英文:
connecting to a remote server using openvpn in a github actions workflow
问题
这是我的GitHub Actions中的CI工作流程:
name: CIon:push:branches: ["main"]jobs:docker-build:runs-on: ubuntu-lateststeps:- uses: actions/checkout@v3- name: Install Poetryuses: snok/install-poetry@v1- name: create requirementsrun: poetry export --without-hashes --format=requirements.txt > requirements.txt- name: Login to Docker Hubuses: docker/login-action@v2with:username: ${{ secrets.DOCKERHUB_USERNAME }}password: ${{ secrets.DOCKERHUB_PASSWORD }}- name: Build and push imageuses: docker/build-push-action@v3with:context: .push: truetags: ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}- name: Deploy to Staginguses: appleboy/ssh-action@v0.1.10env:OVPN_CONFIG: ${{ secrets.VPN_CONFIG }}VPN_USERNAME: ${{ secrets.VPN_USERNAME }}VPN_PASSWORD: ${{ secrets.VPN_PASSWORD }}with:host: ${{ secrets.STAGING_SERVER_HOST }}username: ${{ secrets.STAGING_SERVER_USERNAME }}password: ${{ secrets.STAGING_SERVER_PASSWORD }}envs: OVPN_CONFIG,VPN_USERNAME,VPN_PASSWORDscript: |echo "${OVPN_CONFIG}" > vpn-config.ovpnecho "${VPN_USERNAME}" > vpn-credentials.txtecho "${VPN_PASSWORD}" >> vpn-credentials.txtopenvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txtsleep 5ls -ladocker pull ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latestdocker run -d ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latest# Cleanup: Delete the temporary VPN credentials filerm vpn-credentials.txt
这个工作流程用于构建Docker镜像并在每次推送到主分支时将其上传到Docker Hub,这部分工作正常运行。然后,我希望使用SSH连接到预计托管应用程序的服务器,但为了实现这一点,我必须使用OpenVPN建立VPN连接。这部分似乎有问题,因为连接似乎没有建立。我在这里做错了什么吗?
以下是部分工作流程日志:
***[command]/usr/bin/docker run --name ed866e71fb8133109f4ad988af16a3b2ab46f2_a1dfd1 --label ed866e --workdir /github/workspace --rm -e "VENV" -e "OVPN_CONFIG" -e "VPN_USERNAME" -e "VPN_PASSWORD" ...======CMD======echo "${OVPN_CONFIG}" > vpn-config.ovpnecho "${VPN_USERNAME}" > vpn-credentials.txtecho "${VPN_PASSWORD}" >> vpn-credentials.txtopenvpn --config vpn-config.ovpn --*** vpn-credentials.txtsleep 5ls -la*** docker pull ***/***:latest*** docker run -d --name meteor-bot ***/***:latest*** Cleanup: Delete the temporary VPN credentials filerm vpn-credentials.txt======END======2023/06/15 17:14:46 dial tcp ***:22: i/o timeout
英文:
This is my CI workflow in Github Actions:
name: CIon:push:branches: [ "main" ]jobs:docker-build:runs-on: ubuntu-lateststeps:- uses: actions/checkout@v3- name: Install Poetryuses: snok/install-poetry@v1- name: create requirementsrun: poetry export --without-hashes --format=requirements.txt > requirements.txt- name: Login to Docker Hubuses: docker/login-action@v2with:username: ${{ secrets.DOCKERHUB_USERNAME }}password: ${{ secrets.DOCKERHUB_PASSWORD }}- name: Build and push imageuses: docker/build-push-action@v3with:context: .push: truetags: ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}- name: Deploy to Staginguses: appleboy/ssh-action@v0.1.10env:OVPN_CONFIG: ${{ secrets.VPN_CONFIG }}VPN_USERNAME: ${{ secrets.VPN_USERNAME }}VPN_PASSWORD: ${{ secrets.VPN_PASSWORD }}with:host: ${{ secrets.STAGING_SERVER_HOST }}username: ${{ secrets.STAGING_SERVER_USERNAME }}password: ${{ secrets.STAGING_SERVER_PASSWORD }}envs: OVPN_CONFIG,VPN_USERNAME,VPN_PASSWORDscript: |echo "${OVPN_CONFIG}" > vpn-config.ovpnecho "${VPN_USERNAME}" > vpn-credentials.txtecho "${VPN_PASSWORD}" >> vpn-credentials.txtopenvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txtsleep 5ls -ladocker pull ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latestdocker run -d ${{ secrets.DOCKERHUB_NAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:latest# Cleanup: Delete the temporary VPN credentials filerm vpn-credentials.txt
The workflow is intended to build a Docker image and upload it to Docker Hub after every push to the main branch, which is working correctly.
After that i want to connect to the server that's supposed to host the app using SSH but in order to do that I have to establish a VPN connection using OpenVPN. This is what's giving me trouble because the connection doesn't seem to get established.
Am i doing something wrong here?
Here's some of the worklow logs:
***[command]/usr/bin/docker run --name ed866e71fb8133109f4ad988af16a3b2ab46f2_a1dfd1 --label ed866e --workdir /github/workspace --rm -e "VENV" -e "OVPN_CONFIG" -e "VPN_USERNAME" -e "VPN_PASSWORD" -e "INPUT_HOST" -e "INPUT_USERNAME" -e "INPUT_PASSWORD" -e "INPUT_ENVS" -e "INPUT_SCRIPT" -e "INPUT_PORT" -e "INPUT_PASSPHRASE" -e "INPUT_SYNC" -e "INPUT_USE_INSECURE_CIPHER" -e "INPUT_CIPHER" -e "INPUT_TIMEOUT" -e "INPUT_COMMAND_TIMEOUT" -e "INPUT_KEY" -e "INPUT_KEY_PATH" -e "INPUT_FINGERPRINT" -e "INPUT_PROXY_HOST" -e "INPUT_PROXY_PORT" -e "INPUT_PROXY_USERNAME" -e "INPUT_PROXY_PASSWORD" -e "INPUT_PROXY_PASSPHRASE" -e "INPUT_PROXY_TIMEOUT" -e "INPUT_PROXY_KEY" -e "INPUT_PROXY_KEY_PATH" -e "INPUT_PROXY_FINGERPRINT" -e "INPUT_PROXY_CIPHER" -e "INPUT_PROXY_USE_INSECURE_CIPHER" -e "INPUT_SCRIPT_STOP" -e "INPUT_ENVS_FORMAT" -e "INPUT_DEBUG" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/***/***":"/github/workspace" ed866e:71fb8133109f4ad988af16a3b2ab46f2======CMD======echo "${OVPN_CONFIG}" > vpn-config.ovpnecho "${VPN_USERNAME}" > vpn-credentials.txtecho "${VPN_PASSWORD}" >> vpn-credentials.txtopenvpn --config vpn-config.ovpn --*** vpn-credentials.txtsleep 5ls -la*** docker pull ***/***:latest*** docker run -d --name meteor-bot ***/***:latest*** Cleanup: Delete the temporary VPN credentials filerm vpn-credentials.txt======END======2023/06/15 17:14:46 dial tcp ***:22: i/o timeout
答案1
得分: 1
这是使用分离的 OpenVPN 操作的示例:
name: OpenVPNon:workflow_dispatch:jobs:deploy:runs-on: ubuntu-lateststeps:- name: Checkoutuses: actions/checkout@v3- name: Install OpenVPNrun: |sudo apt updatesudo apt install -y openvpn openvpn-systemd-resolved- name: Setup VPN configrun: |echo "${{ secrets.OVPN_CA }}" > ca.crtecho "${{ secrets.OVPN_CERT }}" > user.crt- name: Connect to VPNuses: "kota65535/github-openvpn-connect-action@v2"with:config_file: .github/workflows/ovpn/client.ovpnusername: ${{ secrets.OVPN_USERNAME }}password: ${{ secrets.OVPN_PASSWORD }}client_key: ${{ secrets.OVPN_USER_KEY }}- name: multiple commanduses: appleboy/ssh-action@v0.1.10with:host: ${{ secrets.SSH_RELAY }}username: ${{ secrets.SSH_RELAY_USER }}password: ${{ secrets.SSH_RELAY_PWD }}port: ${{ secrets.SSH_RELAY_PORT }}script: |whoamils -al- name: Kill VPN connectionif: always()run: |sudo killall openvpn
英文:
Here is an example using a separated OpenVPN action:
name: OpenVPNon:workflow_dispatch:jobs:deploy:runs-on: ubuntu-lateststeps:- name: Checkoutuses: actions/checkout@v3- name: Install OpenVPNrun: |sudo apt updatesudo apt install -y openvpn openvpn-systemd-resolved- name: Setup VPN configrun: |echo "${{ secrets.OVPN_CA }}" > ca.crtecho "${{ secrets.OVPN_CERT }}" > user.crt- name: Connect to VPNuses: "kota65535/github-openvpn-connect-action@v2"with:config_file: .github/workflows/ovpn/client.ovpnusername: ${{ secrets.OVPN_USERNAME }}password: ${{ secrets.OVPN_PASSWORD }}client_key: ${{ secrets.OVPN_USER_KEY }}- name: multiple commanduses: appleboy/ssh-action@v0.1.10with:host: ${{ secrets.SSH_RELAY }}username: ${{ secrets.SSH_RELAY_USER }}password: ${{ secrets.SSH_RELAY_PWD }}port: ${{ secrets.SSH_RELAY_PORT }}script: |whoamils -al- name: Kill VPN connectionif: always()run: |sudo killall openvpn
答案2
得分: 0
结果证明,在尝试SSH之前,我需要实际建立VPN连接,而不是将其作为SSH脚本的一部分使用,因此我只是添加了这一步骤:
- name: 建立VPN连接run: |sudo apt updatesudo apt install -y openvpn openvpn-systemd-resolvedecho "${{ secrets.VPN_CONFIG }}" > vpn-config.ovpnecho "${{ secrets.VPN_USERNAME }}" > vpn-credentials.txtecho "${{ secrets.VPN_PASSWORD }}" >> vpn-credentials.txtsudo openvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txt --daemonsleep 15
英文:
Turns out I needed to actually establish the VPN connection before attempting SSH not use it as part of the script inside the SSH so I just added this step:
- name: Establish VPN connectionrun: |sudo apt updatesudo apt install -y openvpn openvpn-systemd-resolvedecho "${{ secrets.VPN_CONFIG }}" > vpn-config.ovpnecho "${{ secrets.VPN_USERNAME }}" > vpn-credentials.txtecho "${{ secrets.VPN_PASSWORD }}" >> vpn-credentials.txtsudo openvpn --config vpn-config.ovpn --auth-user-pass vpn-credentials.txt --daemonsleep 15
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论