1

So I'm trying to connect to a VPN to my server in order to pull the project trough gitlab, this is my gitlab-ci.yml file:

image: cypress/base:10


stages:
  - deployment

deploy:
  stage: deployment

  before_script:
    ## VPN
  - which openvpn || (apt-get update -y -qq && apt-get install -y -qq openvpn) # Install openvpn if not available.
  - cat <<< $CLIENT_OVPN > /etc/openvpn/client.conf # Move vpn config from gitlab variable to config file.
  - cat <<< $VPN_U > /etc/openvpn/pass.txt # Move vpn user from gitlab variable to pass file.
  - cat <<< $VPN_P >> /etc/openvpn/pass.txt # Move vpn password from gitlab variable to pass file.
  - cat <<< "auth-user-pass /etc/openvpn/pass.txt" >> /etc/openvpn/client.conf # Tell vpn config to use password file.
  - cat <<< "log /etc/openvpn/client.log" >> /etc/openvpn/client.conf # Tell vpn config to use log file.
  - openvpn --config /etc/openvpn/client.conf --daemon # Start openvpn with config as a deamon.
  - sleep 30s # Wait for some time so the vpn can connect before doing anything else.
  - cat /etc/openvpn/client.log # Print the vpn log.
  - ping -c "server IP" <IP> # Ping the server I want to deploy to. If not available this stops the deployment process.    
   ##
   ## SSH
   ## Inspiration for gitlab from https://docs.gitlab.com/ee/ci/ssh_keys/
   ## Inpsiration for new key from https://www.thomas-krenn.com/de/wiki/OpenSSH_Public_Key_Authentifizierung_unter_Ubuntu
   ##
  - which ssh-agent || (apt-get update -y -qq && apt-get install openssh-client -y -qq) # Install ssh-agent if not available.
  - eval $(ssh-agent -s) # Run ssh-agent.
  - mkdir -p ~/.ssh # Create ssh directory.
  - cat <<< $SSH_PRIVATE_KEY > ~/.ssh/id_rsa # Move ssh key from gitlab variable to file.
  - chmod 700 ~/.ssh/id_rsa  # Set permissions so only I am allowed to access my ssh key.
  - ssh-add # Add the key (no params -> default file name assumed).
  - cat <<< $SSH_KNOWN_HOSTS_DMS > ~/.ssh/known_hosts # Add the servers SSH Key to known_hosts prevent man in the middle attack.
  script:
    - ssh root@"server IP" "cd ../var/www/html/"projetct-name" && git checkout master && git pull && exit"
  only:
  - main

I've been going around in circles for two days now, but right now I'm getting this feedback on the deploy job

$ cat <<< $CLIENT_OVPN > /etc/openvpn/client.conf
$ cat <<< $VPN_U > /etc/openvpn/pass.txt
$ cat <<< $VPN_P >> /etc/openvpn/pass.txt
$ cat <<< "auth-user-pass /etc/openvpn/pass.txt" >> /etc/openvpn/client.conf
$ cat <<< "log /etc/openvpn/client.log" >> /etc/openvpn/client.conf
$ openvpn --config /etc/openvpn/client.conf --daemon
Cleaning up project directory and file based variables

ERROR: Job failed: exit code 1
Rodrigo Freitas
  • 11
  • 1
  • Is there a specific reason you are trying to perform all the VPN install inside the runner? if its a self hosted runner, then why not just install the VPN connection within that host (separate to any runner instance) and then get the runner to connect via ssh to perform the installation. However, I see that you are just using git on the remote to clone your repo down for "deployment" so if your remote machine has access to the git repo your code is on. just install a runner on your deployment host, make it do the installation using artifacts from a previous job and avoid any network magic. – quizguy Jul 20 '22 at 13:04

0 Answers0