I'm trying to create webhook for autoupdate my repository trough EC2 instance with php exec() script. The valid ssh key for all git commands is owned by sudoers.
So I need to run this after each commit:
exec('
cd ~/var/www/html/site/repo-test &&
sudo git pull origin master &&
sudo chown -R apache:apache ~/var/www/html/site/repo-test');
It is not working at all, I think it's because of the webhook file is ran by apache:apache. But I didn't setup any password for sudoers, so why the apache admin can't execute sudo?
Related
How can I run Envoy as root? I have a company server which has root access disabled, but I can sudo -s to it.
For example, when running git pull through Envoy I am getting:
[jenkins]: error: cannot open .git/FETCH_HEAD: Permission denied
I have tried adding sudo -s to it:
#task('deploy')
sudo -s
git pull
#endtask
But this only results in:
[jenkins]: sudo: no tty present and no askpass program specified
Is there a way to run Envoy as root?
Just log in to the server as root
#servers(['web' => 'root#webserver.example.com'])
But logging in as root and running commands is not the most secure way.
At least disable password login for root after setting up ssh keys.
In perfect world, you should have a user which can run commands needed for deployment only.
I'm trying to set up a simple PHP script that can do a git pull when you go to a particular URL on an AWS Amazon Linux 2 AMI test web server I have set up.
I ran into some issues trying to do that though, and have since been following this article to try to work things out: https://jondavidjohn.com/git-pull-from-a-php-script-not-so-simple/
I'm stuck on the step where the author says to run sudo -u www git pull.
In my system, apache is the Apache user that we need to do a git pull for in order to add the necessarily SSH key info, but it's not working. When I try to run the following:
sudo -u apache git pull
I get the following error:
Failed to add the host to the list of known hosts (/usr/share/httpd/.ssh/known_hosts).
Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
I don't know if this is an issue, but there is no .ssh directory under /usr/share/httpd. There is a known_hosts file under ~/.ssh, so maybe that's the one I need to worry about? I'm not really sure.
This very much feels like a permissions error (the error message suggests as much), but I'm really not sure what file where needs to be changed and how. Any advice would be greatly appreciated. Thank you.
Many thanks to ArSeN for walking me through the process in our comments back and forth above. What ultimately solved this for me was changing the permissions on the /usr/share/httpd dir where the apache user SSH key needs to go, and then copying the SSH key already in use by ec2-user over to that directory.
Here're the commands I ran:
sudo chown -R ec2-user:apache /usr/share/httpd
sudo chmod -R 777 /usr/share/httpd
sudo cp -r /home/ec2-user/.ssh/ /usr/share/httpd/.ssh/
sudo chown -R ec2-user:apache /usr/share/httpd
sudo chmod -R 755 /usr/share/httpd
sudo chown -R ec2-user:apache /var/www
cd /var/www/project-name/
sudo -u apache git pull
sudo chown -R ec2-user:apache /var/www
As you can see in the commands, for whatever reason, I had to run chown several times to get the user/group stuff set correctly, but ultimately it worked and I was able to get what I want. Thanks again, ArSeN.
I have a webhook for my application that currently does this:
cd /var/www/html; git pull origin master; /usr/local/bin/composer dump-autoload; php artisan migrate
I've been able to get all the commands above to work except the composer dump-autoload command.
When I log into the server as ec2-user and run sudo -u apache /usr/local/bin/composer dump-autoload, the command runs. But if I hit the endpoint that runs this command through a PHP script using shell_exec, this does not work.
Is there a way for me to get apache user to run this command on its own?
This should be doable by modifying your sudoers file.
visudo
Add the line:
ec2-user ALL=(apache) NOPASSWD: /path/to/script.sh
Don't forget to check if the apache user does have writing privileges under Laravel directory. composer will try to write in 'vendors' directory.
Regards.
I deployed a laravel project to amazon web server. I used my git repository to deploy it. I updated composer in the server via sync.sh file. Now I need to migrate using artisan command.
Here is my sync.sh file
#!/bin/bash
sudo chmod -R a+w /var/www/****serverName***/public_html/*projectName*
sudo php /usr/bin/composer --working-dir=/var/www/*serverName*/public_html/*projectName*/ update
you can add the following line to your sync.sh file.
sudo php /var/www/****serverName***/public_html/projectName/artisan migrate
I am trying to deploy a Symfony2 PHP project on Ubuntu 15.10 with MagePHP, but it always asks me for the SSH users password when executing:
sudo php vendor/andres-montanez/magallanes/bin/mage deploy to:staging
When checking the log I can see it stops at this command:
ssh -p 22 -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ssh-user#my-domain.com "sh -c \"mkdir -p /customers/489176_10999/websites/my_company/symfony/staging/releases/20160902094526\""
Executing this command by itself works fine (so the server accepts the ssh key), but from within the context of the deployment script it doesn't.
I am quite puzzled by this, since both commands are run from the same directory. Any ideas how I can make this work?
try running the deploy with sudo.
Regards!
Since the file has been located under /var/www the ssh-agent had no access to the key files, since they were stored under the user directory. Moving the entire project inside the user directory fixed this issue.