(0xc82006f860, 0xc820010d20, 0x20, 0x20, 0xc820075050, 0x7, 0x7f7dc1169550, 0xc8200fc000, 0x7f7dc1129358, 0xc820078540, ...)
/home/nemonik/golang/src/golang.org/x/crypto/ssh/client_auth.go:193 +0x170
golang.org/x/crypto/ssh.(*connection).clientAuthenticate(0xc8200f0100, 0xc8200f6000, 0x0, 0x0)
/home/nemonik/golang/src/golang.org/x/crypto/ssh/client_auth.go:36 +0x538
golang.org/x/crypto/ssh.(*connection).clientHandshake(0xc8200f0100, 0xc8200793e0, 0x22, 0xc8200f6000, 0x0, 0x0)
/home/nemonik/golang/src/golang.org/x/crypto/ssh/client.go:105 +0x457
golang.org/x/crypto/ssh.NewClientConn(0x7f7dc11650b0, 0xc82002c008, 0xc8200793e0, 0x22, 0xc8200bf8f8, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/home/nemonik/golang/src/golang.org/x/crypto/ssh/client.go:75 +0x125
golang.org/x/crypto/ssh.Dial(0x751c88, 0x3, 0xc8200793e0, 0x22, 0xc8200bf8f8, 0x22, 0x0, 0x0)
/home/nemonik/golang/src/golang.org/x/crypto/ssh/client.go:169 +0x104
_/home/nemonik/Development/workspace/ephemeral/drone-ssh/easyssh.(*MakeConfig).connect(0xc8200bfe88, 0x1, 0x0, 0x0)
/home/nemonik/Development/workspace/ephemeral/drone-ssh/easyssh/easyssh.go:79 +0x55b
_/home/nemonik/Development/workspace/ephemeral/drone-ssh/easyssh.(*MakeConfig).Stream(0xc8200bfe88, 0xc82001008e, 0x6, 0x0, 0x0, 0x0, 0x0)
/home/nemonik/Development/workspace/ephemeral/drone-ssh/easyssh/easyssh.go:108 +0x8b0
_/home/nemonik/Development/workspace/ephemeral/drone-ssh/easyssh.(*MakeConfig).Run(0xc8200bfe88, 0xc82001008e, 0x6, 0x0, 0x0, 0x0, 0x0)
/home/nemonik/Development/workspace/ephemeral/drone-ssh/easyssh/easyssh.go:143 +0x75
main.Plugin.Exec.func1(0xc820075006, 0xa, 0x0, 0x0, 0xc820075050, 0x7, 0x0, 0x0, 0xc820074ea0, 0x1, ...)
/home/nemonik/Development/workspace/ephemeral/drone-ssh/plugin.go:100 +0x350
created by main.Plugin.Exec
/home/nemonik/Development/workspace/ephemeral/drone-ssh/plugin.go:108 +0xc7d
After modifiying plugin.go to use the /easyssh vice the githhub path to.
@PeterCat12 and @appleboy:
So, awoke with the solution.
If you set a SHH_KEY
secret like so
drone secret add --image=appleboy/drone-ssh Ephemeral/nodejs-helloworld SSH_KEY @/home/nemonik/.ssh/ephemeral
And then set up the pipeline like so:
ssh-deploy:
image: appleboy/drone-ssh
pull: true
host: example.dev
port: 22
user: nemonik
key: ${SSH_KEY}
script:
- whoami
The container/plugin will have an SSH_KEY environmental variable containing the text of your private key, but a PLUGIN_KEY environmental variable containing, well, ${SSH_KEY}. The SSH_KEY environmental variable is ignored, but the PLUGIN_KEY environmental is used to set p.Config.Key and this goes in easydrone to attempt the SSH connection resulting in a fail.
One has to understand all these parameters show up in the container/plugin prepended with PLUGIN
_ and then the all caps form of the parameter.
So, your drone secret rm
the SSH_KEY and instead set a PLUGIN_KEY like so
drone secret add --image=appleboy/drone-ssh Ephemeral/nodejs-helloworld PLUGIN_KEY @/home/nemonik/.ssh/ephemeral
and the modify your pipeline to:
ssh-deploy:
image: appleboy/drone-ssh
pull: true
host: example.dev
port: 22
user: nemonik
script:
- whoami
Yeah, you don't even pass a key
value as it already exists as secret. Trigger your build and things run fine like so:
2017/03/03 16:23:24 example.dev commands: whoami
2017/03/03 16:23:24 example.dev: outputs: nemonik
2017/03/03 16:23:24 Successfully executed commands to all host.
I would suggest updating the documentation.
Can't wait to get home and test this!!! Thanks so much @nemonik.
@nemonik @PeterCat12
How do you guys install drone server? Docker container or build binary by yourself?
@appleboy I installed it per the documentation tutorial for drone 0.5: http://readme.drone.io/0.5/install/server/
@nemonik, @appleboy unfortunately I am still not able to load up my private key to the docker container:
drone-ssh error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain ssh: handshake failed: ssh: unable to authenticate, attempted methods [publickey none], no supported methods remain
My yml:
ssh-deploy:
image: appleboy/drone-ssh
host: my host
user: ubuntu
port: 22
script:
- whoami
My secret command:
drone secret add --image=appleboy/drone-ssh --skip-verify --event pull_request PeterCat12/SmashDB PLUGIN_KEY @/home/peter/Projects/keys/id_rsa
My command to run my drone server:
sudo docker run -d --env-file /etc/drone/dronerc -v /var/lib/drone/:/var/lib/drone -p 80:8000 --restart=always --name=drone drone/drone:0.5
my dronerc file (not real secrets/clientid):
DRONE_YAML=.drone.yml DRONE_DEBUG=true DRONE_GITHUB=true DRONE_SECRET=secert DRONE_GITHUB_CLIENT=clientid DRONE_GITHUB_SECRET=secret DRONE_OPEN=true DRONE_ADMIN=PeterCat12
Cloned and am printing out my p.Config. My key is successfully being set with the following drone.yml:
pipeline:
ssh-deploy:
image: petercat/drone-ssh
host: host
user: ubuntu
port: 22
pull: true
script:
- whoami
when:
event: [push, pull_request, tag, deployment]
printing out my config locally and on my drone server yields identical results.
{
"Key": "----privatekey---",
"KeyPath": "",
"UserName": "ubuntu",
"Password": "",
"Host": ["host"],
"Port": 22,
"Timeout": 0,
"CommandTimeout": 60,
"Script": ["whoami"],
"Proxy": {
"User": "root",
"Server": "",
"Key": "",
"KeyPath": "",
"Port": "22",
"Password": "",
"Timeout": 0
}
}
It seems that @nemonik is correct in that I don't have to set my key
in the drone .yml. However, I am still getting handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
. I can successfully run
docker run --rm -e PLUGIN_HOST=host -e PLUGIN_USER=ubuntu -e PLUGIN_KEY="$(cat /home/peter/Projects/keys/id_rsa)" -e PLUGIN_SCRIPT="whoami" petercat/drone-ssh
both locally and on my EC2 instance. However, the drone server (on the ec2 instance) for some reason cannot authenticate... @appleboy What version of drone + docker are you running?
JESUS. One of the biggest face palm moments of my life. I was specifying the same host ec2 instance as the one drone was running on and NOT the target ec2 instance where I wanted to SSH into.
@nemonik Can you help me try the latest drone-ssh version?
@PeterCat12 You missing set key
on drone config.
Sure. I will pull and install today.
On Jun 7, 2017 1:52 AM, "Bo-Yi Wu" notifications@github.com wrote:
@nemonik https://github.com/nemonik Can you help me try the latest drone-ssh version?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/appleboy/drone-ssh/issues/41#issuecomment-306693839, or mute the thread https://github.com/notifications/unsubscribe-auth/AAKwGAyMLRdPD5aFOnVnXwlMvpgFmUvTks5sBjqRgaJpZM4L7uGA .
For
After registering my SSH_KEY as a secret via drone cli
I get out of drone: